Don’t let security ‘shock stars’ ruin M2M
Have you noticed how Security seem to think they’re the new rock and roll now?
Not in a good way, sadly, says Nick Booth. They’re not all into wild parties and devil-may-care attitudes. Today’s IT security is like the Bono/Sting era of rock and roll, which is increasingly pious and sanctimonious. Anyone can become a security ‘shock’ star, as long as you can pick up on a riff and shout loudly enough from a stage to frighten the bejeebers out of the older generation.
Once you’re raking in the millions, you can jet around the world, lecturing people about everything from home automation to global warming.
Naturally, the deference shown to these Shock Stars soon goes to their head. Instead of trashing hotel rooms, they tour cyberspace, inhabit other people’s blog spaces and trash their editorial property.
“This is the possibly the worst security advice I’ve seen on a security blog,” reader S.A. wrote under one of my columns recently. Was I upset? Hell, no! If a Shock Star pays you a visit and takes time giving you their signature insult, that’s one of the highest compliments you can be paid in this business.
What he (it’ll inevitably be a he) was saying, in effect, was that he’s read my column right the way through. The ‘advice’ that he’d got the wrong way around was at the end of the piece! Let me tell you, it’s a massive achievement to hold anyone’s attention in the digital age, let alone the addled thought processes of a Shock Star.
Since Security became the new rock and roll, a whole new genre of Shock Stars have taken to the stage and launched careers. As ever, they all seem to have similar influences and all seem to be singing from the same song sheet.
I mention this because a number of leading lights in the machine-to-machine (M2M) world have come under fire for sins against security. Motorola, for example, has been heckled for ‘exploits’ on its outdoor security camera range, the Motorola Focus 73. Its lapses inspired a range of pious protest songs about firmware, default passwords and the lack of encryption.
The story goes that Motorola security cameras could have been hijacked by malicious hackers who could have surveyed the people who were actually running surveillance. To quote a line from the “Turning Tables” report (by corporate rock star Adele), “I can’t keep up with your turning tables [so] I won’t let you close enough to hurt me.”
Having had a massive hit with that, the Shock Stars all followed up with another howl of outrage, this time over the fact that a group called The Researchers found an insecure children’s toy made by Fisher-Price. The toy is a teddy bear and watch combo designed to help parents keep track of their kids’ movements over GPS. But not in the eyes of The Researchers, who released an anthem called Hackers: You Turned My Teddy Bear Into a Demon Toy.
Sadly, this was another smash hit protest song about the Internet of Things.
Now, don’t get me wrong, it’s possibly a bit remiss of the developers employed by Motorola, who unwittingly made it easy for potential hackers to get a home network’s Wi-Fi password and take over the pan-tilt-zoom controls. The developers created a private Wi-Fi security key that ended up being transmitted unencrypted over an open network, using only basic HTTP authentication with the username as ‘Camera’ and the password as ‘000000’.
Well, we’ve all done that haven’t we? I’m rather fond of Motorola, since my cousin worked there for a long time creating mobile systems and loved it. I imagine those poor developers working for them were in a rush to complete this task and move on to their next multi-million pound gig. The developer has now released a follow-up to its original release (entitled I’m Gonna Update Yo Firmware!)which seems to have silenced the aggrievance (I believe that’s the collective noun) of Security Shock Stars.
Maybe, the lesson to be learned from this is that M2M is going to be huge and there’s massive pressure to tour the world playing massive arenas. But it might be a good idea to slow down and take stock before you move on to the next big gig. Otherwise, nobody will ask you back for an encore.
The author of this blog is freelance IT and communications writer, Nick Booth.
Comment on this article below or via Twitter: @IoTNow_ OR @jcIoTnow