Last year, I moved away from the family to take a job across country, and my new faux bachelorhood gave me space to buy some in-home tech that I wouldn’t be able to with my wife around. She is the tech super-edo to my tech id. Hers is the voice I hear in the Apple store when I’m checking out the JamBox or the latest iPad. We’re not made of money, so I walk into that store with aspirations and temptation, not intentions. Usually, I walk out of the store empty handed. Some mid-priced gadgets have been making that harder for me to do, but I’ve denied their siren song so far. This week I learned why denying them is a Good Thing.
One item at the Apple Store that always catches my eye is the Belkin WeMo home automation gear. They have a switch that you plug into an electrical outlet, and then you plug a lamp into their switch. Their switch is connected to the internet via your wireless router, giving you control of the switch (thus the lamp) anywhere your smart phone has access to the internet. Cool, no? That switch could turn the light on for me before I get home. Or I could get one for the wife to do the same for her.
Belkin also has a motion detector. Motion triggers the device to sends you a message or to run a script to turn on a light. Belkin has a light switch which replaces your physical flp switch and an outlet switch that gives you additional information on power useage. All these Belkin devices give you control of your things through the internet, and you can script that control with Belkin’s software or with services like If This Then That. For example, with two Belkin smart switches, one in each home, I could write a script to turn on a light back home across country when I have a light on in my apartment so my wife can see when I’m home and awake!
Another cool tech toy that catches my eye on the Apple Store shelves is the Hue personal wireless lighting system, which allows you to control a light bulb through the internet via an app on your iOS device. You can also vary the bulb’s color with the app. Sadly, I was never able to find a justifiable use for this in my apartment. (What if we put one bulb in each home, and the other person chose a color according to their mood? That would be an elegant internet-based way to communicate across a thousand miles.)
Another attractive product is the Nest thermostat. It is a tech darling, at least in the Apple circles. It replaces a standard thermostat and allows a homeowner to control and monitor home temps from a smart phone. But is was never an option for me, an apartment dweller. (http://www.apple.com/retail/)
All these devices are attractive. They and others like them rely on internet connectivity via wireless networks. Consider a security problem of wifi networks: they use radio frequencies to communicate data omnidirectionally for anyone to intercept. Many routers can ‘hide’ their existence from casual computer users. All modern wireless routers encrypt data so its unreadable by those who intercept it. But there are users who are not casual and who enjoy (for whatever reason) joining wireless networks without an invitation.
Last year, my wireless networks were entirely visible and open. We lived among farmlands, so nobody was going to come near enough to snoop on our signal illicitly. When my move took me to a densely populated area, I had to give more thought to how I set up my wireless network which knits together a considerable number of things in our house: several wifi appliances (e.g., a smart television, a receiver, an AppleTV, a FitBit Aria scale), computers, and numerous iOS devices. I know what it’s like to lose control of personal information (e.g., to have credit card information stolen and misused), and I don’t want wifi-connected things to expose my family unnecessarily to bad behavior by others.
My increased awareness of home network security is evolving with news this week that hackers created a botnet from internet-connected refrigerators. In the 1990s, the wide adoption of home personal computers created new vulnerabilities to fraud. The PC industry has since taken responsibility for this and made security a high priority. Providing security patches is a regular occurence most users understand and value. And many users are much more savy about basic cyber-security today (“don’t click on an attachment sent from someone you don’t know”) than they used to be. But how does this change when our refrigerator or internet router is the source of our vulnerability to malice? Our clock radio, toothbrush, or car? How can we know if a non-PC thing that’s connected to the internet-of-things is compromised?
This week, Bruce Schneier writing for Wired, illuminates this problem clearly and succinctly. In his artcile, “The Internet of Things Is Wildly Insecure — And Often Unpatchable”, he points out the challenge facing the internet-of-things industry (a.k.a., the embedded computing industry) and calls for them to take responsibility for user security the way PC makers did twenty years ago.
Until there’s a reasonable way for me to reload my toaster’s firmware if I think it is compromised, I’m going to decelerate my entry into the internet-of-things era. You should, too. Forget about hackers. Think about the wardriving burglars. They probably don’t care about the encrypted content passing between your media devices, but they’d love to get their hands on data from the baby monitor you have upstairs, the WeMo motion detector, your appliances, and those switches. What better way for a stranger to learn your habits and know when you’re not home. Or are.