One Thing To Do Today: That IoT device on sale for Black Friday? Hold off.
There is a joke gaining popularity on the internet. “The S in IoT stands for security.”
The very first twitter reference I can find is in german from @lino, retweeted in english by @showthread. In 2016 put a chip in it took the title from put a bird on it. IoT has pretty much become a joke to security experts. A bad joke with terrible consequences. Companies rushing to spend a around 1 trillion dollars churning out these devices don’t really understand the security they require. Back in 2014 the Nest thermostat could be rooted in under a minute, listening in on your heating habits to find out when you’re likely to be home. This is entirely independent of concerns about that very same company simply shutting down the cloud services that its existing IoT devices depend on. Those cloud services are not secure, anyway.
Need even more help resisting the urge? Imagine the environmental impact of every random disposable thing requiring rare earth materials. Rare earth materials mines are horrific places, frequently in destabilized regions of the world. Forget information security, think actual wars and death. Try making an image from one of these slideshows your desktop for CyberMonday. They’ve gotta be good for a little bit of impulse control.
I am not a luddite. I want us all to be able to have fun things that make our lives easier. If you feel like you just have to join the party now, keep yourself from having a Bad IoT Day by vetting purchases with the following questions.
- Can the devices on my home network continue to do their jobs without a connection to the internet? How much functionality will I loose? What happens if cloud services go down permanently?
- If data gets sent back up to the “mothership” is it encrypted? Can employees access it? Under what circumstances? Who outside the company gets to see it?
- How will my IoT devices get firmware upgrades? How will I be notified one is required?
- Is the software open source? At the very least is there open APIs for the clients? For the firmware?
- Is the hardware open source? Does it use standard connectors?
- Does the manufacturer have a recycling program?
- Has the manufacturer pledged not to use conflict minerals?
For the products that fail these standards, call their customer service lines. Tell them why you didn’t buy. Keep up consumer pressure. Have standards. You and your home are worth it.