Skip to content

Trending tags

Hypponen’s Law and the Future of the IoT

Jason Sattler

17.06.17 2 min. read

“If you plug something into the electrical grid in the future, you will also plug it into the internet grid,” Mikko Hypponen, F-Secure’s Chief Research Officer, said at the launch evening of Vodafone IoT Hackathon at the Digital Catapult Centre in London, before introducing the “law” he has coined to explain the risks of the emerging Internet of Things, which he sometimes refers to as “The Internet of Insecure Things.”

Hypponen’s law goes like this:

Whenever an appliance is described as being ‘smart’, it’s vulnerable

“So here we have a ‘smart’ phone — a vulnerable phone,” he continued. “A smart watch — a vulnerable watch. Smart car… Smart city… You get the point.”

These vulnerabilities, he argues, all stem from a basic fact of computing: If something can be programmed, it can be hacked.

“And in some cases, it may be devices that aren’t traditionally connected to the Internet.”

One example? An IoT mattress.

Yes, an IoT mattress:

“They actually put sensors inside the mattress,” Mikko said. “And then they have an app that will warn you when you’re out of your house if someone is using the mattress without your knowledge in a ‘suspicious’ way. This is a real product. They really are making this.”

So what’s the problem with connecting everything to the internet?

“Last month we found a vulnerability in dishwashers,” he said. “When you connect to the web server on a Miele dishwasher, there would be a Web Server Directory Traversal vulnerability and by using this getScript, you would actually get the password from the system.”

He paused for a moment.

“Let me just repeat the beginning of my last sentence,” he said. “When you connect to the web server on your dishwasher… What? Why would you have a web server on your dishwasher?”

Why, indeed? Is it even for your benefit?

Not necessarily.

“This is the world we’re going to,” Mikko said. “It’s going to happen whether we like it or not.”

Which is why we all better learn Hypponen’s law and prepare accordingly.

Jason Sattler

17.06.17 2 min. read

Categories

Leave a comment

Oops! There was an error posting your comment. Please try again.

Thanks for participating! Your comment will appear once it's approved.

Posting comment...

Your email address will not be published. Required fields are marked *

Related posts

Newsletter modal

Thank you for your interest towards F-Secure newsletter. You will shortly get an email to confirm the subscription.

Gated Content modal

Congratulations – You can now access the content by clicking the button below.