I wrote back in December about Internet connected devices and wondered what interesting stories may be forthcoming.
There’s a couple of recent stories that have piqued my interested. The first is about a hotel using android devices to light rooms, and not being very secure with their implementation of it.
Whilst the designers had (presumably) thought of a good reason to install android light pads in place of traditional switches, they clearly hadn’t thought of the “what if” – what if someone looked beyond the sparkling tech and looked at how the android tablets connect to the network and what would happen if something went wrong, or worse, someone was to make something go wrong.
It reminds me a bit of TV programs that implement some tech wizardry into the plot for the sake of it – it’s almost believable . Or maybe it reminds me of an episode of CSI:Cyber – the hotel hack. A rather convoluted and preposterous plot as I recall.
Part of the plot of the TV programme revolved around a Man In The Middle Attack where the hacker had set up his own WiFi hotspot masquerading as a coffee shop’s legitimate free WiFi point. Once the victim connected to the evil WiFi hotspot, the hacker captured the required credentials for later use. This part of the plot is a real world issue and thought should be taken about how to stay safe when using a WiFi hotspot and How To Stay Safe While Using Public WiFi.
Back to the real-world hotel security vulnerability, the first problem appears to have been that security hadn’t been thought through in the design. A key principle for any system. Then, there’s the testing of the system that was invented. Proper testing of any new system is not limited to IT, but any IT with network or Internet connectivity must surely be tested thoroughly.
The second recent story of vulnerability in devices that are Internet-connected-ready – the Internet of Things (IoT) – Samsung’s SmartThings (“..lets you easily monitor, control, and secure your home from anywhere”).
It sure does look useful – if I wake in the middle of the night and find that there has been an unexpected cold snap I wouldn’t have to even get out of bed to turn the heating on – I could just reach over to my always-on smart phone and bingo – instant heat that our parents could only dream of. Or perhaps if the boss calls me on the train and asks me to visit a customer at the eleventh hour – I could just use my smartphone to turn the lights on in BLS Manor so that the burglars waiting outside my abode would think that it is occupied.
Yes, it’s all good except perhaps if the Internet connected system has a vulnerability in it that potentially leaves itself open to malicious hackers, locking me out of my own system and maybe even enabling the attackers to break into my own home.
Food for thought.