Technology pundits in the media are telling us the “Internet of Things” is close at hand. Soon we will all have sensor-filled, IP-addressed magic boxes scrabbled about our homes. “Smart” appliances will keep you apprised of their status, emailing you to let you know you need milk. Or even tweeting the status of your dryer cycle as #complete.
The brain driving these modern miracles isn’t your typical Windows™ operating system, but more likely a highly modified open source or proprietary embedded operating system. In and of itself, that’s fine.
The problem lies in the fact these systems were never designed with security in mind or, even if they were, when vulnerabilities are discovered, they are rarely closed. Many of these embedded systems simply cannot be managed, let alone patched, by the end user.
So what’s the big deal if one of your appliances becomes a pawn in some crazy Russian bot-net scheme? Maybe no big deal at all. But multiply that by all of the smart appliances in your home, and all of the smart appliances in your neighbors’ homes, and all of the homes across the country, and suddenly you have a massive nation-wide distributed-denial-of-service attack waiting to happen.
Or, worse. How would you feel if your dryer was hacked to sniff all of the data packets traveling across your home network and send the seemingly interesting bits to some nefarious individual across the globe, or worse yet, a nosey neighbor across the street.
I can’t guarantee the appliance manufacturers of the world are not considering all of these issues. But I can guarantee that should a massive security hole be found in 30,000,000 refrigerators, very few normal people will be taking the time to download and install a firmware patch, if such a patch even exists.
No one loves technology more than I. But as long as manufacturers still offer “dumb” appliances, I will be passing on the “Internet of Things”.