En Guarde!

The “S” in IoT stands for security – as a common saying goes. The recent history of IoT development is paved with absurd examples of security falling by the wayside. One oft-reported tale tells of a Bluetooth-controllable water closet with the pairing code 0000 that could not be changed. Another example is the smart breast pump that unexpectedly turned innocent mothers into botnet operators. But all the horror stories have not diminished the success of IoT. The army of smart helpers in households is growing all the time. Smart lights, smart thermostats, smart ovens, smart sockets, smart coffee machines…

As always: New technology brings the potential for misuse. In the context of IoT, many users do not understand the threat scenario posed by potentially problematic devices. For instance, what would an attacker gain from taking control of a smart washing machine? But things are different if you look at smart blinds and, above all, smart lighting control. Anyone who gains access to your Philips Hue configuration (Figure 1) can see when you are at home and, more ominously, when you are not. This information is a wonderful tool for planning break-ins. Insecure thermostats on radiators can also become a problem; imagine if a mischievous teenager or angry neighbor could turn your apartment into a sauna. If they do this in a clever way and then change the access credentials for the thermostat control center, your heating will keep running at full blast without you being able to do anything about it.