Web Software Vulnerabilities and the Internet of Things

At this point, most folks who are a bit technical have heard of the “Internet of Things”.  (IoT)  The idea is that most every electronic device you own will be connected to the internet, things like your watch, fridge, TV, thermostat, alarm clock, etc.  You can then control or monitor all of this stuff online.  An interesting concept to be sure – even if its not the most practical in many cases.

Tonight, I read an article on DZone that expressed fear of future attacks after the revelation of the Heartbleed vulnerability.  Specifically fear of what might become of the future IoT where most of our devices are all internet connected and in some way or another use the internet.

The concept was, basically, what if hackers find ways to attack these devices?  If history proves a guide to the future implementation of these devices – they will all use commodity hardware and software – similar enough that if one is hacked, they might all be.  In general, I think he’s probably right on this count.  Most of the IoT will probably use cheap commodity hardware and software.

But, hackers don’t generally hack just to hack.  Most of the time, they are hacking for profit or politics.  Hackers attempt to hack things like SSL, or banks, or ATMs or eCommerce sites because they can steal things from them.  Or, they are hacking because they have some idealogical issue that motivates them.  It is truly rare for a hacker to hack just for fun or to mess with someone.

For example: No one is going to spend significant amounts of time finding ways to hack someone’s internet connected coffee machine.  Why would you bother?  There is no profit there.  Sure it would be funny to mess someones coffee recipe up or make their coffee brew at 2am, I guess.

But no one is going to waste any kind of time to actually do this – and if they do, you just remove the coffee machine from your Wi-Fi.  Problem solved until … Mr. Coffee issues a patch and then problem really solved.  I think this will be the pattern for any IoT device security issue in the future – pretty much just like every other kind of security issue we have now.  It gets discovered, analyzed, patched and fixed.  No need to make a mountain out of a mole hill.


Bookmark the permalink.

Comments are closed.