Tuesday, March 17, 2015

An Internet of Things is coming with zero security, and Barbie knows it

It’s the new hype of the moment: The Internet of the Things. And with it, the repeated advices about their lack of security. That’s the dream: electronic refrigerators that tells you when you are running out of milk. Toasters and coffee makers that turns themselves on, while we have a shower on the morning, or house heating or lighting that can be controlled at the distance. The dream becomes a nightmare for fridges, toasters and houses which now can be easily assaulted by viruses and criminals. In case we have not noticed, a perfect example has come to light these days: The new Barbie doll. 

Its name is “Hello Barbie”, and has the ability to chat in an intelligent way with the kids. Here’s how: The device records their conversations through voice recognition technology, then it sends it via wifi to third companies which will process every recording, then the doll would give a customized response. Goodbye, old fashioned prerecorded “Mom, dad, I love you”! The problem, say privacy advocates, is that it does not sound very well that the dolls spy on your kids.

But it certainly sounds like we better get used to it. According to Symantecthe security of those Things we are connecting to the net is null, basically because the companies who made them don’t take security seriously enough. From bulbs to thermostats, smoke detectors or locks, no device analyzed provides mechanisms for client-server authentication. A quarter communicate with the cloud in unencrypted connections, strong passwords are not allowed, there is often no software updates and most have common vulnerabilities in web applications.

A marvel. But they wouldn't be shocked too, considering that life on the Internet is not exactly a paragon of security for most of the population. Nor even their leaders: Panda Security warns that many celebrities are showing their geographic location in the photos uploaded to Instagram. Among those celebrities, the first lady of the United States, Michelle Obama.

Facing so much nonsense, it's a relief that Yahoo! is working on a more secure environment for the users of their mail service. Actually, they have published the source code of a plugging that will allow point to point encryption in communications in the GitHub site recently. Besides, Yahoo wants to leave permanent access passwords to create a new authentication system where your Yahoo account is associated with a phone and a new password every time needed.

We'll look forward to the experiment, because the exponential growth of new services in the network is linked to an increased number of passwords to remember, a task, nowadays, inhumane.


Post a Comment