IoT: We're serfs and pawns

IoT is the perfect set of soldiers, and people unwittingly keep deploying insecure devices that allow others to listen to and report on us

There is a huge problem with the ugly Internet of Things (IoT). Many IoT thingies have the security of wet tissue paper, and they’re being used in large swarms and masses to wreak havoc.

A colleague of mine, Stephen Satchell, says misbehaving IoT devices should bear the full front of the Consumer Product Safety Commission and be recalled, every last one of them. 


Why won’t this happen? Let me speculate.

It’s because our own government, that is to say the more covert parts of the U.S. government, has its own cadre of botnets and control vectors that allows them interesting windows into foreign lands. 

+ Also on Network World: The IoT is uranium +

That’s right—the U.S. uses them for its own nefarious programs, and to stanch them would close their own windows into all of the lands where Internet of Thingies are deployed as hapless listening points across the entire planet. 

The U.S. doesn’t need any of those expensive stinking satellites that can track armadillos in Brazil. It doesn’t need those radiation-savvy eyes in the sky. It doesn’t need spooky guys in cafés in Munich. It can simply use a road cam in Kiev, Moscow, Guanzhou, Kowloon, or perhaps near The Long Bar in Singapore. 

If you think about it, IoT is actually the perfect set of soldiers—fueled by someone else’s power, deployed in every country the planet—and people will unwittingly keep deploying our spy soldiers with weak embedded security certificates, easily documented and cracked backdoors, fully capable of just listening and reporting, like good spies should—and with absolutely zero costs of deployment. 

Using “big data” sorting techniques, all of that phone-home bot data becomes the crux of just sorting for interesting traffic, vectoring the source and focusing on the interesting targets. If Edward Snowden taught us anything, it’s that powerful software is available to sift through the mega-haystacks to find the needles of importance.

And that, gentle reader, is why this Pandora’s Box of IoT devices isn’t going to be quickly stanched or recalled by the U.S. government, or so is my estimation. 

Yes, we are tools, and also perhaps—fools.

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2016 IDG Communications, Inc.

IT Salary Survey: The results are in