• United States



Welcome to the Internet of stupid (hackable) things

Nov 30, 20155 mins
Cloud SecurityInternet of ThingsMobile Security

The rise of IoT technology brings with it the promise of innovation the likes of which we’ve never seen. But the reality of everything being connected can have unintended consequences, not all of them useful.

It’s easy enough for technology writers to get breathless when writing about the Internet of Things. The headlines almost write themselves – a gee-whiz technology that takes “dumb” everyday objects, puts a chip into them, and makes them “smart.” And when everything is connected to and communicating with everything else, our lives will be immeasurably easier, infinitely more efficient and productive … yadda yadda yadda. 

Except, maybe, the Internet of Things is starting to show its flaws, not just in giving us things and connectivity that we don’t really need, but also in creating security gaps that never would have existed before, and putting people and your company at risk. 

“It’s better to have something not connected and secure than connected and unsecure,” says Rob Enderle, technology analyst of the Enderle Group and regular contributor to “Security should come first and then connectivity, not the other way around.” 

Useless links

+rehabstudio, a creative technology company that has worked with Google, Starbucks, Facebook and Twitter, created the (very satirical) Internet of Useless Things website to show how ridiculous those things can get. The project was inspired by attending the Consumer Electronics Show a couple years ago. 

“Every manufacturer had an Internet of Things product that didn’t have any reason for it to be there,” says Tim Rogers, founder and creative partner of +rehabstudio. “A lot of them didn’t really make sense.” The subhead of the website project: “Connected doesn’t mean useful.” 

His favorite item on the website is a bookmark. “Whenever you place it in the book, it stores the page number in the cloud. You get a text message if you want to know what page of the book you got up to,” he says. “It’s funny and useless.” 

[Related: The Internet of Things now includes the grocery store’s frozen-food aisle] 

Rogers says that +rehabstudio created the website as part of one of the company’s regular hack weeks, but to also showcase their principles of what makes a product useful: being smart and adaptable; designed for humans; secure and trustworthy; invent or improve; and apt and appropriate. 

Danger in hooking up

It’s the “secure and trustworthy” principle that’s tripping up some companies rushing to get the next new thing into the market, without creators of those products always thinking of the possible consequences. 

For Chrysler, those consequences have been costly. In July, two security researchers remotely got into the software – and took over the control – of a Jeep Cherokee, leading to the recall of 1.4 million vehicles

“That’s a good example of [how] they just didn’t think through the security aspects,” says Enderle. 

That doesn’t mean that cars can’t use this kind of technology, he says, but which systems to link should be thought through in terms of the possible consequences of a hack.  

“Entertainment systems, if they get hacked, maybe a users’ music doesn’t work,” says Enderle. “A car’s control system has to be much more secure because if it gets hacked, the user ends up dead.” 

This goes beyond cars, too, when it comes to personal use of the Internet of Things. Enderle points to something many new parents have: baby cams. If they’re connected to the Internet and not secure, “you don’t want people to watch baby cams to see if you’re home or not. Same thing with company security systems. You probably don’t want those out on the Web.” 

The CIO connection

Of course, not everything on the Internet of Things is useless, and security of those connections is becoming more important for CIOs as more facility systems become web-enabled – and not just in security cams. 

If you’ve ever watched an episode of Arrow, you know that there are pretty blond MIT graduate computer hackers itching to get into your system and turn off the lights to help a hooded vigilante take our your CEO for having failed this city. 

[Related: The Internet of Things comes to the NFL] 

OK, perhaps something a little less nefarious. But there still is danger of linking something like your lights to the Internet without making that link secure, says Brian Chemel, co-founder and CTO of Digital Lumens. That’s why security of the Internet of Things in a corporate environment is just as crucial as the security of your baby cam or your car. 

“Inside a building, lighting’s pretty important,” he says. And he’s not just talking about emergency lighting. Think, he says, about manufacturing spaces. 

If a network isn’t secure, “a bad actor might be able to hack in and turn off all the lights,” he says. That could put your employees’ lives at risk. 

This means that CIOs should be part of the conversation when facilities starts thinking about making their systems part of the internet of things. This isn’t always an easy connection to make, says Chemel, because it hasn’t been needed before. 

“As facility types think about employing connected devices in the building environment, they need to build relationships with IT. They haven’t in the past,” he says. “They haven’t had to think about security. They haven’t had to think about bandwidth connectivity for third party vendors.” 

It’s not an impossible bridge to gap, he says – he’s helping his clients do it all the time – but it’s an important one.