The Internet of Unsupported Things

in #technology8 years ago

There are an insane number of devices connected to The Internet, and it's growing at a crazy rate. In 2012 Cisco estimated around 8.7 billion, and that figure in 2015 jumps to a massive 15 billion.

Think about that for a second.

In three years, the number of devices has grown 58%. If that were to continue, in 15 years there'd be a staggering 146.1 billion devices!

You're living at the dawn of The Internet of Things. Your fridge. Your toaster. Your thermostat. Your car. You washing machine. Your dishwasher. Even your lightbulbs will be connected.

On the one hand this is really cool. You can control your lights with your phone, and by mining all the data from these devices, perhaps your food shopping can be ordered by your fridge, or your electricity meter can find a cheaper electricity plan? Even your baby's nappy can tweet when it needs changing!

On the other hand, it presents a problem: to a hacker they all become computers that can be hacked and controlled. In fact, it's already happened:

In this case, hackers broke into more than 100,000 everyday consumer gadgets, such as home-networking routers, connected multi-media centers, televisions, and at least one refrigerator, Proofpoint says. They then used those objects to send more than 750,000 malicious emails to enterprises and individuals worldwide.

How on Earth is anyone expected to keep these things secure? Most people have trouble keeping their browsers up-to-date, to the point that browsers are now updating themselves automatically. Even assuming these devices can update themselves, they won't be supported forever. There will come a point in every device's life where it'll be abandoned by its manufacturer, replaced with a newer model, and vulnerabilities will no longer be patched.

The Internet of Compromised Things will be compounded by The Internet of Unsupported Things. An Internet where so many of its connected devices are unsupported and vulnerable. And manufacturers have zero incentive to do anything about it. For decades products have been designed to fail:

Planned obsolescence or built-in obsolescence in industrial design is a policy of planning or designing a product with an artificially limited useful life, so it will become obsolete, that is, unfashionable or no longer functional after a certain period of time.

By ending support for Internet connected products, manufacturers are putting users in a precarious position. Although your fridge may work perfectly, it may require replacing due to a software security flaw that will not be patched.

So what can be done about it? Not much.

Manufacturers can't be expected to support products for eternity, there is a reasonable shelf-life to everything we own. On the other hand, giving users more control over what they buy will certainly help.

By open sourcing the software used in products users will have a chance to fix the problems, or at least find someone who can do it for them. But this requires a huge change in practice from manufacturers that have very little to gain and a lot to lose.


Vote for me as witness to show your support.

Sort:  

oh, most people are ignorant - unless they fall victims to exploitation. there is no security, afterall. anything can be penetrated - some 'things' easier, some more difficult...but most 'things' pretty easy. there are a few measures one can take to become more secure - but not totally secure. there's too much to be said about this. I'd recommend anyone interested in the subject to read Marc Goodman's book Future Crimes so they get in touch with reality...

If you can't be 100% secure, when is a breach acceptable? When has a reasonable amount of work been done to make a system secure?

Thanks for the book recommendation. I'll check it out.

In the race to the bottom support will not get a priority. People want cheap gadgets, but a connected device is likely to need updates at some point. There's also the issue that people want it to be simple to set up and that is likely to compromise security too. Default passwords will not be changed.

It might to help to use open source in these devices and have some generic service that can provide updates to the security critical software. But the big companies probably prefer to do their own thing.

ISPs could monitor for suspicious traffic that indicates that a device has 'gone rogue', but they may not want to do that. I've heard that some of the gangs running botnets of devices are patching them to prevent other gangs taking them over. It's anarchy out there!

I'm just waiting for the chaos when cars become hackable.

I don't think usable should also mean insecure, but I understand your point: the focus is on the first, and security gets minimal attention. Eventually companies will be in a position where security will have to be given more focus or they risk it being regulated.

I have noticed over the years that, for example, default passwords aren't hardcoded but instead based on the serial-number printed on the device's cover; some even go as far as forcing a password change. Small changes like this go a long way.

This post has been linked to from another place on Steem.

Learn more about linkback bot v0.4. Upvote if you want the bot to continue posting linkbacks for your posts. Flag if otherwise.

Built by @ontofractal