The Internet of very insecure things

John C. Tanner
08 Jan 2016
00:00
News
Commentary

In this space last year, I wrote about how the Internet of Things, while overhyped, was still pretty cool, not to mention inevitable, and that 2015 would likely see a lot of IoT activity.

And we did. Unfortunately, some of that activity didn’t come from telcos, service providers or “things” manufacturers, which brings me to one important aspect of the IoT I neglected to mention last year: security.

Put simply, when you enable something with an internet connection, it is beholden to the same internet security issues as a server, laptop or smartphone. Put even more simply: if you can connect it, someone will try to hack it.

See Also

Telecom Asia December 2015 / January 2016

READ MORE

Take Barbie dolls.

You can see this issue’s Backpage Briefing for details, but a recent report from Bluebox Security found vulnerabilities in the mobile app and cloud storage used by Hello Barbie (an IoT version of the doll with a Wi-Fi chip that leverages voice-recognition software and the cloud to enable it to talk back to you) that could allow hackers to eavesdrop on those conversations.

It gets worse. In late November, Hong Kong-based toymaker VTech revealed that profiles of more than 6 million children (and close to 5 million adult accounts) had been stolen in an attack on a portal used to download games to its tablets. The person or group responsible later released select photos, audio and chat conversations created by the kids using the toys.

In July, researchers with security firm Bishop Fox revealed that an Internet-enabled “smart safe” made by Brinks wasn’t very safe at all. According to Wired, they found vulnerabilities that would allow a rogue employee or anyone else with physical access to not only open them, but cover their tracks by changing data in a back-end database that logs how much money is inside and who opened the safe.

Earlier in the year, security researcher Billy Rios found vulnerabilities in at least five models of drug infusion pumps made by Hospira that would enable a hacker to raise the dosage limit on medication delivered to patients.

Related content