The IoT or the internet of things that can be broken into?

14 October 2014

2 comments

Having moved back to Scotland from the relatively balmy climes of New Zealand my thoughts turned to heating and heating efficiency as I loaded the 10th barrow of fallen leaves into the composting heap signalling Autumn was here.

Like most people we have a gas combi boiler that controls water and heating run off a thermostat rather nicely installed in the coldest, most inaccessible part of our hallway. I decided, being a digital native, that surely things must have moved on. And so they have - Hive, Nest, Tado, Heatmiser are all new breeds of WiFi enabled 'smart' controllers which offer almost mind reading capabilty to control your heating, save money and be more comfortable. You might laugh but most NZ houses don't have any heating at all never mind a boiler and radiators!

Having previously worked on Smartmetering and experienced the security challenge they were at the start, and with my usual black hat approach, I did a bit of research. What I found was quite startling, particularly on the ones that require you to essentially open them up via your broadband router to port forwarding. Assuming, and this is a long shot, that you change the default password you've got a little bit of protection. Not a lot, a little. If you do a quick portscan on the specific port using the default credentials you get a scary number of open thermostats, in peoples' houses, connected to their networks. Some are better than others and as the Internet of Things becomes The Internet of Things That Can Be Broken Into I worry about some of the future risks that will be opened up in the name of convenience.

The one thing that does resonate with me is that it goes to show how all-pervasive these sorts of problems are and why cyber security is such an important topic to keep front of mind. While you might not think it's a specific risk to you even something like this could be impacting, annoying, expensive and difficult to sort out should the worst happen.