In five to ten years we’ll be reminiscing about what it was like to have to remember to pick up a gallon of milk at the store. Why? Picture this… You get in your car to drive home from work and your car alerts you that you should take a different route than usual. You see, you should go to the supermarket slightly out of your way because they have your preferred brand of almond milk on sale and your refrigerator detected that your current supply wasn’t enough to make the dish your spouse looked up on her phone just now. Think this is something out of the Jetsons? Think again.
There is an already flourishing genre of technology that makes this possible. It surrounds us. And it’s only in its infancy. Enter the Internet of Things (or IoT for the terminally cool among us).
You may have heard people talk about the ‘Internet of Things‘. But what is it? What are these ‘things’? What do they do? In this blog post I will provide an overview and set the stage for follow-on posts that will further dissect various aspects of IoT – all while providing a security perspective.
They say, “Think Big.” We say, “Think Secure”
In November 2014, Wired Magazine published an article about how the Internet of Things isn’t just the confluence of cool devices but rather an intelligent assembly of networks, sensors, software, data and intelligence for how to make sense of all that information. This complexity has led to a rather gradual development and deployment of devices. Ultimately though, when technologists discuss the Internet of Things, they are usually referring to the aggregate network of devices and not just the devices themselves.
One of the first major consumer markets where IoT devices have made a strong showing is in home automation. If you visit any major home improvement store you will find a sizable display showcasing so-called ‘smart’ thermostats, fire alarms, door locks, smoke/gas detectors, moisture sensors… and the list goes on and on. These devices promise the ability to make convenient changes based on programmable conditions. Know you are running 5 minutes late and your child will get off the bus before you get home? Don’t worry. Your house will sense your daughter’s backpack and unlock the front door so she doesn’t have to wait outside for you to get home. It will lock the door once she is inside and closes the door. It will send you a message saying she is safe at home. Want your house temp to drop down to 65 when nobody is home? Connect motion and audio sensors to your thermostat and program it to do just that.
It’s an awesome world we live in, right? Yes – if these devices were inherently smart and didn’t require the internet to do what they do. It’s just not that simple.
Connected Means Vulnerable
As security professionals we take great interest when information is passed between nodes on any network. When you boil it down, every IoT device is another network node. It would be easy to envision that these devices only communicate in a closed network protected by the boundaries of your home. Unfortunately that is just not the case. In the aforementioned situations, the motion sensors need to tell the thermostat when motion isn’t detected for a period of time. The door lock will tell your phone that your daughter is home – alone. How does this all happen? These devices, most of the time, rely on a powerful brain in the cloud to work.
Remember – the cloud isn’t inherently bad. But it isn’t inherently good, either. It’s a hammer that must be wielded with care in order to be used for the powers of good. In the wrong hands, it’s downright dangerous. The IoT devices receive, detect, determine and/or communicate sensitive information – over the Internet. And that is not to be taken lightly.
Wired was right – this is going to be huge. In future posts I will explore the different verticals where IoT is making an impact and what that means to you as a business leader, consumer, and technologist. We’ll also address some ways in which consumers can protect themselves without holing up in a bunker, squinting at the slivers of light in the scary world of connected convenience. IoT is the future. And the future is here.
Join the discussion One Comment