“Hey you there little girl…this is your baby monitor speaking and you are *not* the cutest baby on earth, no matter what your mommy says…”
The recent news about someone hacking into a baby monitor in Texas has drawn all kinds of response from all sectors of the media. They range from the “So what?” by guest blogger James Norton on the Christian Science Monitor to the “It’s Incredibly Creepy” article on MSN Now. All those are interesting views, but as a technology industry geek, the first things that ran through my mind wasn’t about this poor 2-year old girl (though I am a mom…) but rather on the security implication of the “internet of things”.
David Meyer’s article on GigaOm is in-line with my own thinking on this topic. We are connecting our baby monitors, thermostats, and even home security systems to the internet rapidly as everything becomes a part of this “internet of things” where all devices connect to the internet and can be control by us remotely via our mobile. But in our rush of excitement to connect everything (at least for people like me, we *live for* a connected lifestyle and practice this “internet of things” experience daily…) one of the things we push back thinking about is security. Today, it’s a hacker yelling crazy things to a baby monitor, but imagine the implications of a hacked home security system or a connected car.
I call on those of us who work on connected life products to make sure we keep security top of mind as we work on our products. And for goodness sakes hackers, find something better to do than to hack into a baby monitor….
The internet of things is called “job security” for those in the security business. The concerns come down to three broad issues
1) Many of these things are being designed by people with no experience building hardened devices connected to a hostile network, they will have holes in them.
2) Many don’t have any way to auto update and users will not remember to update the firmware in every device they own so the vulnerabilities will persist for years.
3) The things become vectors for attacks on high value targets either DDoS (cable modems were used recently as a DDoS vector) or and jumping off point to compromise devices that have or transmit high value data like banking passwords.
It’s hard to see how, in the current world, some spectacular meltdowns won’t happen. I’m waiting for the first hacked xbox cam sex tape to hit the net and the first house burned down due to hacked home automation system. Bets we see both by the end of 2014?