The motivation to release software, without proper testing, in order to generate a quick buck is as much of a threat to our security and privacy as the activities of hackers and alphabet agencies. It is time that software companies started to pay the price for the sorry mess that their greed is helping to create.
Once upon a time these matters could be considered in isolation but with the “Internet of Things” connecting millions more devices every day we are headed for a world that will have 28 billion IoT devices by 2020.
Consumer concern will not halt the rollout. A staggeringly high number of consumers hold serious concerns about the possibility of their information getting stolen from everyday devices – their smart home, their tablet, their laptop. One would think therefore that this concern would pressure software manufacturers to be more rigorous in their pre-GA testing activities. Not so.
Why? Because so much of this IoT stuff is embedded and consumer awareness is mainly limited to the high profile exposures. Consumers are not hesitating to purchase connected devices because consumers do not know that the devices are connected.
Samsung’s SmartThings smart home platform is a leaky colander of loosely connected hack prone software. IoT security hardening is not just about the particular application but also about building security into the network connections that link applications and that link devices.
And then there is the “Data”. The amount of this stuff that is generated by IoT is intractably large. As few as 10,000 households can generate 215 million discrete data points every day. This creates more entry points for hackers and leaves sensitive information vulnerable.
The number and variety of privacy attack vectors becomes unmanageable very quickly. From the CIA hacking your Samsung TV, uBeacons doing their bit (uXDT & Audio Beacons – Introduce your Paranoia to your Imagination), hackers controlling your car, it’s a worryingly real threat to the personal security and privacy of every one of us.
If the CIA’s Directorate of Digital Innovation (DDI), who are tasked with delivering cyber-espionage tools and intelligence gathering capabilities, cannot even secure their own USB drives then what chance do the rest of us have.
Unfortunately the answer is that we have no chance.