Skip to main content

I'm sorry..... my fridge is spamming you !

i-m-sorry-my-fridge-is-spamming-you-1_935f333ba0e9f227803fc461843e1b654bc78a87.jpg

IoT , Security and you

Its an unwritten fact that with new ideas come a raft of new problems. Every new product has created its own unique problems. Probably the best example is the early car requiring a man with a red flag walking in front to warn pedestrians.

The New Problem

And so it is with the latest another new idea , the Internet of Things which seems to be causing some degree of concern in the tech community over security.

My previous blog IoT 26 billion and counting highlighted the explosive growth that the IoT is expected to see. However whilst researching the blog I saw an increasing number of articles and blogs addressing the security aspects of IoT.

In the beginning

Early days of technology and computers security meant locking the office when you went home to prevent the local villains pinching your stuff. Security these days has taken on a whole new meaning and not just in the work environment . The need for security precautions at home or on mobile devices is becoming more and more necessary , to such an extent that the average user in the street is becoming affected.

Let's pretend

To explore the issues let's assume you are equipping your house with lots of nice IoT goodies all of which are connected to the internet. Your lounge will have a smart central heating thermostat , smoke detectors in your hall way , smart lighting , door locks on your front door and garage and an IoT fridge in the kitchen should just about cover our needs.

All these devices will be monitoring that little piece of your home or life , recording temperatures and setting the heating for when you come home and shutting it down when you go to work. They will know the status of your doors , when they were last accessed and when you come home.
In fact they will probably know more about you than your best friend probably does.

Knock , Knock is anyone home ?

On the face of it this all seems pretty innocuous but this data isn’t confined to your home network , its sent to the relevant company servers and stored , processed and data mined to provide you with the ‘Smart’ features you want , like the learning thermostat or the smoke detector that emails you when the battery needs changing.

Each one of these pieces of information , in itself , is of very little importance however its the synergy of all the data from all the different sources and built up over time that builds a bigger more complete picture.
By noting that your smart lights are off , your thermostat has turned down your central heating and that all your doors and windows are locked its pretty obvious you aren’t at home and by looking at the history of your thermostat setting it would be possible to work out when you are likely to return.
This is akin to hoisting a big neon sign on your front lawn to advertise when you are out.

Who’s data is it anyway?

i-m-sorry-my-fridge-is-spamming-you-2_e101872b6b91462b49a7ed3a79b3d2cc636a5a7d.jpg

If you plug an IoT device into your home network and configure it correctly it will start collecting data and doing its job sending data ‘home’ to the companies servers.
Who is responsible for that data ?
Whilst within your home system it is most certainly you, you will ensure your firewall is correctly configured and that you use the highest level of protection possible.
However once the data leaves your system you are at the mercy of others who may not be so careful.
Vulnerabilities will exist when data is enroute. Your data may be stored in a data collation hub waiting to be uploaded to its final destination and all that time it is vulnerable to interception.

Passing the buck for security responsibility is a major issue.
Who’s responsible if a device gets hacked?
The maker of the device?
The owner?
The hacker?
Who should have secured it?
This type of responsibility needs to be defined.

How serious could it be ?

So what if someone hacks your thermostat , whats the worst that could happen ? I truth probably not a lot , however as IoT becomes more prevalent and is used in new markets i.e cars or medical devices the possibility for actual harm becomes more real.
Its OK for a doctor to adjust a patients pacemaker via the internet but not some hacker who is either out for gain or doesn’t care about the consequences of their actions.

It won’t happen !

I can hear some people saying ‘It won’t be that bad’ , take a few minutes to read the following article Fridge sends spam emails which details how a security company discovered spam messages were coming from 100,000 compromised devices including smart TV's , fridges and media PC's Fridge sending spam .

I’m afraid it is happening already.



I hope you enjoyed this blog , feel free to comment below
I can be contacted at @peterjfrancis

Mechanical & Thermal Consultant, CFD & FEA , mechanical design, electronics hacker , IoT hacker, pilot - full size and RC , motorcyclist
DesignSpark Electrical Logolinkedin