It’s the Smart Meters that matter – or is it?

René Pfeiffer/ March 18, 2012/ Communication, High Entropy, Security

Wired’s Danger Room has an article about how ubiquitous computing and smart homes are eagerly awaited by the CIA to turn your networked environment into a gigantic spy tool. CIA Director David Petraeus very much likes the „Internet of things” as an information gathering tool. Security researchers can’t wait, too. However they have a very practical approach by pointing out the missing security design. Smart homes might be very dumb after all, and they might not be a „home“. If your home turns against you and breaches your privacy, it’s not a home any more. Plus the next „digital Pearl Harbor“ (whatever this means) might start in your refrigerator. Who knows?

This is a very simplistic view on the „Internet of things”. If things automatically turn into sensors and report useful information once they get networked, then why do IT departments spend so much money on monitoring systems, fraud analysis, data loss protection and intrusion detection? Shouldn’t they use the „Internet of things” approach, link everything and shove all queried data into a couple of databases? Well, people do this already, but with limited success. Collecting the data is the first step (provided the interfaces and data formats don’t work against you). Your analysis doesn’t stop there. You have to work with the data and have to apply some algorithms and procedures. You need to know what baselines are. You need to identify anomalies. You need to find meaningful correlations. This is where the hard work will be done. Usually everyone who’s just collecting any and lots of data has no clue what to look for.

Since we are talking about future networks, there are some „what ifs“ involved. What if your part of the „Internet of things” turns hostile or against you? Could the CIA’s (or anyone’s) own smart home be invaded and bugged by attackers? Given the sound and secure design of every single network protocol in the past this scenario is quite likely. True, sarcasm isn’t very helpful, but please talk to security researchers and remind yourself not only to see the advantage of technology in place. If you have to deal with risks, stay sceptical. Cutting network cables is a very efficient filter. Applied to real existing IT architecture it simply means that you have to be careful how your network allows access to and from the Internet or other untrustworthy networks. Networking everything is convenient, but make sure how and design the access controls.

Fortunately you don’t have to wait for the „Internet of things”. While smart homes are still more common in the future, smart phones are already here. The same is true for entertainment electronics which is required to phone home for receiving information about revoked decryption keys. Web browsers are a good start, too. Don’t let yourself be fooled by gadgets and high-tech. If the „Internet of things” was a strategic advantage for the CIA, then Iraq and Afghanistan would probably be the first countries to deploy smart homes throughout the country. Regardless if you are in the espionage, security intelligence or IT business, try to work with existing technology first, then improve gradually.

Share this Post

About René Pfeiffer

System administrator, lecturer, hacker, security consultant, technical writer and DeepSec organisation team member. Has done some particle physics, too. Prefers encrypted messages for the sake of admiring the mathematical algorithms at work.