While "records" seem to be universally welcome, developers, especially fans of the object-oriented paradigm, should be careful when considering this new feature.
Check out this month's compilation of IoT news and tutorials, including advice for getting started with IoT, building with Arduinos and RPis, and monetizing IoT data.
As the Internet of Things becomes a ubiquitous idea and a fact of life, what happens to all the aging and increasingly insecure Things? According to Wired's Robert Mcmillan, responding to a recent question on the security of IoT from Dan Geer, this may be a serious problem [1][2]. The solution, Mcmillan suggests, is to design these devices with an expiration date. In other words: they need to be programmed to die. The problem may not be too severe now, but the future of the Internet of Things will look different than it does now. Security will likely loosen, because software will be a part of everything, and it tends to be the case that things mass produced to that degree experience a bit of a drop in quality. That, Mcmillan argues, presents a problem: ...all code has bugs, and in the course of time, these bugs are going to be found and then exploited by a determined attacker. As we build more and more devices like thermostats and lightbulbs and smart trashcans that are expected to last much longer than a PC or a phone, maybe we need to design them to sign off at the point where they’re no longer supported with software patches. Otherwise, we’re in for a security nightmare. A similar argument came from Bruce Schneier's interview with Scott Berinato about how future bugs like Heartbleed could impact IoT [3]. Schneier's conclusion is that processes must be built into IoT devices and development to allow for regular patching and securing of embedded systems. How practical is that, though? Mcmillan points to some recent scenarios where these fears have already come true: the lack of support for Linksys routers infected with Moon Worm, for example. Long-term patching would solve these issues, but will the increasing number of organizations developing IoT products be forward-thinking enough to care? It's also not as if the problem will fade as the products become less popular, Mcmillan says: Researchers have studied the way that security vulnerabilities are discovered, and what they’ve found is that security bugs will keep cropping up, long after most software is released... in fact, they’ll only get worse. Open sourcing technology as it ages may also be a solution, Mcmillan says. However, even that is imperfect and requires a lot of cooperation from companies who may not be enthusiastic about such cooperation, as well as a base of developers interested enough in the technology to maintain it. So, creating devices with an expiration date may be one of the most practical solutions. Otherwise, what happens when IoT is everywhere? What happens when we stop taking care of the things that we build? [1] http://www.wired.com/2014/05/iot-death/ [2] http://geer.tinho.net/geer.secot.7v14.txt [3] https://dzone.com/articles/heartbleed-iot-how-much-worse
Okay, so maybe an apocalyptic uprising of connected machines is not going to happen. Don't worry, though - there's still plenty of reason to believe that the Internet of Things will somehow lead to your death! According to Stuart Lauchlan at diginomica, the next great risk is almost here, and it's not even the Things themselves. It is, of course, the terrorists. To be specific, Lauchlan points (tongue firmly in cheek) to the 2014 iOCTA (Internet Organised Crime Threat Assessment) from Europol’s European Cybercrime Centre (EC3), which has predicted that the world will witness its first IoT murder within the next few months, and that it will be the work of criminals and terrorists: That . . . lurid prediction is actually parroting a report by US security firm IID, but Europol is warning that criminals and terrorists will use the IoT – or the Internet of Everything (IoE) as Europol calls it – and all its connected smart devices as weapons against the innocent. There is certainly something familiar about the image of IoT-hacking ne'er-do-wells: But Europol's prediction is not so tongue-in-cheek. A big part of their reasoning is that IoT is insecure. That seems to be a fairly valid concern. After all, we've heard quite a bit about how a possible (if not likely) future for IoT includes a security hellscape in which clueless companies fail to patch products as they stop supporting them, and everybody ends up with Doom installed on their toaster (or something along those lines). According to Europol, the problem is that an insecure IoT is big playground for crime: With the Internet of Everything expanding and becoming more widely adopted, new forms of critical infrastructure will appear and dependencies on existing ones will become more critical. As public and private sector organisations are outsourcing data, applications, platforms and entire infrastructures to large cloud service providers, cloud computing itself will become a critical infrastructure. Which is a problem because: . . . Big and Fast Data, the Internet of Everything, wearable devices, augmented reality, cloud computing, artificial intelligence and the transition to IPv6 will provide additional attack vectors and an increased attack surface for criminals. This will be exacerbated by how emerging and new technologies will be used and how they will influence people’s online behaviour. Europol has a few recommendations for curbing these dangers, but they aren't particularly innovative ideas - make sure policy-makers understand IoT, and make sure companies consider security, and things like that. Take comfort, though: according to Europol, you've still got a few months left to live.