• United States




Anyone want a pair of network-connected jeans?

Jan 20, 20174 mins
Internet of ThingsIT SkillsSecurity

The IoT gold rush is on and companies are rushing to get their share of the action.

Lately I’ve been checking out several of the new Internet of Things (IoT) products that are being sold. The pace at which these devices are being released and the potential for messing up royally has made me extremely curious about them.

I find myself reading how these devices work and what you can do with them. These thoughts have also included how these things could be abused and misused. Recently I drove down the freeway and realized that the digital billboards could be considered IoT. It’s a really large thing, but the billboard company is pushing those ads to the screens somehow. Do you remember the road maintenance signs being changed to warn of zombies ahead? Just think how that could look on a 14-foot-high and 48-foot-wide color screen!

In the rush to push out new devices, I anticipate seeing unexpected events and interactions occurring with them. For example, as soon as 2017 kicked off we heard news of a 6-year-old girl ordering a $170 dollhouse and a bunch of cookies. The parents were a bit surprised, but they handled the situation.

You could argue that wasn’t all that shocking since they had left the voice purchase feature enabled. The unintended event was when a TV reporter in San Diego said, “I love the little girl saying ‘Alexa order me a doll house’.” Yup, you guessed it. The Alexa enabled devices in San Diego that heard this from the TV immediately started ordering doll houses! Of course, this was not on purpose.

Amazon obviously wants to make it easy to purchase things and the TV reporter was simply sharing some novel news. Unfortunately, no one had realized that something being said on TV could cause Alexa to place orders for viewers.

Recently, I saw someone on Twitter post the phrase “Internet of Stupid Things” in reference to an IoT hair brush. Apparently this hair brush offers vibration feedback when the owner uses bad hair brushing technique. This sounds like someone desperately looking for a way to make an IoT product and not making it. Internet of Stupid Things indeed! Just because you can do something doesn’t mean that you should.

I also heard something about IoT jeans, which was so silly sounding that I just had to check into it. Samsung got pretty clever with their April Fool’s joke last year and published news of their “Internet of Trousers”. One amusing feature suggested was “Wi-Fly”, which tells you when you forgot to zip up.

I giggled when I read the description of another named the “Get Up! Alert”. This feature would have sent you notifications when you’ve been sitting too long. That’s funny enough, but Samsung took it a step further. If you were to sit for more than three hours, the trousers would send “mild electrical shocks” from your back pockets to encourage you get a move on!

I really want to see someone’s reaction the first time they get hit with that feature! Of course you would need to charge these jeans. “Hey, do you mind if I plug my pants in here? The batteries are running low.”

While the IoT(rousers) was a clever gag, the security ramifications of IoT devices are real. Now you can be spied on from an inexpensive drone that is connected back to a smart phone with a WiFi connection. I haven’t bought a drone (yet), but I did notice that the default wireless mode on most of these devices is to not use encryption.

While I haven’t tried it yet, I suspect that sniffing these signals to capture the video is possible. As is the chance of control being overridden and watching your $500 (or more) drone fly away from you.

Shenanigans are certain to occur as the latest tech “gold rush” franticly tries to find the next “big thing”. Whether it be unexpected ads on billboards, posteriors getting zapped or drone abuse. Watching all this should be interesting, potentially hilarious and a bit alarming.


Jason Wood is the founder of Paladin Security and the principal security consultant. He performs security research, penetration tests and conducts online security training. Prior to starting Paladin Security, Jason was a principal security consultant with Secure Ideas. At Secure Ideas he performed penetration tests for clients in a wide range of industries. These include health care, financial services, SaaS businesses, government agencies and critical infrastructure.

He has over fifteen years of experience in security and systems administration. Because of this experience he is able to offer solutions to difficult security issues that are based on practical experience.

Jason has also spent a number of hours in front of an audience presenting on security topics at conferences and in classes. He has presented at Derbycon, MIRcon, Security BSides, SaintCON, OpenWest and others. Before coming to Secure Ideas, Jason taught classes on vulnerability management, event monitoring, and configuration auditing for Tenable Network Security. He also has been a mentor for SANS Security 504 – Hacker Techniques, Exploits and Incident Handling.

Jason spends his time researching the security IOT devices, figuring out how to break into systems and generally tinkering with technology. When he's not on a computer, you can generally find him mentoring high school students in computer security and working on model railroading.

The opinions expressed in this blog are those of Jason Wood and do not necessarily represent those of IDG Communications, Inc., its parent, subsidiary or affiliated companies.