The Internet of messy things

Credit to Author: Steven J. Vaughan-Nichols| Date: Wed, 03 May 2017 04:00:00 -0700

In the beginning, devices on the internet were fun. My favorite was the Carnegie-Mellon’s Computer Science Department Coke Machine. Starting in the 1970s, you could “ping” it to see if it had sodas ready and if they were cold yet. It was good, silly fun. Now everything except the cat* is hooked to the internet, and that’s not so funny at all.

Oh, sure, some internet of things (IoT) devices are enjoyable and useful. I have an Amazon Echo in my bedroom and a Google Home in my kitchen. I use them every day. But I’m aware of their privacy problems. You should be too.

For example, both devices are always listening to you. And when I say “always,” I mean every single second of every single day. In theory, they’re both just waiting for their activation phrases, “Alexa” and “OK Google,” respectively. In practice, that means they’re listening to you constantly.

I’m not too worried about this. Unlike with Windows 10 Cortana, you can tell these devices to stop listening. Of course, they’ll be a lot less useful that way, but at least you have the option.

No, what really concerns me about the IoT aren’t the new devices that are explicitly connected to cloud services, it’s the ordinary gadgets that are now listening in.

Take, for example, my Vizio M50-C1 50-inch 4K ultra-HD smart LED TV. It’s a fine TV, but until recently it was tracking my viewing habits and sharing this information with advertisers. Vizio wasn’t the only TV company guilty of snooping. LG and Samsung have peeked into your viewing habits too.

Even devices such as “smart” toasters — yes there is such a thing — can tell their vendors what time you make toast in the morning. Or, more seriously, a hacker camping in your internet connection can track your toasting habits to figure out when you’re not at home.

You see, IoT devices tend not to have any security to speak of. Heck, even IoT security systems have been shown to be as secure as a lock made out of rubber bands.

Leaving aside how much damage home IoT devices can do for their owners, IoT gadgets are becoming the agents of choice for massive distributed denial-of-service (DDoS) attacks. Who knew your DVR could help wreck a business over the internet? Hackers knew, that’s who!

If that weren’t bad enough, IoT firmware tends not to be updated at all. Once someone finds a security hole — and it can be as brainless as a single administrative password for all devices — it’s open forever.

Let’s say your gadget can be updated. IoT devices tend to be patched automatically by the maker. Do you really want to try to get a drink of cold water from your refrigerator only to be greeted by a “Update 32% complete” message? I don’t think so!

I love gadgets. I really do. But when it comes to the IoT, I prefer most of my devices to be dumb. They just work better that way.

* There are actually a lot of IoT cat devices. My calico, Mirabella Marvel, doesn’t like any of them.

http://www.computerworld.com/category/security/index.rss