Breaking News Bar
posted: 12/29/2013 7:00 AM

Linking products online increases your security risk

hello
Success - Article sent! close
  • From ovens to garage doors to insulin pumps to vehicles, many of our devices are going to be connected to the Internet in the same sense that our phones are now. And that could make us vulnerable.

      From ovens to garage doors to insulin pumps to vehicles, many of our devices are going to be connected to the Internet in the same sense that our phones are now. And that could make us vulnerable.
    Bloomberg News

 
By Brian Fung, The Washington Post

Ten years ago, the word "smartphone" didn't exist. By necessity, neither did the word "dumbphone."

In a decade, we might talk about all of our appliances in similar ways. From ovens to garage doors to insulin pumps to vehicles, many of our devices are going to be connected to the Internet in the same sense that our phones are now. Certain such products are already on the market; one company, SmartThings, sells devices that help consumers control their lights and locks while they're not at home, for example. Eventually, these items will respond to signals from one another independent of human input. Your bathroom scale might tell your refrigerator that you're overweight, and your fridge might start recommending healthier recipes.

Order Reprint Print Article
 
Interested in reusing this article?
Custom reprints are a powerful and strategic way to share your article with customers, employees and prospects.
The YGS Group provides digital and printed reprint services for Daily Herald. Complete the form to the right and a reprint consultant will contact you to discuss how you can reuse this article.
Need more information about reprints? Visit our Reprints Section for more details.

Contact information ( * required )

Success - request sent close

That could be great, but it also vastly expands the universe of things that could go wrong, particularly when it comes to privacy. This might seem obvious, until you consider that many of the businesses that make these devices have never really needed to worry about securing their products before. Take dishwashers. At heart, they're very simple machines. But a hacked dishwasher might start running on overdrive, going through multiple cycles, wasting gallons of water and costing you extra and possibly flooding your house. Although the folks who make dishwashers may be fantastic engineers, or even great computer programmers, it doesn't necessarily imply they're equipped to protect Internet users from the outset.

"It's not just that the consumers don't understand the technology," said Jeff Hagins, co-founder of SmartThings, at a Federal Trade Commission workshop Tuesday. "It's also that the people building it don't understand it." Hagins added, hypothetically: "Just because I know how to write PHP (programming) doesn't mean I understand these vulnerabilities at all."

The same holds true for the auto industry, where many companies have begun to experiment with new technologies that let cars communicate with one another. Tadayoshi Kohno is a researcher at the University of Washington who's spent a lot of time deliberately hacking into cars to test their vulnerabilities.

"Very often we see sectors of the broader industry that are not computer science experts starting to integrate computers into their systems and then start to integrate networks into those systems," said Kohno. "Because they don't have experience being attacked by real attackers, like Microsoft and so on, their level of security awareness ... appears to be dated."

Hacking is just an extreme case. Short of that, there are all kinds of security problems that could crop up in an Internet of Things situation. Many of these devices are pumping out vast amounts of data. According to Hagins, a modest 10,000 households have SmartThings installed. Together, those homes produce 150 million data points a day. The information may be relatively mundane, such as battery levels or temperatures, but as with any kind of data, in the aggregate it can produce extremely detailed profiles of your behavior.

As early as 2010, Siemens said it was capable of using its smart meters to learn some pretty incredible things about our energy usage: "We, Siemens, have the technology to record it every minute, second, microsecond, more or less live ... From that we can infer how many people are in the house, what they do, whether they're upstairs, downstairs, do you have a dog, when do you habitually get up, when did you get up this morning, when do you have a shower: masses of private data."

Securing that data is something that even big-name tech companies struggle with. So how do we fix that?

One difference between data-hungry businesses like Google and your future home network of Internet-enabled objects is that some of those devices may not need to talk to each other over the public Internet, said the Electronic Frontier Foundation's Lee Tien. If they're connected to the same Wi-Fi network, maybe those devices won't need to transmit data across the Web.

"Utilize but keep the data within the home boundary," Tien suggested. "Keep the interesting variations within the home boundary. How much detail do we need and how much data needs to leave the home, actually?"

That raises another potential problem, though. If your home Wi-Fi password is all that stands between a spy or hacker and your networked devices, you wind up with a single point of failure.

"You're relying on the end user having a secure Wi-Fi connection," said Craig Heffner, a security researcher at Tactical Network Solutions. "You're trusting that stuff to have been engineered properly."

That leaves you pretty much right where we began -- at the mercy of the manufacturer.

Share this page
Comments ()
Guidelines: Keep it civil and on topic; no profanity, vulgarity, slurs or personal attacks. People who harass others or joke about tragedies will be blocked. If a comment violates these standards or our terms of service, click the X in the upper right corner of the comment box. To find our more, read our FAQ.
    help here