You Actually Own Your Device, and Other IoT Myths
Last year, Gartner estimated that the number of IoT devices in use in 2017 would, for the first time ever, exceed the number of people on the planet, and by 2020 that number would reach 20.4 billion. So if you don’t have one yet, it probably won’t be long before something you own that’s not traditionally a computing device, is smart.
At F-Secure, we recently released a report called Pinning Down the IoT, where we sounded an alarm about the threat the IoT in its current form represents to consumers. Last month, Interpol urged the public to protect their IoT devices. To follow up, our latest podcast episode features a discussion with Steve Lord, a 20-year industry veteran and director at UK security assessment firm Mandalorian. Steve has been working with and hacking IoT devices since before the term “Internet of Things” was well-known.
From smart toys to coffee makers to baby monitors and more, Steve hacks into stuff and figures out how it works – and where it’s broken. In our conversation, he discusses everything from Amazon Alexa and Apple Health to what he thinks will be the wake-up call that will get people to realize just how big the consequences of IoT really can be. He also busts three common myths about the IoT:
You own your device, free and clear.
When you buy an IoT widget, it’s not actually yours to use however and as long as you want. IoT products are designed not to run without the services behind them, so when the vendor retires the service, the product is a brick, Steve says. Also, if the vendor issues an update, you may be forced to accept a new privacy policy along with it or lose the service.
“You buy a Sonos speaker…and you spend hundreds of euros on setting up your speaker and your home audio system…and then one day you’re listening to your music, and Sonos says you have to run this update and you have to accept this new privacy policy or we’re bricking your device,” Steve says. “You have the option of accepting a new policy, running an update, or losing access to playing your music.” On equipment you bought.
“People get really upset when it happens, people don’t understand that this was the business model from day one.”
Your data is going where you think it’s going.
Think your data is going to the vendor that manufactures the product? It’s a lot more complicated than that. The brand name on the app-controlled night light you bought, that company has hired another company to run its IoT framework, which is run in the cloud and can be any one of a number of different platforms. This means you as a customer have no visibility over where your data actually ends up.
Consumers are demanding the IoT.
“Most IoT that we have today does not perform a function that anybody has asked for, that anybody has wanted, or does it in a way that it significantly changes anybody’s lives, at least in the consumer space,” Steve says. “Most IoT is a set of solutions looking for problems.” Sometimes, he points out, this is useful for developing demands that people didn’t even know they had, but “a lot of the time it’s just more expensive versions of things that could be done more cheaply and effectively without IoT…More often than not, it’s product management that is leading consumer IoT.”
For more from Steve, including why companies care so much about your data, the positive side of IoT, and the one thing you can do to improve your security if you own an IoT device, listen to Episode 4 here!
Categories