Who Left The Door Open?

Edge devices will make the world more manageable, even for the bad guys. It’s time something was done about that.


The list of smart gadgets coming our way is mind-boggling. It’s also frightening.

These devices are really slick and potentially very useful. It’s great that a thermostat can determine if you’re home so you don’t have to worry about it, just as it’s great to be able to vacuum your home when your not there. And it’s nice to be able to schedule a meal that will be on the table when you get home from work or to let a repairman into your garage between the hours of 8:30 a.m. and 9 a.m.

Connected devices can save energy, headaches and even reduce the anxiety in a world in which we seem to fill every available minute of our schedules. The problem is that unless these new devices are fully aware and secure, connecting to the outside world means that the outside world can connect back in. It’s like building a house or bank with screen doors at best, and no doors at worst, and marketing the airflow.

Consider the lowly smart meter. It’s not hard to pick up patterns from this kind of device about when a home is occupied. Energy usage is way down, which means that even if you have the most sophisticated alarm system it’s easy to turn off the master power breaker (who locks their breaker box?) and steal everything.

But why even bother to risk that? Why not just connect remotely through a device such as a connected refrigerator, download credit card information for re-ordering food automatically, and sell that to a global market of credit information fences, many of which are part of international crime organizations. Even worse, many of these organizations share information on a regular basis, so one loophole often leads to a mass invasion, which is why we’ve seen so many breaches of a similar type in the past few years.

There is certainly a good business case to be made for vendors turning their devices into connected devices. Pricing pressure on dumb gadgets—the ones that only do what the factory lets them do, not what you program them to do—has been under pressure for years. Adding a screen and some sort of connectivity, whether it’s wireless (NFC, RFID, WiFi, LTE) or even an Ethernet cable can boost the attractiveness of a device and therefore the retail price, even if people never use many of the features.

And the reality is that many of those features will never be used. HP’s wireless Envy printer, for example, offered the ability to print a number of news agencies’ daily digest of news directly from the printer’s 2-inch x 3-inch screen. The company disabled that capability recently, but it was an interesting experiment in how to sell more printers with minimal added cost.

The downside is that adding these features is like replacing all the doors with screen doors. These are two-way communications streams, and while the vendors developing these connected devices are keeping pace with market trends, they aren’t keeping up with the security risks that accompany them.

Just as governments rated appliances for energy consumption, such as the ENERGY STAR program, and for safety, such as Underwriters Laboratories, there needs to be groups or agencies that rate devices for secure communication. This isn’t just something that can be done someday in the future, either. If people can’t trust smarter devices, they won’t buy them—especially if they’ve been burned once or twice. And if they can’t differentiate one from the next using standardized metrics, they won’t buy either of them.

This is a market that potentially is worth trillions of dollars, if you believe the analyst projections. And even if you don’t, it’s not a stretch to recognize that smart devices will be the basis of a number of “next big things.” Solving security quickly and efficiently is the precursor to mass adoption, and it’s time this is recognized by industry, by governments, and by global organizations because they all have big stakes in seeing this work properly.