Wednesday, October 26, 2016

IOT, Connected Devices and You

I thought the Internet of Things was supposed to make life easier and simpler? Just ask Alexa (Amazon Echo) to turn on your music, add things to your shopping list and order them for and even tell you a joke. There are adverts on TV suggesting we turn our homes into smart homes so we can monitor our energy usage. We're encouraged to monitor our fitness with Fitbit devices and Apple Smart Watches. There's everything from a connected toothbrush to make sure you're brushing your teeth properly to a connected babygro that monitor your baby's heart rate and other vital stats.

Turns out we're just making it more complicated than ever - security being the thing about all this stuff that feels the most complex to me.

You've probably already heard that the DDOS attack that put out a whole bunch of websites last week was caused by security weaknesses in connected devices or 'internet of things' allowing a massive botnet to be created.You may say, oh, that's not me. I wouldn't be affected by something like that! I don't have an Amazon Echo or a Nest thermostat or anything like that.

Except, you could be affected. It's not these fancy, high-falluting new gadgets that aided the attackers. The list of devices that were used to propagate the Mirai virus includes printers, routers and TV receivers. How many of us have those in our homes and offices and don't think twice about it? Hmm.

As Benedict Evans said in his newsletter last week where I picked up on this story (you can sign up for it here), "A network designed to withstand nuclear attack, brought down by toasters". He's not far off the mark there. 

I hope someone is working on a solution to help normal people get their heads round this stuff to make it easy to manage our digital lives. I'm already boggled by the amount of passwords, settings, app updates and other online admin I need to manage. I don't want more of this stuff. I want less. How about you?

And how do we raise the profile of security issues like these to make them accessible to the general public and to make it a no-brainer to set-up and manage and lessen the admin burden?

More on the DDOS attack here and here.