Internet of Things Cybersecurity

Of Course the Internet of Things Isn’t Perfect

Can you name one invention that changed the course of human history that was perfect out of the gate?

Farming? Domestication of animals? Transportation?

OK, what about something a little more fundamental like utilities? Water, electricity, telephone and so on. Things so taken for granted in developed countries that we barely give them a second’s thought.

How about something actually appropriate to my subject; The Internet itself?

Not only weren’t any of these things perfect when first introduced, they still aren’t. Not by a long shot, and nor will they ever be. So why are we expecting more from the Internet of Things?

As a security expert, I cannot imagine anything more horrifying than billions of connected devices built almost entirely for function. Where race to market is the primary motivator because any competitive advantage is all but gone in a matter of days. And security, if it was even considered during development, was only done so perfunctorily, and likely with a fair degree of annoyance.

However, as a tech geek and a lazy git, the Internet of Things also fills me with anticipation bordering on joy. With the things that are already possible, my life has become significantly easier. With what’s to come, I can see a positive impact on the only thing that has ever mattered to me;

Having more time. Or perhaps more to the point; making better use of the time I have left.

Everyone talks about the risks and the inevitable disasters related to IoT, because that’s what sells column inches (like this recent event). Or they talk about increased efficiency, convenience, and quality of life because that’s what sells products. But what it all boils down to is this; What price do we have to pay for more time? How much of our privacy, or even our physical safety are we prepared to put at risk for a better life? A life spent doing the things we want to do, not the things we have to do just to get by.

Unfortunately, in our society, we are being allowed to accept less and less responsibility for our actions. From ‘Caution, Contents Hot’ labels on our coffee cups, to political correctness, to affirmative action, we are completely devolving accountability for our own lives to external entities.

This must stop. When it comes to the Internet of Things, we must make our own choices, and we absolutely must accept the consequences. It does not matter how many regulations and standards the Government puts into place, the IoT will always be far from perfect. Bad people WILL make bad things happen. Should organisations be held liable for gross negligence? Of course. Does that help the person whose pacemaker was hacked through their iPhone? No, it doesn’t.

‘Educated consumer’ is right up there with ‘religious tolerance’ in being a perfect oxymoron. But educated consumers is exactly what we all need to be. We now have a lot of control about how much of our identity is available online. Again, it’s not perfect, but with account insurance, regulatory compliance and such, the rewards from our online functionality far outweigh the risks.

But what happens when everything from the front door to the contents of our cupboards is available in the Internet? When every appliance, every utility, our location, health, finances, are all just a hack away? Will the amazing convenience that can be  achieved outsourcing ‘control’ of those things be worth the risk of total loss?

Only you can make that choice, and you cannot point fingers at anyone else if things go wrong. There is no recourse open to you, and the only defence you have is to educate yourself.

Start by assuming that everything you put online can be lost in its entirety. Are you prepared for that, because it’s not an exaggeration?

[If you liked this article, please share! Want more like it, subscribe!]

The End of Household Food Waste?

How much food do you throw away each year because it’s past the expiration date, or worse, you find it in the back of your fridge supporting a new furry ecosystem?

In my ever extending string of blogs based entirely on speculation, I would say that I throw away in the region of £400 – £600 worth per year. And I’m not saying it’s my wife’s fault (certainly not to her face anyway), although she does all the grocery shopping and cooking (don’t worry, it’s not like that, I do pretty much all the cleaning and jar opening). 🙂

There’s actually no blame here, it’s just that way WE are. We are not planners when it comes to our weekly meals, which would alleviate much of this issue. But, like everyone else in our brave new it’s-not-my-fault,-someone-else-should-do-something-about-it society, I want to have this take care of itself, automatically.

We can, and I believe we are not that far off, it just needs to be put together.

First, the actual growers of the produce need to take the first step by ensuring that their shipments are labelled with enough information to begin the countdown process. i.e. from ripe to rotten, we should by now have a pretty good idea how long a lettuce (for example) is going to last. I don’t care if it’s organic (which will clearly reduce its life cycle), with refrigeration, preservatives, and whatever else happens to our food without our knowledge, from farm, to supermarket shelf, to your fridge, to your plate, the lettuce has only x days to live (plus or minus).

Let’s say this is done with a QR tag, and each step in the logistics is added to the embedded information, by the time you scan the code in the supermarket you will have at your fingertips all the information you need to make an informed decision related to your purchase. These lettuces in this box are 2 days newer than those ones, but the older ones are half price and so on. Instant coupons is a given.

I won’t go into the payment method, I’ve written enough on the future of payments, but you will not only have an instant receipt, you have automatically added these items to a database of all the food in your house, along with its weight / quantity, expiration date, and so on.

Now everything edible in your house, from canned goods, to herbs & spices, to meats, to vegetables are all tracked in your database. All you need do now is set your alerts so that ANYTHING that is about to expire becomes an item in your next meal. Of course, you will need to tell this database whether or not you put something in the freezer, the fridge, to left it on the counter, but the smart-fridges or smart-cupboards of the very near future will be able to track this for you by scanning your groceries as you put them away. This will in turn be added to the database so you need never spend half an hour hunting for your Fingers of Fudge.

