Sunday, July 13, 2014

Cyber-security: "The internet of things (to be hacked)"

As the kids might say: Ya think?
From The Economist:

Hooking up gadgets to the web promises huge benefits. But security must not be an afterthought
CYBER-SECURITY is now part of all our lives. “Patches” and other security updates arrive for phones, tablets and PCs. Consultants remind us all not to open unknown files or plug unfamiliar memory sticks into our computers.

The bosses of some Western firms throw away phones and laptops after they have been to China assuming they have been hacked. And yet, as our special report this week points out, digital walls keep on being breached. Last year more than 800m digital records, such as credit- and debit-card details, were pinched or lost, more than three times as many as in 2012. According to a recent estimate by the Centre for Strategic and International Studies, a think-tank, the cost to the global economy of cybercrime and online industrial espionage stands at $445 billion a year—about as much as the GDP of Austria.

Now a new phase in this contest is emerging: “the internet of things”. This involves embedding miniature computers in objects and connecting them to the internet using wireless technology. Cisco, a technology company, predicts that 50 billion connected devices will be in circulation by the end of the decade, up from 11 billion last year. Web-connected cars and smart appliances in homes are becoming more common, as are medical devices that can be monitored by doctors many miles from their patients. Tech companies are splurging cash: witness Google’s punt on driverless cars and the $3.2 billion it has spent buying Nest, a maker of smart thermostats.

Such connectivity offers many advantages, from being able to adjust your house’s heating when you are in the office (or more likely your bed) to alerting your doctor that your insulin level has risen. But it also gives malicious hackers an easy way to burrow deeper into people’s lives. The small, embedded computers at the centre of the internet of things do not have as much processing power or memory as, say, a smartphone, so security software on them tends to be rudimentary. There have already been instances of nefarious types taking control of webcams, televisions and even a fridge, which was roped into a network of computers pumping out e-mail spam. And security researchers have found ways of hacking into some kinds of medical devices and cars, though this still requires specialist knowledge and kit. The wireless heart monitor of Dick Cheney, America’s former vice-president, was modified to stop remote assassination attempts.

Beware the fridge in Ealing
For the companies building the internet of things, its vulnerability could be costly. The tactic of pumping out new software as fast as possible and then issuing patches later to fix flaws in the code may be tolerable if all that is lost is data, but if it involves personal safety, consumers will be less tolerant....MORE
This post is a good excuse to look back at one of the better pieces on security and the Internet of Things, last seen in our ""How Smart Houses And Big Data Will Change Real Estate Economics" (just wait 'til your house gets a virus)":

The Nightmare on Connected Home Street

Illustration: Getty
I wake up at four to some old-timey dubstep spewing from my pillows. The lights are flashing. My alarm clock is blasting Skrillex or Deadmau5 or something, I don’t know. I never listened to dubstep, and in fact the entire genre is on my banned list. You see, my house has a virus again.
Technically it’s malware. But there’s no patch yet, and pretty much everyone’s got it. Homes up and down the block are lit up, even at this early hour. Thankfully this one is fairly benign. It sets off the alarm with music I blacklisted decades ago on Pandora. It takes a picture of me as I get out of the shower every morning and uploads it to Facebook. No big deal. 
I don’t sleep well anyway, and already had my Dropcam Total Home Immersion account hacked, so I’m basically embarrassment-proof. And anyway, who doesn’t have nudes online? Now, Wat3ryWorm, that was nasty. That was the one with the 0-day that set off everyone’s sprinkler systems on Christmas morning back in ’22. It did billions of dollars in damage.
Going back to sleep would be impossible at this point, so I drag myself into the kitchen to make coffee. I know this sounds weird, but I actually brew coffee with a real kettle. The automatic coffee machine is offline. I had to pull its plug because it was DDOSing a gaming server in Singapore. Basically, my home is a botnet. The whole situation makes me regret the operating system I installed years ago, but there’s not much I can do. I’m pretty much stuck with it.

When I moved into my house in the 20s, I went with an Android-compatible system because there were more accessories and they were better designed. But then I changed jobs and now my home doesn’t work with my company-issued phone. Which is a bummer because I have to keep this giant 7-inch tablet around to control everything and Google doesn’t support the hardware anymore so I can’t update it and now the door just randomly unlocks. Ugh, I’m going to have to start using keys again.

I’d just reinstall the OS, but that would be too expensive. Besides, all my Nexus Home® stuff uses proprietary chargers, and I can’t deal with having Amazon drones come in and rip out the drywall again. 
Everyone thought the connected home would be Apple or Google’s game. Turns out, that was short-sighted. An Internet-connected thermostat? LOL. Of course it was entirely about who would gain control of your SmartWall. It was the thing that controlled the screens and the lights and alarm clocks and burglar alarm and outdoor atmospheric monitoring system and interior climate control and mirrors and irrigation system and solar collector and water filtration and grocery inventory management database and kitchen appliances and communications center and automobile docking system and exercise equipment and biofeedback monitoring and medicine dispensary and stereo that mattered. But in fairness, who could have foreseen the Microsoft-Samsung deal or its consequences?...MORE
See also:
Yeah, I Got "Your Smart Home": A Journalist Shows Us How to Hack the Neighbors
The Internet of Things: Everything Is Hackable
The Internet of Things: Huggies App Sends You a Tweet Whenever Your Kid Pees...
The Google of the "Internet of Things" (and Morgan Stanley's 96 page IoT report) SPLK; GE
Companies That Will Benefit From The Internet of Things
Questions From MIT's 'Internet of Things Festival'
Former Joey Ramone Infatuant Maria Bartiromo Says Bad Things are Coming to the Market
"Behind the 'Internet of Things' Is Android—and It's Everywhere" (GOOG)
Pew Research: "The Internet of Things Will Thrive by 2025"