Your computer is important. It has access to your Amazon account, probably your bank, your tax returns, and maybe even your medical records. It’s scary when it gets pwnd, and it gets pwned regularly because it’s essentially impossible to fully secure a general purpose computing device. But the good news is that, at least for now, your computer can’t climb up the stairs and bludgeon you to death in your sleep. The things it manipulates are important to you, but they are (mostly) contained in the abstract virtual realm of money and likes.
The Internet of Things is different. We are embarking on an era where the things we own will be as vulnerable as our PCs, but now they interact with the real world via sensors and actuators. They have eyes and arms, and some of them in the not-too-distant future really will be able to climb the stairs and punch you in the face.
This piece from the New York Times has been getting some attention because it highlights how smart things represent an increased attack surface for infiltration. It views smart devices as springboards into an enterprise rather than the object of the attack, and that will certainly be true in many cases.
I think that’s only part of the story, though. These things are going to be a bridge between the virtual and real. We are building things that will both sense and act across that bridge. Your fancy thermostat might be a relatively unsecured bridgehead into the virtual world of your home network, as the New York Times points out, or it might be how a remote attacker freezes your pipes. This is getting real.
I’m not writing this point to be a fearmonger, but I don’t think the industry is taking the security realities of this transition seriously. It took 20 years before our pre-Internet personal computer operating systems acquired even the rudimentary level of security one would expect for connected machines, and there is little evidence that our connected device security is being taken any more seriously.
In industrial settings, the refrain is “air gap the important stuff.” But nothing stays air-gapped forever. In the consumer IoT, we don’t think about air gaps because that would be contrary to the whole point of making devices smart.
Maybe someday we’ll be able to make silicon design-time programmable and run-time single purpose at a scale that isn’t in the millions, as a way to make all these devices we’re spreading around less vulnerable. But in the meantime, we need to take seriously at least basic security in the devices we are designing and building.