$3,599 is a lot of money.
It could get you a decent used car, or a relatively cheated-on iMac. You could buy 3,599 McChicken burgers, or 2,589 McDoubles. Or I could get you the Samsung RF28HMELBSR.
This (easy-to-name) refrigerator has it all. It has four doors, a colossal 28 cubic feet of space, and a built-in, WiFi-enabled 8” LCD Touchscreen that lets you do anything from reading the news, to remotely controlling your Android smartphone.
If it sounds familiar, that's because it was once included in my list of the Smartest Smart Home Products of All Time:Tweeting Web-Controlled Fridges and Rice Cookers:9 of the Coolest Smart Home Appliances Tweeting Fridges and Web-Controlled Rice Cookers Web-Controlled Rice Cookers:9 Of The Stupidest Smart Home Appliances There are plenty of smart home gadgets out there that are worth your time and money. But there are also types that should never see the light of day. Here are 9 of the worst. Read more . And did I mention that it ships with a huge, huge security vulnerability??
Yes, for all its sophistication, this fridge came with a major security flaw that could allow an attacker to surreptitiously harvest Gmail login credentials.
The vulnerability was first reported in The Register on August 24, and was discovered by UK-based intelligence firm Pen Test Parters while participating in an Internet of Things (IoT) hacking challenge at the recent Defcon conference. 23..
The built-in touch screen on this refrigerator allows the user to access their own Google Calendar. Connections to and from Google servers are encrypted using SSL encryption. What is an SSL certificate and do you need it? What is an SSL certificate and do you need it? Surfing the Internet can be scary when it comes to personal information. Read More
This presents a serious security problem, as anyone on the network could launch a “Man in the middle” attack. What is a man in the middle attack? Security Jargon Explained What is a man-in-the-middle attack? Security Jargon Explained If you've heard of "man-in-the-middle" attacks but aren't sure what that means, this is the article for you. Read More An attacker could also obtain them by spoofing an access point or through a remote authentication attack.
Samsung has said that they are “investigating this matter as quickly as possible” , and they are supposed to be working flat out to issue a fix. But this episode presents an interesting demonstration of just how badly security can go wrong in the Internet of Things.
In the past, we've talked at length about the risks that the Internet of Things presents, both from privacy. Why the Internet of Things is the biggest security nightmare Why the Internet of Things is the biggest security nightmare One day, you come home from work to discover that your cloud-enabled home security system has been breached. How could this happen? With the Internet of Things (IoT), you can find out the hard way. Read More cast in the silent shadows. It's time to draw attention to these dangers with seven promising promises of the IoT. Read more . Addressing them is difficult, because when it comes to protecting the Internet of Things, we run into some problems.
First of all, these devices aren't PCs or phones, in the sense that they're easy to update (Windows 10 will even install updates on your behalf) How to turn off automatic app updates in Windows 10 How to turn off automatic app updates in Windows 10 Don't know recommends turning off system updates, but if you need to, here's how to do it in Windows 10. Read More), and the vendors that support them are involved and regularly release software and security updates. Many smart home products don't "update" over the air, either requiring the use of complicated or unreliable software packages, removable storage, or simply not allowing you to update firmware at all.
How, for example, do you upgrade a connected coffee maker or a computerized thermostat? There is no easy and universal way to do that.
It is also important to address the fact that many of these devices are now being built by ordinary people in their own homes. Arduino and Raspberry Pi have allowed us to introduce network connectivity and computed logic in places we never thought possible, while products like Microsoft's Windows 10 for IoT Windows 10, coming to an Arduino near you? Windows 10 - Is an Arduino coming near you? Read More has made it easier to expose these devices to the broader Internet, while also opening up a world of opportunity and risk.
While many experienced developers know how to safely build these devices, many novice and amateur developers don't.
Then we deal with the problem of longevity. Again, this problem is endemic to the Smart Home world. Because while your PC and phone run software that's been developed by companies with long histories and deep pockets, most of your Smart Home devices haven't.
The vast majority of these companies are at an early or late stage, many of them at a tentative stage in their development. If they close, what happens to products they've already shipped? Who will write software updates and security patches?
As we've written in the past, Hardware Startups Are Hard Why Hardware Startups Are Hard:Bringing ErgoDox to Life Why Hardware Startups Are Hard:Bringing ErgoDox to Life Here's a controversial take for you:Launch a startup software is easy. Hardware, on the other hand? Hardware boots are difficult. Really difficult. Read more . Already this year, we've seen significant layoffs at Leeo and Wink, two of the biggest Smart Home startups. Many more, like Lumos, have not been able to fully take off.
