The internet is an incredible thing. When you really think about how it works, this massive, ever-expanding network of devices all talking to each other is astounding. Like a knife though, it’s both a very useful tool AND very dangerous weapon.
Everything is connected to the internet now and consumers are far too trusting in technologies to make their life easier. What they fail to notice, or indeed care about, are the security flaws in the kettle they can control from their smart phone. Technology companies actively exploit this unearned trust to peddle more cheaply developed crap into the homes of consumers.
What consumers probably don’t realise is that the CCTV camera systems, video door bell, or cheap “smart” light bulbs connected to their wi-fi are incredibly insecure. They are probably a part of a botnet, designed specifically to target Internet of Things devices with known hardcoded passwords or vulnerabilities. Then they complain when Playstation Network or Xbox Live is offline due to a huge DDoS attack, orchestrated by a douche bag somewhere, commanding their CCTV cameras, video door bell and “smart” lightbulbs to flood the servers hosting the gaming platforms with garbage data.
Of course having your CCTV system used in a botnet to bring down services on the internet isn’t worse case scenario to most people. What about the creepy guy sitting in his stained Y fronts in front of his old CRT monitor with his box of cleanex, watching you sunbathe in your bikini on your own CCTV cameras? Or watching what you and your better half get up to on the sofa via your internet connected, smartphone controlled nanny cam, while the kids spend the night at their grand parents house. Worrying isn’t it?
So who’s to blame for the situation the internet is in at the minute? Is it the hackers? The technology companies? The consumers? In my opinion it’s all of the above.
The hackers are a diverse cross-section of society. Some of them hack people for financial gain, some for fun and some just to be A holes and show off to their friends.
The consumers need to stop looking for the easy solution, and start thinking about the effect their cheap, insecure devices have on their privacy, their neighbour’s privacy, and the impact on the rest of the world. After all, if your CCTV camera is part of a botnet that targets services as big as PSN, you’re partially responsible for the inconvenience caused to millions of people around the world, all because you didn’t change the password to something other that “password” when you set your new gadget up.
Technology companies don’t do enough to secure their products. Don’t get me wrong. I am well aware that some vulnerabilities in devices arise from vulnerabilities found in widely used services and protocols, such as SSL. The main boggle I have with the technology companies is when they release devices with the obvious and simple weaknesses built-in for the convenience of either the consumer or technical support. Things like hard-coded passwords and wi-fi passwords stored in plaintext in configuration files on devices. These shortfalls in security just play right into the hands of the hackers and make their life easy. They are also inexcusable.
I personally believe the problem is only going to get worse unless the technology companies step up the mark and actually start designing products with security in mind. People might say Apple are obnoxious, self-righteous pricks for locking their HomeKit system down and preventing smaller manufacturers from entering the eco system unless they pay apple for the privilege. In reality though, at least they are bothering to do something to try to address the security issues.
The whole top and bottom of the problem is, consumers are ignorant, technology companies are lazy and hackers are stupid. I say stop making product setup workflows as easy as possible and guide consumers through the process of securing their new gadgets by adding steps like mandatory password changes into devices during the setup process. If the technology companies made the effort, and consumers made the effort, then maybe at least some of the script kiddies out there would give up because of the extra effort involved in continuing to make people’s lives miserable.