Privacy by Design Is Crucial to Avoid IoT Disasters

If anyone doubts that Privacy by Design is not a fundamentally important principle, consider these two recent articles.

This Wired article describes a hack being detailed at the upcoming Defcon conference that can easily read and type keystrokes from wireless keyboards that are not Bluetooth. So you might want to consider replacing any non-Bluetooth wireless keyboards you have.

Security expert Bruce Schneier wrote this article entitled The Internet of Things Will Turn Large-Scale Hacks into Real World Disasters that explains the IoT risks. The fundamental problem is that not enough attention is being paid to security for IoT devices. This leaves a door open to situations where a hacker can, for example, easily get in to your thermostat and then use that as a connection point to your network. Cory Doctorow of Boing Boing refers to this as a coming IoT security dumpster-fire.

Bruce describes it this way:

The Internet of Things is a result of everything turning into a computer. This gives us enormous power and flexibility, but it brings insecurities with it as well. As more things come under software control, they become vulnerable to all the attacks we’ve seen against computers. But because many of these things are both inexpensive and long-lasting, many of the patch and update systems that work with computers and smartphones won’t work. Right now, the only way to patch most home routers is to throw them away and buy new ones. And the security that comes from replacing your computer and phone every few years won’t work with your refrigerator and thermostat: on the average, you replace the former every 15 years, and the latter approximately never. A recent Princeton survey found 500,000 insecure devices on the internet. That number is about to explode.



  1. Another aspect of the problem is that the people inventing IoT apps are fascinated by creating connectivity and control, but often know nothing and care nothing about security. They don’t think about the risks even of their own devices, much less of the impact of networking them with others.

    A study discussed at an ABA meeting a couple of years ago found that a huge proportion of the vulnerabilities of IoT devices had been known (for computers) for years, and many had well-known patches … but the people creating the devices had not spent the time to look.