Not only that, because you have a complete record of everything, you can get immediate help on what to do with it. Every chef in the world will want to sign up to a service whereby they can apply their recipes to what you have available, or more importantly, what is about to expire. Yes, both the chefs and the providers of this service will try to get you to buy additional items to make an amazing meal, but you will always have a choice.

Also, if you DO choose a fancy menu, this can immediately alert your preferred supermarket who can tell you whether to not the items are available, then maybe even deliver them to you.

And we’re still not done. Beyond the immediate benefits of saving a butt-load of money, these are other advantages for every player in the cycle (in no particular order);

  1. You can have your weekly menus designed for you based on your preferences in terms of likes/dislikes, calorific intake, budget and so on.
  2. Growers will eventually be able to track global trends on food purchase, and possibly be able to adjust their supply to the demand.
  3. Supermarkets can automatically alert their customers to deals on soon-to-expire produce a hopefully reduce their waste. Maybe provide free delivery if you purchase enough of these items.
  4. You’ll learn to cook far more meals than you could have ever conceived yourself.
  5. You’ll be able to track your calorie intake if you follow the menus explicitly. Good for dieters, and excellent for diabetics.
  6. By having the ingredients of everything you buy available to you, you can ensure you never buy anything, or accept a recipe for meals that contain something, to which you or a loved one are allergic.
  7. You will undoubtedly stop buying things that sit in your cupboards for years on end, like that can of string beans that seemed like a good idea at the time.
  8. You can make your food database available to your friends so that you can create a meal together without having to buy everything yourself. Dinner party anyone?

I could go on all day, and I’m sure that if you have read this far you have had several ideas of your own.

All we need now is the supermarket chains to buy in …and the growers …and the name brand goods ….and …


How To Get Your Kids To Exercise

If you are reading this while on public transportation, at a bus stop / train station, look up, and look around. How many people are looking at a mobile device of some kind? 40%? 50%?

Now, how many of those are children? Or if you’re a parent, does your child have a smartphone? A PS3/Xbox? And finally, how much time do you think these kids are spending on those devices?

It’s bad enough that I, a 46 year old ‘technology professional’ spend an inordinate amount of time plugged-in and not exercising, it’s quite another to see a 10 year old who’s overweight and completely disconnected from the world around them.

So, whether you are proponent of the Internet of Things or not, I see it as a perfect opportunity to ensure that children see technology as the privilege it is, and not as an expectation, and certainly not as something to be taken for granted. No child has earned the right to waste away in front of an electronic device, they can do that later if the wish, and once they are out on their own paying their own bills. Like me.

The proposition: With innovations around micro-sensors, geo-location and a whole host of other inputs, it should be relatively trivial to measure the amount of exercise your child is getting on a daily basis, and tie that directly into the amount of ‘play time’ they get on their smartphones or video games. The more exercise they do, the more time they have, and when your time is up, the video games are locked out, and your smartphone reverts to phone only.

You could even build in an ‘management station’ where parents could set tasks, chores, grade requirements etc, and the more the child does, or the better they perform, it all works its way into more time playtime on their electronics. Of course, this will all need to be fun as well, there’s no point in teaching the next generation that exercise is itself a boring chore, but every child has to learn that everything has a price, even if that ‘price’ is something that’s actually good for them.

It would however, be very important not punish a child that finds a way to beat the system. Any creative method they have to ‘cheat’ is an indication of a burgeoning talent. For example, a child who..:

  • …gets their friends to wear their sensors to exercise on their behalf shows someone with creativity, influence, and leadership skills.
  • …works out how to ‘double up’ on their sensor input shows skills in problem solving, efficiency generation and engineering.
  • …hacks the system and re-wires either the input mechanism or the underlying application is going to start the next Google.

While you clearly can’t allow their breaking of the rules to continue, gearing their e-playtime bonuses to rewards for solving similar challenges is a way to make the whole thing not only fun, but a learning lesson as well.

Children are extraordinarily creative when not suppressed by adults, so why not let them have at it while at the same time ensuring that they stay healthy?

Obviously this technology would have just as many benefits to adult health as well, and I have literally dozens other ideas for its application, but I’ll leave that to people with a little more time on their hands. I think a company name of e-PlayTime would work very well…

The New Breed of Tech Support Professional

Even now it’s fairly easy for most technology support people to perform their function. They have either extremely deep knowledge in one sector (PC, Mac, iOS, etc.), or are something of a jack-of-all-trades/techs. Much like a handyman is great for most day-to-day repairs, but should never be used to replace your boiler, your electrical system, or your windows.

But what happens when everything is online? Well, almost everything.

When I raise the subject of Internet of Things, I usually get one of three reactions;

  1. The what of who?
  2. That’s awesome, can’t wait!
  3. No thank you.

The first answer is invariably from people who are not technology oriented (majority), the second one from people who ARE technology oriented and usually young, and the third answer from people who are either terrified of technology itself, or who realise that privacy would be a thing of the past.