But perhaps the biggest and longest-lasting threat to smart home and Internet of Things security is simply that these devices are designed to last longer than their manufacturers prefer. Los sistemas integrados y los productos de Smart Home pueden funcionar, de manera bastante feliz, durante años y años. Muchos de estos no funcionan en un servicio de suscripción..
¿Podemos esperar que Nest y Philips ofrezcan actualizaciones mientras Microsoft sea compatible con Windows XP? ¿Qué significa Windows XPocalypse para usted? ¿Qué significa “Windows XPocalypse” significa para usted? Microsoft matará el soporte para Windows XP en abril de 2014. Esto tiene graves consecuencias para Tanto las empresas como los consumidores. Esto es lo que debe saber si todavía está ejecutando Windows XP. Read more ?
Estos problemas de seguridad se ven exacerbados significativamente por el hecho de que muchos de estos dispositivos están conectados a Internet y son accesibles de forma remota, lo que introduce una amplia variedad de problemas de seguridad..
Porque cuando conectas algo a Internet, introduces un nuevo vector de ataque a quien esté tan motivado. En lugar de tener que conectarse a su red doméstica, alguien podría simplemente comprometerla de forma remota.
También es más fácil de lo que piensas. Incluso hay un motor de búsqueda para sistemas integrados, llamado Shodan. Con solo unas pocas pulsaciones, puede encontrar sistemas que han estado expuestos a Internet en todo el mundo, desde plantas de energía en Japón hasta cámaras web en Holanda y teléfonos VoIP en Nueva York..
Simplemente buscando “Cámara web” expone miles de cámaras web de acceso remoto. Sin embargo, no accedí a ninguno, ya que eso casi con toda seguridad me llevaría a infringir la Ley de uso indebido de computadoras de 1990. La Ley de uso indebido de computadoras:La Ley que tipifica como delito la piratería informática en el Reino Unido. La Ley de uso indebido de computadoras:La Ley que tipifica como delito la piratería informática en el Reino Unido. Reino Unido, la Ley de uso indebido de computadoras de 1990 trata los delitos de piratería Esta controvertida legislación se actualizó recientemente para otorgar a la organización de inteligencia del Reino Unido GCHQ el derecho legal de piratear cualquier computadora. Incluso el tuyo. Read more.
It's scary. Comenzamos a presentar nuestros hogares a Internet, y es muy fácil encontrarlos y lanzar ataques dirigidos contra ellos. Deberiamos estar preocupados.
Los defectos de seguridad, como el que se encuentra en el refrigerador Android de Samsung, siempre estarán ahí. Si los proveedores pueden realizar correcciones fácilmente y se actualizan constantemente a lo largo de la vida útil de los dispositivos, no es un gran problema..
Pero es importante que abordemos los otros temas. Se deben hacer esfuerzos para asegurar que los desarrolladores de productos Smart Home e IoT saben cómo desarrollar sistemas seguros. Esto podría lograrse mediante un mayor alcance con la comunidad de seguridad.
Hay una serie de precedentes para esto. El proyecto OWASP (Open Web Application Security) es uno que viene a la mente de inmediato. Lanzado en 2004, ha producido material educativo de libre acceso que enseña a los desarrolladores cómo crear sitios web seguros y hackers cómo probar correctamente la seguridad de las aplicaciones web..
No hay razón para que no se pueda crear algo similar para el mundo de la casa inteligente y para los desarrolladores de Internet de las cosas.
Además, debemos asegurarnos de que los sistemas de Smart Home se actualicen y se mantengan, incluso si los proveedores se retiran. Esto se puede hacer obligando a todos a que liberen su código en un depósito de código fuente, donde el código se libera si la empresa se declara en bancarrota, o si no mantiene el software de una manera satisfactoria..
Y como consumidores, deberíamos comenzar a exigir más a los proveedores. Debemos exigir que los dispositivos que compramos sean compatibles con parches de seguridad durante toda la vida útil del producto. Debemos esperar que cualquier problema de seguridad se resuelva de manera rápida y decisiva. Debemos esperar que los proveedores traten las amenazas de seguridad con absoluta transparencia. Y no deberíamos patrocinar a los vendedores que no cumplan con ese exiguo estándar.
Todos estos son cambios relativamente pequeños, pero no hay razón para pensar que no darían lugar a dispositivos Smart Home más seguros. Pero qué piensas?
Si tiene alguna idea, o tiene alguna historia de horror sobre la inseguridad de IoT, quiero escuchar acerca de ellos. Déjame saber en los comentarios a continuación, y charlaremos..