This has been an interesting summer in the computing world. The first item that caught my attention was the hack of Jeep by some white hat hackers (http://www.wired.com/2015/07/hackers-remotely-kill-jeep-highway/ if you haven’t already seen it). When I first heard that Audi was allowing an Internet connection from their Audi A6 vehicle some time before the Jeep hack, my first reaction was “Now I have to find a firewall for my car???” I knew other manufacturers would follow and it would be the newest “neat” feature.
Talking about the above hack with a friend of mine that just bought a new Chevy Impala, he said that he wasn’t concerned because the OnStar™ wasn’t connected to any of the engine systems. A few days later I caught a news story talking about how OnStar slowed down that had been carjacked so the police could capture the thief. Here’s a story on how the new technology works http://www.geek.com/mobile/onstar-now-slows-down-stolen-vehicles-1373845/ . So much for that theory.
A month or so later I was at CompTIA’s ChannelCon2015 event in Chicago and one of the session titles was “Refrigerators Telling Secrets: How the Internet of Things Will Change Privacy”. Of course I went to this session. Tim Hahn, a Distinguished Engineer at IBM presented on some of the basics of what his group was doing. Basically, he described the Internet of Things (IoT) as being the same thing that has been done by process control machines for decades. The difference is rather than the connections being wires running to a computer, the devices are reporting to the control computer over the Internet. The biggest problem is that people programing these devices are looking at resolving the problem they have been presented rather than the security problems they could be creating.
This is nothing new. We saw this with web browsers way back in the last century. One thing I learned early on in my software development career is that you never know what users will do with the code you write. They will find ways of using that code to do things you never thought about. So whatever you write, you need to think of security with the same priority that you do fulfilling the task you are trying to accomplish.
So as an end-user what can you do? Do you really need a refrigerator to tell you that you need milk? Do you have to adjust the heat in your house from your office? But we know people will want the convenience and not care about the cost. How many of you don’t like that people know where you are all the time, but don’t turn off the GPS on your phone? What you need to do as a consumer is make yourself aware of what you are giving up and make an informed decision on what you feel comfortable with giving up.
Of course, as soon as I posted this, a new hack was announced (http://www.wired.com/2015/08/hackers-cut-corvettes-brakes-via-common-car-gadget/). At least in this case, you have to install a gadget before you can get hacked. Better check with your insurance company if you have one of theirs installed.