It’s hard to argue with the latter when you’ve voluntarily put your entire life’s infrastructure online. Like I will.

But who’s going to support all of this? Governments will do their best to regulate this, and they’ll fail; technology providers will attempt to make it simple and safe for the average user, and they will fail; and your PC repair dude will have little idea where to start, but probably charge you for trying.

Luckily the technology behind the Internet of Things is already known to most techies, but they can no longer stay as deep into one technology as they may have done in the past, and probably prefer.  Customers will begin demanding jacks-of-all-techs over specific and individual knowledge-sets, and expect them to be able to fix their smartphone, re-program their dogs’ locator chip, and propose a tasty dinner based on the computer generated contents of their fridge.

The new generation of technology support professionals will need to keep up with innovation as never before, or lose out to those that do; your local PC repair shop will lose to home service; and  we, the consumer, will expect this to be seamless, painless, and cheap.

I even foresee both regulation and certification around providing these services. It’s one thing to support a customer who can’t flush his toilet using his iPhone, it’s quite another supporting a customer who is having issues with her pacemaker, or insulin dispenser.

In the race to profit from this technology explosion, standardisation, interoperability, and ease of maintenance will be ignored, meaning that every new technology you deploy will be stand-alone.  Maintenance complexity does not go up linearly with the number of individual technologies, it goes up exponentially.  Support contracts will be how most of these businesses make their money.

However, to the rescue comes the jack-of-all-techs who will not only help you fix what’s broken, but will be able to help you choose what technology you can go for next given their knowledge of what you have now, and what goal(s) you are trying to active.  Every good support person, consultant, or friend, gives you what you need, and not necessarily what you ask for. Even if they use sentences which end in prepositions.

The only thing holding back total technology adoption are people born before 1990. Most people born after that take the Internet, smartphones, and loss of privacy for granted. Every year that goes by our numbers fall, so the checks and balances between the Internet of Things and an individual’s rights for independence from technology are weakened.

Once again, here comes the jack-of-all-techs! The right tech support professional inherently understands that customer service is the only thing that matters, and you can never provide world class customer service if you don’t have your client’s best interests at heart.

Let the learning begin.

Screen Shot 2013-10-03 at 15.02.42

The Internet of Things – A Security Game Changer

Imagine being able to turn the oven on 20 minutes before you get home so it’s ready to start cooking… or taking a quick remote peek into your fridge/cupboards/bread bin to see if you need anything at the supermarket … or re-programming your air conditioning / heating while you’re on Holiday.

All of the above is simple, and already possible, just go here for a bunch of others; Some are incredibly far reaching, not to mention awe inspiring.

Along with the exponential increase in convenience, efficiency, and entertainment, is an equal increase in the cost to your privacy, security, and in some cases, your actual well-being. For example, this site is about reminding you to take medications. What happens if you start to rely on this with your critical meds and someone ‘hacks’ it?

This blog is in no way a criticism or a doomsday prediction of the trend. I love this stuff and cannot wait until every aspect of my life is a blink, gesture, or eventually a thought away. However, whereas previously our lack of knowledge in basic self-defence principles related to the Internet could have caused embarrassment or the loss of a few quid, the Internet of Things could, quite literally, put your life in danger.

If YOU let it.

As a previous article If You Want More Privacy, Stay Off the Internet stated, the conveniences you crave have a price, and the price is only going to go up the more you expect from it. The Internet is like gambling, only bet what you can afford to lose.

It’s not about the RIGHT to privacy, we all have that as a basic Human Right, it’s that you cannot EXPECT privacy given the inherent insecurity of the medium, the criminal element, and good old fashioned stupidity.

You are not owed security, or perfection, so the due diligence is entirely yours, as is the ongoing maintenance and security monitoring of your new functionality. The things you will be able to do will be unbelievably tempting, but keep these points in mind:

  1. Start Small – don’t sign up for every new thing when it becomes available, you will never be able to track them all, let alone secure them.
  2. Keep it Simple – automated notification of the need for milk is harmless, automating insulin doses is not.
  3. Rely on Nothing – especially when your physical well-being is concerned. Always, ALWAYS have a back-up if your primary mechanism fails.
  4. Minimise the Impact – expose only what you don’t mind losing. Insure everything, especially your finances.
  5. Take Responsibility – blame yourself if things go wrong, don’t waste your time pointing fingers at others. This was YOUR choice, live with it.

Like everything that’s coming in the future, innovation has benefits matched equally by the downside. ‘Government’ will do its best to protect us through laws and regulations, but they will fail to keep up with OUR demand for functionality. Security experts will do their best to protect us, but they too will fail to keep up with the competitive rush to fulfil OUR demand.

Enjoy it, just be careful.

Personally I’m going to be interested in what ‘butt-dialing’ will look like in the next decade. You’ll probably come home to find your vacuum cleaner ordering pizza and watching porn.

Internet of THings