{"id":1916,"date":"2016-03-01T09:10:53","date_gmt":"2016-03-01T08:10:53","guid":{"rendered":"https:\/\/www.ofcourseimright.com\/?p=1916"},"modified":"2016-03-01T09:11:54","modified_gmt":"2016-03-01T08:11:54","slug":"the-internet-of-everything-everything-will-communicate-with-something","status":"publish","type":"post","link":"https:\/\/ofcourseimright.com\/?p=1916","title":{"rendered":"The Internet of Everything: Everything will communicate with something!"},"content":{"rendered":"<p>A number of security researchers are <a href=\"http:\/\/krebsonsecurity.com\/2016\/02\/this-is-why-people-fear-the-internet-of-things\/\">getting upset<\/a> by seeing home devices communicate with one another or with random sites in China.\u00a0 Is this an attack?\u00a0 Probably not.\u00a0 But there may be vulnerabilities that can be exploited that should cause consumers pause.<\/p>\n<p>There are two common design patterns.\u00a0 Today I&#8217;m just going to discuss what we call \u201cCalling Home\u201d.\u00a0 When we use the term, we are not referring to your home, but to a centralized management site.\u00a0 In the case of Thing manufacturers, the site is likely offered by the manufacturer.<\/p>\n<p>So you just bought that new digital video recorder and it offers a great new feature: you can program it wherever you are.\u00a0 There are many such devices on the market today, such as a <a href=\"https:\/\/itunes.apple.com\/us\/app\/slingplayer-for-ipad\/id405564910?mt=8\">SlingBox<\/a>.\u00a0 How do those communications happen?<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\" wp-image-1919 alignleft\" src=\"https:\/\/www.ofcourseimright.com\/blog\/wp-content\/uploads\/2016\/03\/rendezvous-callhome-300x172.png\" alt=\"rendezvous-callhome\" width=\"652\" height=\"374\" srcset=\"https:\/\/ofcourseimright.com\/blog\/wp-content\/uploads\/2016\/03\/rendezvous-callhome-300x172.png 300w, https:\/\/ofcourseimright.com\/blog\/wp-content\/uploads\/2016\/03\/rendezvous-callhome.png 741w\" sizes=\"auto, (max-width: 709px) 85vw, (max-width: 909px) 67vw, (max-width: 984px) 61vw, (max-width: 1362px) 45vw, 600px\" \/><\/p>\n<p>&nbsp;<\/p>\n<p>In the figure above, all your home devices sit behind your home router.\u00a0 They&#8217;re generally allowed to connect to systems outside of your network, but systems outside are not able to connect in.\u00a0 In part this is a security feature: your firewall will block incoming connections so that the entire world can&#8217;t attack you.\u00a0 In part, however, it&#8217;s because the systems in your home are only using locally recognizable IP addresses.\u00a0 And since your iPhone moves around, your home doesn&#8217;t know how to get to it.\u00a0 Therefore, a rendezvous service is needed.\u00a0 That&#8217;s what that cloud function is performing, and that is what those curved lines indicate.<\/p>\n<p>The SlingBox on the left may not just be connecting for the sake of communicating with your smart phone.\u00a0 It is probably also doing so for other reasons, such as receiving <a href=\"https:\/\/en.wikipedia.org\/wiki\/Electronic_program_guide\">electronic program guide<\/a> information.<\/p>\n<p>In the world of IoT, that is a common design pattern.\u00a0 Devices will need to communicate with their manufacturer web sites for all different reasons, but there is one common and important reason: devices will have bugs.\u00a0 As manufacturers develop fixes, devices will need to learn of those fixes and install them.\u00a0 Every modern-day operating system and browser has this feature.\u00a0 All Things will need these features as well.\u00a0 In fact, one big concern today is what happens when manufacturers do <strong>not<\/strong> offer fixes?\u00a0 Then those vulnerabilities are out there for anyone to exploit.\u00a0 This is a big problem in the developing world, where consumers often buy devices on the secondary market, long after manufacturers have intended them to be retired.<\/p>\n<p>Could a device transmit private information to a manufacturer?\u00a0 Sure.\u00a0 In fact, Samsung <a href=\"http:\/\/www.cnet.com\/how-to\/samsung-smart-tv-spying\/\">got caught last year<\/a> through their dreadful privacy policy where their televisions could have been listening and reporting conversations.<\/p>\n<p>Here&#8217;s the rub: without extensive analysis, it&#8217;s hard to know exactly what is being exchanged between a device and a manufacturer.\u00a0 Encryption will keep observers from seeing what is being exchanged.\u00a0 At the same time, a lack of encryption would be as or more risky to consumer privacy.<\/p>\n<p>When devices are able to communicate <strong>at all<\/strong> it is possible that they will be compromised.\u00a0 It\u2019s important to understand that there are risks with each Internet-enabled device.\u00a0 But it\u2019s also important to consider any benefit the communication will have.\u00a0 A refrigerator or a heater that knows it is in need of repair can have a manufacturer contact the owner, for instance. That\u2019s worth something to some people.\u00a0 Judge the risks for yourself.<\/p>\n<p>What should the best practices be in this space and what should consumers expect in products?\u00a0 More on that over time, but feel free to answer those questions yourself for now.<\/p>\n<hr \/>\n<p><small><small>iPhone image courtesy World Super Cars on Wikipedia.<br \/>\n<\/small><\/small><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Things will communicate to their manufacturers, and they need to do so to be secure.<\/p>\n","protected":false},"author":172,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[87,9],"tags":[517,511,496,516],"class_list":["post-1916","post","type-post","status-publish","format-standard","hentry","category-internet","category-security","tag-call-home","tag-iot","tag-security","tag-things"],"_links":{"self":[{"href":"https:\/\/ofcourseimright.com\/index.php?rest_route=\/wp\/v2\/posts\/1916","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ofcourseimright.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ofcourseimright.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ofcourseimright.com\/index.php?rest_route=\/wp\/v2\/users\/172"}],"replies":[{"embeddable":true,"href":"https:\/\/ofcourseimright.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1916"}],"version-history":[{"count":4,"href":"https:\/\/ofcourseimright.com\/index.php?rest_route=\/wp\/v2\/posts\/1916\/revisions"}],"predecessor-version":[{"id":1926,"href":"https:\/\/ofcourseimright.com\/index.php?rest_route=\/wp\/v2\/posts\/1916\/revisions\/1926"}],"wp:attachment":[{"href":"https:\/\/ofcourseimright.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1916"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ofcourseimright.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1916"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ofcourseimright.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1916"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}