Again, if you don’t have control of the software running on your Internet of Things devices, at home or on the road, you are a sitting duck. This article mentions using unencrypted communications, but misses some important points.

  1. Merely encrypting communications doesn’t help very much if it’s not done well. In fact, it can inhibit real security if a false sense of security causes truly insecure devices to be more widely deployed.

  2. All software has bugs. Updates to address security issues are critical. Vendors have an abysmal record of updating old devices. Do you want to invest thousands of dollars in connecting your home to the internet (eek already!) and then in a year or two the vendors refuse to update the devices because they are “end of life” and they just want to sell you a new device?

  3. The tremendous personal risks from lack of effective security. It’s not just about your home. I’m really not excited about buying a new car any time soon; I don’t want my car to be remotely taken over. Pay attention: the power steering, brakes, ignition, windows, locks — they are all connected to networks that are connected wirelessly to the outside world. (This is where Tesla had their biggest #fail so far—threatening instead of welcoming reports of security flaws in their cars. I expected better from them based on other things they have done right.)

Ultimately, the only way this will be fixed is if consumers are scared of deploying this technology without fundamental change; if they’ll buy junk, the market will sell junk. I have very little hope, since history tends to repeat itself.

Black Hat 2014: Security experts hack home alarms, smart cars and more

