Security of all Things Internet


Security expert, Bruce Schneier, did this podcast which can be summed up in two words: interesting throughout. The term Internet of Things (IoT) refers to objects around us that “talk” via the Internet. While this opens up opportunities (your fridge tells Alexa that the milk is running out, who then tells you, and you then tell Alexa to order some milk), it opens up security risks all around.

The root cause for these security risks, explains Schneier, is as simple as it may sound horrifying today: the Internet was never designed with security in mind! Because it was designed for mostly inconsequential usage, and only by academics at that. In other words, it was a conscious choice to not care about security. And boy, have those chickens come home to roost today.

Ok, but why can’t security be incorporated today? Aha, there are many reasons:
1)      Complex systems are inherently hard to secure. Your smartphone is a highly complex device. And supply chain security is very hard, since it involves too many actors in the chain. See my earlier blog on that.
2)     We love things that are free. But software that addresses security vulnerabilities costs money.
3)     Even if you cared, there is no data available on which devices are more secure. In an age where people file reviews on everything else under the sun, what does that say about us?
4)     Software patches aren’t easy to roll onto existing devices. So most of the time, we get those patches only when we buy the next phone! Now think how long you keep the fridge and you get the number of fixes it never got. So we need a mechanism to roll out patches automatically. But everything runs on Android but Google doesn’t own the hardware, so good luck coordinating such things between Google and pretty much every manufacturer in the world.
5)     There is no financial penalty when data is breached. Think Marriott or Facebook. All they face is bad publicity, and public memory is short.
6)     Industries, like people, don’t learn from others. The PC industry learnt the importance of security in the 90’s. The IoT industry operates like that never happened. It may also be because most founders of IoT companies weren’t even born back then!
7)     And lastly, as software moves into already regulated industries like cars and medical devices, the regulations in those industries need to be updated. And you know who frames regulations, right? Yup, the government. So good luck updating anything owned and framed by the government.

Picture sound too gloomy? Schneier agrees, and fears things will change only when something catastrophic happens. Like somebody doing what the title of his book talks about: Click Here to Kill Everybody.

Comments

Post a Comment

Popular posts from this blog

Student of the Year

Image
As a toddler, my daughter loved Alia Bhatt’s songs, esp. the ones from Student of the Year . (That movie did have many good songs and well-choreographed dances). Fast forward to present day, when she is 12 yo. She rarely watches Hindi movies now, but one of the few ones she likes of late, Raja aur Rani ki Prem Kahani has, yes, Alia Bhatt.   If I had any hopes that there was anything to be read in the name of her toddler-time favorite ( Student of the Year ), they have been dashed. Our conversations come exam time are perfectly captured by this photo and its caption: In fact, the pic below captures how she and I look at her answer sheets – me intently, she with an expression of “It’s over, so why are you even looking at it?”   Of late, we pull her leg and tell her that she isn’t showing any signs of academic prowess, she’d better find a rich guy to marry. Some time later, she showed us this meme on the Internet: “Me No Study, Me No Care Me Go Marry Millionaire If He Die
Read more

The Retort of the "Luxury Person"

Image
Coming up with biting and witty retorts. It’s something we dream of, but rarely manage to pull off. Worse, the more we stew over the offending remark, the more likely we are to come up with that dream retort, as Calvin ruefully points out: During our last holiday at the Taj Resort, seeing my wife carrying towels to our poolside chairs, one of the kids there mistook her for a member of the staff and asked for a towel. When my wife narrated this to us, I did not imagine that my 8 yo daughter would come up with her own retort. But a day later, my daughter recapped the incident, an incident that didn’t even involve her in the first place , and said, “You know what I’d have told that kid who asked for the towel?”. And without waiting for an answer, she told us anyway: “I don’t work here. I too am a luxury person who is living at this resort. Go get your own towel.” We were highly amused by the phrase she had coined: “luxury person”. It certainly captures the kind of holid
Read more

Animal Senses #7: Touch and Remote Touch

Instinctively, we think touch is based on contact. Not entirely true, explains Ed Yong in Immense World – there’s a more important aspect than contact: “These incredible feats are possible through movement. If you rest a fingertip upon a surface, you can get only a limited idea of its features. But as soon you’re allowed to move, everything changes. Hardness becomes apparent with a press. Textures resolve at a stroke.” As you run your fingers over a surface, they hit the tiny peaks and troughs and set off vibrations in the mechanoreceptors at their tips.   At the tip of its snout, the star-nosed mole has many pairs of hairless appendages. It uses them to touch things around itself. Alive or dead? Food or ignore? It does these movements at an insane speed. In the time it takes to blink our eyes, the star-nosed mole can probe, identify and swallow its food. “Light may be the fastest thing in the universe, but light sensors have their limits, and the star-nosed mole’s sense of
Read more