welcome to the internet of (dumb, hackable, and possibly dangerous) things
Owners of the Nike Adapt BB smart shoe, which laces itself and adjusts how tight it sits on your foot as you exercise and play, got a nasty surprise after updating the app which allows them to configure their shoes’ settings. Instead of fixing a few bugs, the update bricked the shoes as they refused to tighten themselves, which made the peanut gallery wonder why exactly do we need shoes that learn how to tie themselves around your foot when lacing and tying them by hand worked just fine for the last 5,500 years. Certainly there are devices that benefit from an internet connection and adapting to their users’ habits, but in a rush to get into the internet of things space, or IoT, a lot of random and unnecessary things are getting completely needless upgrades controlled by equally unnecessary, harebrained apps.
We can argue that fridges able to detect what food is about to spoil and order replacements to be delivered could keep people from getting food poisoning and save their users time. We can also justify smart thermostats to help make homes more energy efficient. But internet connected t-shirts that act like wearable slideshows? Hackable devices that replace locks and can be opened from anywhere in the world you can get online? Probably not so much. And even if there’s a good argument for an IoT device, there are serious concerns about the companies that make them spying on you via embedded microphones if they so please, bricking the expensive devices if they go out of business, and either shutting down or having severely reduced abilities if your internet connection ever glitches out.
The point is that we’re rushing into the IoT space without considering what data actually needs to be transmitted via the internet, how to transmit it securely, and how to harden them against attackers and prevent critical bugs during updates. Just consider that anyone can easily tune into live camera feeds from unprotected IoT devices and even interact with those cameras and mics, stalking and scaring random strangers, and hackers of the near future could wreak havoc by taking full control of a smart home, and disrupt entire cities grids full of IoT devices. The frequent lack of security in this space allowed massive distributed denial of service, or DDoS attacks through software that infects countless vulnerable IoT devices and turning them into a vast army of bots, or can use them to send out a tsunami of spam.
So, how what can we do to get a handle on unsecure IoT proliferation? Since that it can be a national security and infrastructure risk, as well as enable crimes, it’s hard to consider anything other than full blown regulation as an appropriate approach here. Minimal security will need to be mandated and enforced, devices will need to be audited, and certain IoT implementations would require an official review by experts and the installation of fallbacks and safeguards. Sure, your smart shoes not lacing themselves after a bad line of code got pushed probably doesn’t need to involve government resources. They’re just a symbol of overzealous over-connectivity in the market. But your smart energy devices designed to coordinate with your neighbors’ definitely need some supervision. Otherwise a hacker half a world away could turn off your community’s power during inclement weather and lock you out from turning it back on. And looking at the sheer volume of vulnerability reports and actual hacks and exploits, we’re probably long overdue for this conversation.