While I have been pointing out the risks of using Smart Devices and adopting the Internet of Things (IoT) over the past year, there has definitely been a gathering recognition among the security industry – and now the news media – about these risks. Certainly, the high profile outage of Twitter, Spotify, Pinterest, Google and Netflix last week focused attention on the security vulnerabilities within IoT devices. Now people are starting to realize the potentially scary scenarios that are just wait to happen thanks to the poor security around these devices.
It’s great that more people now share my concern, and many are trying to identify solutions. But here are my reasons why many of the devices you’ve already purchased may always be vulnerable – and you may need to throw them away to stay safe.
Reason 1: The economics of small consumer goods means you can’t upgrade them
We all know that consumers are fickle, and many of us do not buy inexpensive household goods for their quality – we often buy the cheapest things we can find, knowing that they may break or wear out sooner than better quality products. But in the case of consumer electronics, I think we do this more than with other products, because the cost to replace them is fairly low.
So, manufacturers of low-cost electronic devices like light bulbs, toasters, coffee makers, and especially toys, have no trouble ignoring security issues, because they know many people want the most features, for the lowest price. You may not have expected your new Smart Light Bulbs to need replacing quite so soon, but the manufacturer simply isn’t concerned with anything other than enabling the features you wanted in the product. You didn’t explicitly ask for them to be secure, so the manufacturers didn’t build in security.
Furthermore, because of the low cost design of these devices, there is literally no way for the average consumer to upgrade the software within them. Eventually, the manufacturer might publish a set of instructions for upgrading a device, or some altruistic techno-geeks will figure it out and post similar instructions for some devices, these methods will not be something the average consumer would be able to undertake. If they wouldn’t attempt to jail-break their smartphone, they certainly wouldn’t want to crack open a molded plastic casing and run a package installer, or flash new firmware on a toaster. So, if you want one that’s secure, but yours can’t be upgraded, you’ll need to replace it.
Reason 2: If a product is built to only ever use one password, or no password, there’s virtually no way to make it secure
Many of the original IoT devices were built with so little regard for security that they all use the same password, if they use a password at all. Without using at least some kind of password (or shared secret) that can be set or changed, anyone may be able to figure out how to access the device or take over control of it. You may have noticed that some devices that use Bluetooth to enable wireless connections always use the same access codes, like 0000 or 1234. This is usually because the manufacturer built the device to be easy to use, right out of the box. In some cases, this may make sense, if you can be sure that nobody else is able to access your device when it is being paired with other devices. But sometimes this isn’t the case. There have been cases, where the password is essentially a unique set of numbers or characters printed on the bottom of the device. That’s often a bad sign.
So, if the device has no password, or you can’t change the password it uses, it’s always going to be vulnerable to attack. You’ll need to throw it out and buy a new one that was built with at least the ability to change its password.
Reason 3: The powerful computers inside may be too easy for attackers to exploit
If the manufacturer of your device chose to use an open source operating system like one of the many variations of Linux, the device may be nearly as powerful as a desktop computer or smartphone. And if they choose not to provide a way to upgrade it to fix security problems, then attackers are likely going to be able to eventually find a way to break into it. They may be able to do this through one of many features in the operating system that may have vulnerabilities nobody knew about when it was built.
So, if the device has too many security holes for the manufacturer to fix, the device will always be vulnerable to being “weaponized” by attackers. This means that it could be taken over and used for many different purposes that you and the manufacturer simply never considered.
Most of these devices weren’t intended to be abused, and their design didn’t consider the cases where somebody might try to abuse them. They are only intended to provide the features for which you bought them. Unfortunately, there’s no way to put the genie back in the bottle. The only way manufacturers can improve the security of connected devices – which is the main thing everyone seems to agree on that needs to be done – is to start using secure design techniques that anticipate abuse by the user… or by anyone else on the Internet. They need to make sure these devices ONLY do what they were designed to to, and nothing else.
If this is the case, your device is simply going to be too dangerous to keep using… throw it out.
Sorry if you have to throw out all of your favorite toys. But I didn’t design your stupid… er… smart devices.