Opinion

How the Internet of Things could wreck your cloud

The boss of a top cloud vendor made a shocking confession the other day. He’s got no faith in IT. In fact, he’s not even sure whether he actually believes in any of it.

This from a man who made billions selling technology to the Fortune 500!

To be precise, he said he is “IT agnostic”. That literally means he isn’t sure about the existence of IT. There’s no other definition of agnostic in the dictionary. He’s not alone. Every week hundreds of marketing managers make the same startling admission.

So is it that they’re not entirely sure they believe the solutions they flog to their clients exist?

No of course not. They’re not dishonest. They’re simply misusing words they don’t understand and haven’t really given any thought to. Which is a bit rum in an industry where communications is at the heart of everything, words are the tools of the trade and content is king!

What does that even mean? Content is king? What, like Mad King George?

And yet, somehow, they always manage to convince us to migrate into new territories. Now they’re seducing people into giving control of their lives to machines and to surrendering all their personal details to every spy, hacker and con man in the world.

Given how much data is compiled about us as we use our computers, I’m amazed that anyone would ever volunteer any information about themselves that they don’t have to. Hasn’t the social contract been broken too many times for anyone to trust anybody’s free app. Surely there’s a massive market opportunity for any company that gives you some kind of private IT service that isn’t shared with the entire world.

Possibly, but maybe it’s too early yet. You would be swimming against the tide of public opinion because currently the general public is going bonkers for wearable technology. According to a survey by Vouchercodes.co.uk, the top coolest gadgets to surrender your privacy to are Google Glass, Kiwi Move, iWatch, Pebble SmartWatch, iFit Active Band, Sony Core, Lumo Lift, Sensoria Fitness Bra, Occulus Rift and the Mimo Smart Baby Monitor.

There are many parallels with the Internet of things (IoT) here. Surely, by hooking ourselves up to the Internet, we are making problems for ourselves in future. We’ll then have to pay another group of experts to plug the exposure that nobody warned us about when we bought it.

We have previously looked at how the IoT could be a gift to criminals and terrorists because it will create an army of dumb devices that can be hijacked and used against us, but now even more security folks are queuing up to have their say.

“The poor security of smart devices makes them prime targets for exploitation, DDoS attacks and malware distribution,” says Catalin Cosoi, chief security strategist at Bitdefender.

Once the damage is done, there will be no going back. “Most of these devices can only be patched for security via the internet, once exploited they may remain compromised forever,” he says.

The unpredictability that comes with insecurity will affect the cloud computing service provider, says Matthew Finnie, CTO at Interoute. ”The ability to respond to peaks but scale down without penalty will be key,” says Finnie. This is something that many cloud operators don’t have now.

Similarly, there must be hundreds of ways that wearable technology can make people less secure. Surely the augmented reality of Google Glass creates the opportunity for mass mesmerisation of the most gullible sections of the population. If they can be persuaded to put those stupid glasses on, imagine what else they can be instructed to do.

Similarly, once people start documenting their every movement for Kiwi Move and Sony Core, it won’t be long before confidence tricksters have all the information they need to start hatching evil plans.

Could Lumo Lift (a posture corrector) be hacked in order to give people information about your mood swings? After all, posture is linked to your confidence levels – if crooks can work out how your confidence wavers over time, they can work out the best time to attack you.

The anti-terrorism laws gave councils all kinds of powers of surveillance that they could abuse. So even an innocent sounding product like Mimo’s Smart baby onesie could become a liability. This is baby suit that monitors a baby's breathing, skin temperature and sleeping position and transmits the info to a smartphone app. It sounds lovely – but how cynically could this be exploited by some grudge-driven, target-obsessed, swivel-eyed lunatic from your local authority?

Who knows? Nobody does really, because all the horrors of the IoT and wearable technology will only emerge at some stage in the future.

Lawrence Garvin, head geek at SolarWinds, says wearable tech can be divided into two camps – both of which could be dangerous.

One group of devices monitors the state of our body – our location, direction and movement – and may share that information with other devices. The second group assists the body and may even control its physiology.

“Both can be susceptible to intrusions and usurpation,” says Garvin. While the first might not do any direct physical harm, it could be capable of doing so indirectly. The device may provide inaccurate information that results in an inappropriate voluntary response on the part of the wearer. Or it could give inaccurate information with another device, resulting in an inappropriate response from another device.

The second group is more dangerous. For years it’s been possible to remotely monitor cardiac management devices, such as pacemakers. Imagine the catastrophes that’ll result when someone learns to infect these with malware or hijack control of them?

“Wearable devices and the Internet of Things may well be one of the most significant dichotomies of the moment,” says Garvin. The technology has existed for dozens of years but the entire realm of inter-device communication is totally untested and should not be trusted without the appropriate security.

Most wearable technology has some sort of location mechanism built in. This could cause us all a lot of grief in the near future, warns Mark James, technical director at ESET UK devices. “The constant updates with real time location feedback [means anyone can] track the user and record movements,” says James, “this may lead to an increase in targeted attacks based on location.”

When the horrors do emerge, there will be a massive demand for security solution providers to come round and fix all our problems. They’ll be treated as liberating heroes. Just don’t say you’re IT Agnostic. Who is going to trust you if you don’t believe in the technology? It was the agnostics who got us in trouble in the first place.

This was first published in March 2014

Join the conversation Comment

Share
Comments

    Results

    Contribute to the conversation

    All fields are required. Comments will appear at the bottom of the article.