[From the last episode: SecurityRefers to whether or not IoT devices or data are protected from unauthorized viewers. is largely (but not exclusively) designed for protecting data – at rest, in motion, and in use.]
IoTThe Internet of Things. A broad term covering many different applications where "things" are interconnected through the internet. device makers now face the challenge of adding security to devices that never had to be secure before. As we’ll see, this is partly for protecting data that may not even be in your device – but it’s not something that these designers are eager to have to add.
Security adds cost and complexity. Most makers of devices have never had to learn about security before. Often, they’re just getting started with adding complex electronics (say, to a washing machine). Security becomes just one more hassle – and a complex hassle, even for experienced engineers. It’s easy to say, “OK, I get that I should probably build in some security, but… let’s get something out and working first, and we can upgrade to add security later.”
That’s typically not going to work. Device security is so fundamental that it has to be worked in from the very start.
Securing the Weak Link
They may also say, “Hey, I’m just making a stupid thermostat. Who the heck is going to want to hackThis can mean a couple things. A quick-and-dirty (but not elegant) trick to get something done is a hack. A computer security break-in is also a hack (because inelegant tricks are used to break in). It can be a noun or a verb ("he hacked my computer"). a thermostat?” Well, that hackerA misused, but common term for an unauthorized person trying to break into a device or network. Originally, in this context, "hackers" referred to the good guys (or "white hats"), while "crackers" were the bad guys (black hats). may not be interested in the thermostat. But if the thermostat is connected to a networkA collection of items like computers, printers, phones, and other electronic items that are connected together by switches and routers. A network allows the connected devices to talk to each other electronically. The internet is an example of an extremely large network. Your home network, if you have one, is an example of a small local network. that then connects to some major data store (or anything else of value), then the thermostat may simply be the weak link that allows someone on.
Here’s an example article about possible hacking through Nest thermostats. It gets into a bit of jargon, but it illustrates the issues.
Here’s an analogy: you provide good locks for your house to keep out intruders. But someone sees that you have a ladder up along the side of the house, right under the attic window. They say, “Dude, someone could get in that way!” And you say, “I’m not worried – there’s nothing of value in the attic.” Problem is, they’re not interested in the attic. They would just use the attic as a way to get to the restA way of programming that has evolved out of web programming, and it’s more abstract than other older languages like C. of the house, where the valuables are.
Making Sure No One Else Can Control your Devices
While data is an obvious target for hackers, connected devices pose yet another risk. Yes, that thermostat could provide access to somewhere else on the network. But it also controls the temperature of your house. If someone hacks it, they could mess it up so that it keeps the furnace on all the time in the middle of a hot summer. Or so that the furnace never turns on in the dead of winter. Either case would, at least, cause discomfort – and might injure or kill someone (or pets) that couldn’t get out or fix the problem. And, in the summer case, your heating bill would be outrageous.
Here again, I’ve used home devices to illustrate these points. But they apply equally well to industrial IoT devices – whether connected pumps or jet engines or heart monitors.
So there are many reasons to protect everything that’s connected. And that’s not an easy task. We’ll dig deeper in future posts. But, to be clear, most of this is the responsibility of whoever builds the gadget you buy, and it should be hidden to you and “just work.” But you also have some responsibility: setting good passwords is the best example.
Leave a Reply