The heart of the matter
17 October 2016 | 0
While this is generally a family friendly news and analysis outlet, sometimes one has to give in to one’s overwhelming incredulity and ask WTAF?
Irreverent news outlet The Register has reported that the worst offender for piss poor security in an Internet of Things (IoT) device goes to a baby heart monitor!
The site reports that a security researcher, on having his first child with his partner, did what most new parents do: bought whack of loads gadgets to deal with the enormity of the situation.
“Not only could the traffic be easily intercepted, but the sensor could easily be coerced into connecting to another base station”
One of these gadgets was an Owlet set-up where a sock-borne sensor communicates with a base station that then talks to the maker’s servers to allow alerts to be sent to parents’ smart phones.
The researcher was curious as to the workings of the device and investigated. He found that while the base station uses encryption to talk back to base, the sensor itself and the base station communicate by via ad hoc Wi-Fi with no encryption, or indeed, authentication whatsoever. So, not only could the traffic be easily intercepted, but the sensor could easily be coerced into connecting to another base station.
Naturally appalled, the researcher aired his grievances.
But it does lead one to ask, WTAF?
How could anyone leave such a gaping hole in the operation of a network-enabled device?
Worse still, the maker may not have been entirely unaware of the situation. The researcher was led to his investigations partly due to the indemnifications made in the terms and conditions.
It is hard to understand the cavalier attitude that this reveals in general, towards security in IoT devices. Indeed, as recent events have shown, these devices are already being targeted and used for nefarious purposes, not to mention that there are already web sites out there that will allow you to voyeuristically watch people in their own homes through a network of hacked web, closed circuit and various other cameras.
It beggars belief.
Another point that peaked interest, was the nightmare that is the Samsung Galaxy Note 7.
Few with even a passing interest in tech will have been unaware that the very well received Note 7 phablet has developed a nasty habit of self-immolating. Or has it?
According to a story in The Guardian, out of the potentially 1.9 million devices that made it into the wild, only 96 have actually had an issue. Granted, that issue was going spectacularly on fire — two of which were on an airplane, and another taking an SUV with it — but still, that is a staggeringly small percentage to bring down what would likely have been one of the Korean manufacturer’s strongest personal devices this year.
Estimates are that debacle could end up costing Samsung around $17 billion. That is on top of the roughly $14 billion that has been wiped off the market valuation of company in the wake of the embarrassing retraction of the Note 7.
There is also speculation that this could be just the tip of the iceberg, in terms of other manufacturers pushing the limits of current manufacturing techniques and materials in batteries and so we could be hearing of other manufacturers in the future having similar problems.