From Pine View Farm

Digital Door Openers 0

If you are considering getting–or have already gotten–one of those web-based digital assistants and have all kinds of internet enabled gadgets and geegaws, you may want to think again. Two researchers at William and Mary have been investigating that stuff, and what they found is not reassuring. Here’s a bit:

For example, let’s say you want to change the temperature of your thermostat. You pull up your smart home app on your mobile phone and tell it to turn up the heat. The app will then write a change to the target temperature variable in the centralized data store. The thermostat device will subsequently receive an update from the data store and change its temperature accordingly. The system works because apps and devices are able to communicate by reading from or writing to variables in the centralized data store.

The problem, Nadkarni and Poshyvanyk explained, is that a data store-based system provides hackers the ability to access all devices in the home, from light switches to security alarms. An adversary can compromise one low-integrity product, like a sprinkler or a third-party lighting app, and modify a data store variable that another high-integrity product, such as a security alarm, depends on. This can have a whole host of unwanted consequences.

This example is particularly telling for us, as we just got a new heating system which includes precisely the sort of function described above.

We opted not to get the app. Dammit, we are not so lazy that we cannot walk upstairs and push a button, for Pete’s sake.

Remember, as manufacturers rush to push out new digital gadgets, security is always an afterthought.

Share

Comments are closed.

From Pine View Farm
Privacy Policy

This website does not track you.

It contains no private information. It does not drop persistent cookies, does not collect data other than incoming ip addresses and page views (the internet is a public place), and certainly does not collect and sell your information to others.

Some sites that I link to may try to track you, but that's between you and them, not you and me.

I do collect statistics, but I use a simple stand-alone Wordpress plugin, not third-party services such as Google Analitics over which I have no control.

Finally, this is website is a hobby. It's a hobby in which I am deeply invested, about which I care deeply, and which has enabled me to learn a lot about computers and computing, but it is still ultimately an avocation, not a vocation; it is certainly not a money-making enterprise (unless you click the "Donate" button--go ahead, you can be the first!).

I appreciate your visiting this site, and I desire not to violate your trust.