Whenever I hear about the Internet of Everything, I find myself somewhat conflicted. There’s no doubt that it is the new “mega trend” in technology, but at the same time I wonder how secure it is. Let me explain.
When a company creates a smart device, they not only need to create the hardware for the device, they also need to write the software for it. This is not a simple task, particularly for complex items. Take, for example, a modern car. Think of all the features it has: distance assistance, lane assistance, and even notification of emergency services if I crash. It can even compile various statistics about how I drive and compare it to other drivers of that model.
All this results in a very large amount of software that needs to be written. A modern car has more than 100 million lines of code. This is more than double that of an office suite like Microsoft Office (45 million); or seven times more than that of a Boeing 787 Dreamliner (14 million). More code not only means more features, but also more opportunities for various security flaws and vulnerabilities.
Software vulnerabilities are something that, unfortunately, we’ve learned how to deal with. Software vendors all over the world regularly send updates to their customers; smart devices should be no different. All of my cars in the past decade have received regular updates, including changes in their steering. Given how on the autobahn, 140 miles per hour (or 225 kilometers per hour) is normal cruising speed, it’s rather important that there be no blue screens of death in these situations.
We already know that vulnerable devices are under attack by cybercriminals. For example, routers are under attack all the time, and can be quite easily compromised. We need the vendors of smart devices to realize that their products, too, can become targets. Security vendors like Trend Micro will do what we can to protect users, but it’s better for all parties that smart devices be as secure as possible in the first place. Not only must the vendors of these devices try to develop their products in line with sound security practices; they must also test these devices so that they stay safe in the face of new threats.
More of my thoughts on the Internet of Everything are in the video below: