The Internet of Things Still in Development

So, I just read an article on some solar panels with a wifi connection that had a default admin name and password. That’s not news. What is news is that the solar panels were still in development and were mistakenly shipped to customers.

As we plunge deeper into the world of everything having an IP address, this incident highlights a new concern: what impact does improper labeling have on security? What if these were autonomous vehicles (our favorite bugbear) shipped to a dealer? More terrifying, what if these were controls for a LNG terminal or a nuclear reactor? It’s bad enough we have default credentials on production devices, but now we have to consider a mis-shipment of even less secure development devices.

Or, we can start to say “no”. The promises of cost savings and higher productivity need to be placed against a realistic risk assessment. Is saving a few bucks per IP-enabled lightbulb worth the possibility of a major PCI breach? OK, maybe I’m engaging in hyperbole, as well, but it’s no worse than the hyperbole of IoT marketers that aren’t telling the full story of how human fallibility is always a constant, even when we use computers to speed our poor decision-making processes.

We’ve had product recalls before, and we’ll have them again. But IoT ubiquity means a window of opportunity between the zero-day and the day of repair to wreak havoc, mayhem, and unintended accidents.

I’ll raise another concern: what about device interoperability? I know that if I have medication A, I may have to abstain from substance B if I don’t want a horrendous drug interaction. When will we be able to look at IoT devices working with each other and possibly breaking code as a result of such interoperation?

We need to have a Serious Discussion of Things before we have an Internet of Things.

Be Sociable, Share!

Comments are closed.