If you’ve been following tech news, you’ve probably heard of IoT, the Internet of Things. In case you haven’t, IoT refers to the latest generation of “smart” devices which encompass everything from smart lightbulbs to smart refrigerators to smart thermostats and smoke detectors. All of these devices are designed to connect to the Internet and the other devices in your house to enable intelligent behavior.

Imagine sitting down on the couch to watch Netflix and your lights automatically dimming as the movie starts. Imagine walking up to your front door and your phone automatically unlocking the door because it has recognized your home network.

That’s the dream of the internet of things.

It sounds pretty good doesn’t it?

If you were thinking that sounds too good to be true, you were right. Not because those products don’t exist, they all do (well, you’ll have to do a little tinkering for the Netflix one) but because most of these devices have huge security vulnerabilities. Once these devices leave the factory, most will never receive a software update or if they do, you can bet security updates will stop as soon as next year’s model ships. That might not sound too bad to you, but do you remember Heartbleed, Shellshock, or POODLE?

It’s safe to say that 2016 will have at least one major security vulnerability that will affect most of the IoT devices out there.

Security Last

If that’s not bad enough, many IoT devices come with poor or no security at all. Username and password combinations of “admin” and “admin” are common, allowing anyone to access the device. Matthew Garret, a security developer at CoreOS, on a smart lightbulb he bought, “[it] has a cloud access protocol that has no security whatsoever and also acts as an easy mechanism for people to circumvent your network security. This may be the single worst device I’ve ever bought”.

His Twitter feed is a graveyard for IoT security

The Rise of the Machines

It’s not hard to imagine malware making use of these insecure devices to spread from network to network, house to house, infecting your lightbulbs and using them as a beachhead for assaults on your computers. Or worse, causing physical damage to your property, for example, by overheating or triggering defects in the physical hardware itself. Or silently betraying your privacy to anyone interested enough to listen. The smart lock on your front door could be hacked to open for anyone. The smart fridge that lets you record voice messages for your family could be hacked to record everything said in the kitchen. The smart TV that lets you Skype with friends could be hacked to constantly stream video to the internet.

The Internet of Things has many amazing gadgets but the implications of its currently poor security on our safety and privacy are huge. Hopefully as it matures, manufacturers will give their devices’ security the level of attention it deserves. Until then, the internet of things will remain the internet of vulnerable things.

About Josh Yeager, COO

As HighGear’s COO, Josh is responsible for managing the Product Development, Professional Services, and Customer Support teams. His eye for detail and quality are what drive the company forward in its pursuit of excellence.
He’s been at HighGear since the very beginning, helping to build it from the ground up as its co-founder. First, he was responsible for leading product design, but as the company and his experience grew, he took on more management responsibilities, eventually becoming HighGear’s Chief Operating Officer.
He’s a graduate of the University of Maryland. Prior to HighGear, Josh worked on veterinary pharmaceutical reference software and custom business applications.
He’s married to his beautiful wife, Tara, with whom he has four children. In his free time, Josh loves nothing more than enjoying a good book.

Schedule Consultation