The news about Exactis' failure to secure their enormous trove of shadow profile data got me thinking about security in general: about the extent to which corporations, of whose existence we might be completely ignorant, are already harvesting all manner of highly personal information about you and I, not only without our informed consent, but without us even knowing when or how often it's happening. And that got me to thinking about the other data collection scheme that Big Data is so keen on lately: IoT, the so-called Internet of Things.
The idea that everything in your environment that incorporates a microchip would inevitably be connected to the Internet, and thus vulnerable to, and controllable by, any sufficiently sophisticated hacker, is something which has concerned me for some time now. I'm not convinced that it's possible to secure such a wide range of devices, from an equally wide range of manufacturers; and even if were possible, I'm not convinced that the measures required to make it happen are desirable. At all.
I'm especially un-sold on the capacity for Artificial Intelligence to succeed at this task when human intelligence has repeatedly failed, or to compensate for the combination of ignorance, incompetence, apathy, and/or greed that will doubtless be a defining feature of IoT for a long time to come. First things first, though; let's start by describing the scope of the problem.
Showing posts with label IoT. Show all posts
Showing posts with label IoT. Show all posts
June 28, 2018
April 16, 2018
IoT's security problem, illustrated with fish
When I wrote on Saturday that the Internet of Things would not become a transformative technology, I was (obviously) thinking of its potential for widespread adoption by individual consumers. I wasn't thinking about IoT's adoption by larger corporate interests like hotels and casinos, many of which might well have some use for the ability to monitor and control several different micro-climates over a single network.
The problem with that, though, is that all of those IoT-connected devices are connected to your business's network, effectively linking a lot of highly valuable business data to IoT devices which are almost impossible to secure. What could possibly go wrong?
From Business Insider UK:
I stand by my earlier assessment: IoT is simply too difficult to secure, and not nearly useful enough, to become the transformative technology that it's being touted as.
The problem with that, though, is that all of those IoT-connected devices are connected to your business's network, effectively linking a lot of highly valuable business data to IoT devices which are almost impossible to secure. What could possibly go wrong?
From Business Insider UK:
Hackers are increasingly targeting "internet of things" devices to access corporate systems, using things like CCTV cameras or air-conditioning units, according to the CEO of a cybersecurity firm.
The internet of things refers to devices hooked up to the internet, and it has expanded to include everything from household appliances to widgets in power plants.
Nicole Eagan, the CEO of Darktrace, told the WSJ CEO Council Conference in London on Thursday: "There's a lot of internet-of-things devices, everything from thermostats, refrigeration systems, HVAC systems, to people who bring in their Alexa devices into the offices. There's just a lot of IoT. It expands the attack surface, and most of this isn't covered by traditional defenses."
Eagan gave one memorable anecdote about a case Darktrace worked on in which a casino was hacked via a thermometer in an aquarium in the lobby.
"The attackers used that to get a foothold in the network," she said. "They then found the high-roller database and then pulled that back across the network, out the thermostat, and up to the cloud.Betcha thought I was joking about the fish, didn't you?
I stand by my earlier assessment: IoT is simply too difficult to secure, and not nearly useful enough, to become the transformative technology that it's being touted as.
April 14, 2018
Reminder: IoT is not a transformative technology, either.
First a quick refresher on what qualities make a technology transformative:
That's it; technologies that fulfill those three criteria can turn new tech into technological revolution. Given these three qualities, a new technology can alter the way our society does almost everything; without them, a new technology makes a brief splash and a small ripple, and then vanishes beneath the surface of history, never to be seen again.
Now, let's apply these criteria to an historical example: the telegraph.
Now, let's apply the three "transformative tech" criteria to the Internet of Things.
#1: Immediately useful. In order to become transformative, a technology needs to become widely adopted, which doesn't happen if it's not useful for something, right out of the box, that users aren't already doing. This can't just be a qualitative enhancement of things we do already; it must be something we cannot currently do at all.
#2: Economically scaleable. A transformative technology must become cheaper to use as more users come online. A technology that doesn't scale can't become widely used, no matter how useful it might be, simply because its use will remain out of reach of almost everyone.
#3: Game-changing/Historical. A transformative technology make possible later technologies, or unlock new activities with later iterations of the tech, and those changes should extend beyond the merely technical.#3 is the trickiest of the three to asses in a technology's early stages, but a good example would be the smartphone. Smartphones supercharged social media; when combined with the phones' cameras and large memories, smartphones made it possible to record, and even simultaneously upload, e.g. video of encounters between members of minority communities and the police. Consider how profoundly this has impacted the way we talk about law enforcement, or the way in which Mitt Romney's 47% video altered the outcome of that year's U.S. Presidential race, and you get an idea of the potential impact that we're talking about.
That's it; technologies that fulfill those three criteria can turn new tech into technological revolution. Given these three qualities, a new technology can alter the way our society does almost everything; without them, a new technology makes a brief splash and a small ripple, and then vanishes beneath the surface of history, never to be seen again.
Now, let's apply these criteria to an historical example: the telegraph.
#1: The ability to communicate over long distances has historically been game-changing; many events in history have hinged on whether (or not) a message got where it needed to go in time. Telegraphy allows you to send messages in minutes, rather than weeks or months, with little to no loss of information, the utility of which is obvious. PASS.
#2: The telegraph required wires to be run over long distances, and a source of electricity to power it all, so it was a matter of good timing that it was invented at the same time that steam power was also becoming a thing. Steam-powered trains also required long rail lines to be laid, and telegraph lines could be (and were) run along poles alongside them for comparatively little extra cost; and most of the electricity that we use is still generated using steam-driven turbines, which provides juice. All of this scaled well, and kept scaling, to such an extent that we're still using it all. PASS.
#3: The telegraph made it possible to send information long distances over wires and cables using binary encoding (dots and dashes), an ability which not only didn't exist previous, but which was so powerful that we're still using it. Replace dots and dashes with 0's and 1's, and add microcircuit-controlled switches, and routers, and you end up with the Internet. PASS.You can do the same exercise for radio, television, microcircuits, personal computers, the Internet, and the smartphone. You can't, however, successfully complete the same exercise for, say, 3DTVs - nobody needed or wanted them, there was little to no content for them, and they've already sunk without trace. VR is sinking now, for the same reasons.
Now, let's apply the three "transformative tech" criteria to the Internet of Things.
Subscribe to:
Posts (Atom)