Your alarm wakes you up at the perfect moment in your sleep cycle, your coffee awaits, room temperature is adequate while having breakfast and your car is already pre-heated, so you don’t have to start driving with freezing temperatures inside the car. That is the promise.
If your technical level is ‘overlord’, you can pretty much program your whole house to your needs, but what if you’re not into all that stuff? Simple devices that connect with almost no configuration required are the solution. You just connect your lightbulb to the internet and you can use your phone to turn it on. You can just connect your baby webcam to the internet, so not only you can watch him or her, but also the rest of the internet. Wait what?
Introducing Shodan. A program that crawls the internet for open ports on IP addresses and uses the vulnerability of the RTS Protocol to generate a live stream of available webcams. Why is this possible? Well, we like cheap stuff, and apparently we don’t really care about the security aspect of our devices. But how weird would it be, if you found out that there was a live stream of your child on the internet? Wouldn’t you pay a little extra to prevent that?
Shodan is only the tip of the iceberg of what could potentially go wrong with connected devices. What about your car, being controlled while you’re driving on the highway? What about your device being hacked and its processing power used in a massive DDoS attack? These are all legit security flaws.
But security is expensive. It is also not always on the consumer’s radar while buying a new device. So why would a company invest in security, if the fight for the lowest price is still going strong? How are you making people aware of the importance, without first putting their lives freely available on the internet.
It’s a question we’ll likely see a lot in near future. Privacy doesn’t seem to bother a lot of consumers, until they’re very much aware of the effects. It shouldn’t be hard to connect your device in your home network, it also shouldn’t be hard to secure that connection. Is privacy/security of your devices important enough for you to pay a little extra, or do we rather have cheap devices?
Sources used:
http://www.motoring.com.au/jeep-hack-exposes-car-security-threat-52669/
https://blog.360totalsecurity.com/en/biggest-ddos-attack-powered-150000-hacked-iot-devices/
Dear Joeri, thank you for your blog! I think the reason why a lot of people seem to be careless about their privacy is because they think ”oh that won’t happen to me” or ”oh no no one would hack into my webcam”. While the risk is out there, people generally do not perceive it as high. For example, people are recommended to change their passwords often and not use the same passwords for different accounts, but research has shown that people do use the same passwords for several accounts, despite warnings. Thus, while the risk is out there, I believe people should not only be made more aware, but be scared by what could happen. Especially the new generation who is growing up with the internet should be informed on how to best protect themselves online, so they can teach their parents and in the future their children how to stay safe in a growing online environment.
Hey Ananda,
Great example with the passwords. And I absolutely agree that the ‘oh that won’t happen to me’ thoughts are probably an important reason people don’t seem to care that much. I’m interested to see how much people need to be scared before taking action. Hopefully not too much.
Hey Joeri,
Nice blog and you’re absolutely correct, people are surprisingly careless when it comes to privacy.
It is funny though that whenever you ask those people if they find privacy important, they will all say that they do.
The chances that people actually get “hacked” is relatively slim, so probably that is the main reason people don’t mind those cheap products.
But I would assume (self driving) cars will be more secure by itself right, since that is somewhat more of a big spend. It would actually not surprise me that the security of many things isn’t that great.
On a complete other node, what do you think of people using legacy or old software that still works? Some of them are surprisingly resistant to hacks or creepers.
Our public train transport provider for example has been using the same software that is older than 20 years.
http://www.nu.nl/internet/4060029/ns-lapt-regels-aanbesteding-software-laars.html
Hey Xidong, thanks for your comment.
The assumption that expensive stuff is more secure is definitely not a good assumption to have. Most of the time it’s not transparent why stuff is more expensive, and if there is nothing spend on security, well, let’s just say it’s probably not there. Check this example out: https://www.youtube.com/watch?v=Nt33m7G_42Q It’s actually pretty hilarious how simple it is.
I don’t really know about legacy code. If it’s written well, it probably still has the insecurities of the old language itself. But maybe it has the benefit of being old and nobody knows how the language or the program works anymore. But that’s another insecurity at itself. Pretty close to the security through obscurity argument. So I wouldn’t count on legacy code being secure against the new stuff creeping around on the internet.
Hey Xidong, thanks for your comment.
The assumption that expensive stuff is more secure is definitely not a good assumption to have. Most of the time it’s not transparent why stuff is more expensive, and if there is nothing spend on security, well, let’s just say it’s probably not there. Check this example out: https://www.youtube.com/watch?v=Nt33m7G_42Q It’s actually pretty hilarious how simple it is.
I don’t really know about legacy code. If it’s written well, it probably still has the insecurities of the old language itself. But maybe it has the benefit of being old and nobody knows how the language or the program works anymore. But that’s another insecurity at itself. Pretty close to the security through obscurity argument. So I wouldn’t count on legacy code being secure against the new stuff creeping around on the internet.