Internet of things: Sillier and scarier and coming your way

How many software updates does it take to change a light bulb? What happens when a blast furnace gets hacked? Seriously: Security looms as the elephant in all of our IoT rooms.
Written by David Gewirtz, Senior Contributing Editor on
I'm a child of the sixties and seventies. But even those of you who grew up in the nineties can see the craziness of this situation.

How many of us, when we were growing up, had to install updates on our light bulbs? Or reboot the TV? Or add security updates to a refrigerator?

We are entering a new period where the things around us are going to be connected to the Great Cloud in the Sky. That's great, in some ways. That's not so great, in many other ways.

My wife and I recently standardized on Philips Hue WiFi-controlled light bulbs through much of the house. I used to use X-10 to control the lighting, but that required signals to travel over the AC wiring, a notoriously unreliable mechanism, especially when major appliances are running.

Now, we are able to tell OK Google, "May we please have some relaxing TV lights?" and the desk lights go off while the TV lights dim down to a pleasant glow.

Except for last night, when my phone was out of juice, and as a result, I had no control over our lights. Technically, I have a little box that can turn all the lights off or on (with no mid-level control), but for anything more, I had to wait the half hour until my phone charged up enough that it was willing to boot.

Some side-effects of this smart control can be helpful. We have a puppy night mode that will instantly turn off all the house lights, except for one in the bedroom and one in the great room, which dim to a very low purple. We can see the pup, but it doesn't interfere with sleep.

On the other hand, right after getting the lights, I got this great idea to write an IFTTT.com script that would set the lights to blue if we were about to get rain.

The first time the script triggered, it startled my wife, because suddenly, all the lights turned blue. The second time the script triggered, it was at about 4am and all the lights in the house turned on, waking us up. At my wife's "suggestion," that script was quickly deleted.

Security issues become interesting here. First, of course, there's the big data concern that Big Brother (or Big Facebook or Big Philips) is watching and recording all our activities.

It's far more of a concern with smart TVs, game consoles, smart phones, and devices like Amazon's Echo that can listen in to what you say, but even data about when lights go off and on can prove useful to hackers, especially if they want to sell that information to criminals.

Another security concern is the fact that IoT devices, both consumer and enterprise, tend to have substantially less security than the obvious computing devices, like PCs and phones.

CNET reported an instance where "routers, multimedia centres, televisions and at least one refrigerator" participated in a spam botnet blast that sent 750,000 emails to unsuspecting victims.

While consumer IoT devices are subject to hijacking, the real concern is in the enterprise.

Many hospitals and doctor's offices are still running Windows XP, even though that OS is long out of date and subject to serious security flaws. Many industrial controllers are also still running XP, making them potential targets.

But at least those were machines known to be based on PC software. As we look to the future, how many sensors, switches, actuators, gauges, and couplings will be IP-based, and therefore will be accessible to the Internet?

Already, thieves are hacking in and disabling alarm systems. How bad will it get when these IP-accessible devices are 10, 15, 20 years old, left in place, and without any maintenance? How many signals can be faked or blocked, and how many people will get hurt?

This stuff starts to take on disaster-movie undertones when you realize that the "things" in Internet of Things can range all the way from light bulbs to blast furnaces. In December, a German steel factory was hacked, the control system for a blast furnace was seized, and the operators could not safely shut down the burn, resulting in substantial damage.

So where does that leave us?

We know, beyond a shadow of doubt, that given the opportunity, bad guys will take advantage of weaknesses in our security. We also know, almost without doubt, that consumers and enterprises will probably not go the extra mile to protect their IoT devices, either because that would be complicated, tiresome, or too costly.

That leaves a lot of refrigerators, alarm systems, and blast furnaces open to compromise.

Our best answer is insisting our vendors build security into their systems as a core design requirement. There is just no reason, for example, that home wireless alarm systems transmit data in unencrypted form. There is no excuse for poorly designed systems that don't place encryption and security at the top of the priority list.

After that, it's diligence. Keep an eye on everything, update regularly, and hope for the best.

Either that, or you could try to go off the grid. It seems like a wonderful idea to me, but then I remember that I can't seem to go two hours without my smartphone. Sigh. I guess we'll just have to stay on the grid, but also stay alert.

Having to be a little more diligent isn't really a bad deal, considering what you get. In my case, I'm able to, with arms around my wife on the couch, tell my phone to give us some romantic lighting -- and have it happen on command.

By the way, I'm doing more updates on Twitter and Facebook than ever before. Be sure to follow me on Twitter at @DavidGewirtz and on Facebook at Facebook.com/DavidGewirtz.


Why you should really stop charging your phone overnight

Why you should really stop charging your phone overnight

I loved driving the Hyundai Ioniq 5 and Kia EV6, and there's only one reason I can't buy one

I loved driving the Hyundai Ioniq 5 and Kia EV6, and there's only one reason I can't buy one

Electric Vehicles
How to spot a deepfake? One simple trick is all you need

How to spot a deepfake? One simple trick is all you need

AI & Robotics