Tweet
Is there any? I'm sure there are all these health issues taken cared of, or at least they are supposed to be taken cared of, in medicine there's FDA approvals as well as for food, plus medicine goes through several layers of research so we can decide if it's good enough for us. Surely some mistakes happen, some crap passes, but in general it's supposedly working well.
However, there's very little control in my field, which is IT security. You can call it many things these days, I just prefer to call it IT security over security, IS security and what not.
I'm not the one building these walls of paranoia, one of the biggest competencies one must have is to figure out what is realistic, what can be done about it and what should be known but no active measures needs to be taken. In risk analysis, any kind of event can take place, so you need to figure out what are the ones that count and what are the ones that are important, likely to happen, the effect of it etc. So I'm not the one suggesting that a hacker will whistle into a payphone and start the next world war by accessing some old interface simulating a modem, that's not going to happen and it never was going to happen even when they had modem access and bad design.
But a lot of it needs to be future oriented. We can't just come up with design solutions AFTER the fact and fix some gross errors that were known before a product was placed on the market. So let's get to some of the devices that can cause problems.
THe idea is, that a vendor will sell it if people want it. People will want it if they think they need it, if it's cool enough, and they don't think about the trade offs. I argue this should be the responsibility of the vendors or the companies coming up with these products. But I argue these entities do not care so much, if it's "good enough", it is good enough.
So with the assumption that everything that can be hacked will be hacked, and everythign can be hacked, so everything will be hacked. A bit circular logic but I don't think a lot of people will have a problem with this. So when analyzing the risk, we should focus on the effects of it, when the hack happens. What kind of opportunities does it open, what kind of access control we have in general, what is compromised etc...
So the problem is, everything is soon connected. We're having smart homes, everything connected. Our fridges are going to be connected, and it's going to be pretty cool actually when more products will have RFIDs, then again that presents huge problems of privacy as well as security issues, but it's still a pretty cool thing, and because it's a cool thing, we will see that soon. There's some already I figure but the idea will be fully implemented at some point. For example, you put your products in the fridge, so the fridge will know what's in it. 6 bottles of beer, butter, eggs. The fridge can identify the products via RFIDs. So it can then not only tell you what you have, it could let you know what you need to make some dinner or what ever. It can tell when a product is going out of date and let you know as well. It can be programmable, so you can watch your diet, it can tell you waht to get out of the fridge and when. It can even make you a shopping list, based on what you have, what you need to get so you can follow your diet or you can have it suggest what you might like, kind of like TiVo. You can store recipies in it, there's TONS of things you can do with it once you can enter information in it and once it can recognize what is in it. You could even schedule it to order food from internet shops, when you're low on something you really like, it'll just place an order automatically if you want it to. This is definitely not sci-fi or unrealistic, we have it right now, or we can have it if we wanted to. Easy.
So that's the concept of smart fridge or smart anything. I'll give you few more products, and then we'll discuss the problem of them and how it relates to general security and who has responsibility over it, when the **** hits the fan, and oh yes, it will hit the fan in some households and I will give you examples...
to be continued.
However, there's very little control in my field, which is IT security. You can call it many things these days, I just prefer to call it IT security over security, IS security and what not.
I'm not the one building these walls of paranoia, one of the biggest competencies one must have is to figure out what is realistic, what can be done about it and what should be known but no active measures needs to be taken. In risk analysis, any kind of event can take place, so you need to figure out what are the ones that count and what are the ones that are important, likely to happen, the effect of it etc. So I'm not the one suggesting that a hacker will whistle into a payphone and start the next world war by accessing some old interface simulating a modem, that's not going to happen and it never was going to happen even when they had modem access and bad design.
But a lot of it needs to be future oriented. We can't just come up with design solutions AFTER the fact and fix some gross errors that were known before a product was placed on the market. So let's get to some of the devices that can cause problems.
THe idea is, that a vendor will sell it if people want it. People will want it if they think they need it, if it's cool enough, and they don't think about the trade offs. I argue this should be the responsibility of the vendors or the companies coming up with these products. But I argue these entities do not care so much, if it's "good enough", it is good enough.
So with the assumption that everything that can be hacked will be hacked, and everythign can be hacked, so everything will be hacked. A bit circular logic but I don't think a lot of people will have a problem with this. So when analyzing the risk, we should focus on the effects of it, when the hack happens. What kind of opportunities does it open, what kind of access control we have in general, what is compromised etc...
So the problem is, everything is soon connected. We're having smart homes, everything connected. Our fridges are going to be connected, and it's going to be pretty cool actually when more products will have RFIDs, then again that presents huge problems of privacy as well as security issues, but it's still a pretty cool thing, and because it's a cool thing, we will see that soon. There's some already I figure but the idea will be fully implemented at some point. For example, you put your products in the fridge, so the fridge will know what's in it. 6 bottles of beer, butter, eggs. The fridge can identify the products via RFIDs. So it can then not only tell you what you have, it could let you know what you need to make some dinner or what ever. It can tell when a product is going out of date and let you know as well. It can be programmable, so you can watch your diet, it can tell you waht to get out of the fridge and when. It can even make you a shopping list, based on what you have, what you need to get so you can follow your diet or you can have it suggest what you might like, kind of like TiVo. You can store recipies in it, there's TONS of things you can do with it once you can enter information in it and once it can recognize what is in it. You could even schedule it to order food from internet shops, when you're low on something you really like, it'll just place an order automatically if you want it to. This is definitely not sci-fi or unrealistic, we have it right now, or we can have it if we wanted to. Easy.
So that's the concept of smart fridge or smart anything. I'll give you few more products, and then we'll discuss the problem of them and how it relates to general security and who has responsibility over it, when the **** hits the fan, and oh yes, it will hit the fan in some households and I will give you examples...
to be continued.
Comment