Bob here, at the annual Sophos Americas Partner Connections conference.

For those of you not familiar with Sophos, a quick explanation.  We’ve been a partner with Sophos for about 5 or so years, relying on their AV software and other tools for endpoint (workstation/laptop) protection, web controls, encryption, etc.  Here’s a quick video that fairly well defines their approach:

There’s a whole new world opening up in terms of network connectivity.  If you’ve heard me talk about upcoming IT trends you’ve heard me talk about it in terms of security (hackable toilets, for example).

Last night brought some of the issues home.  James Lyne, Global Head of Security Research and apparently founder of the “Seriously I like Tweed Jackets Society” spoke last night, and brought the issue to a new level (from my perspective, anyway).

By now you’ve probably heard Cisco’s “The Internet of Things” marketing pitches.  Good ads, and they talk about all of the devices that are now communicating across the network and internet.  From refrigerators to surge protectors, big and small.

The manufacturers of these devices, of course, are driven by traditional market forces.  Get the product out quickly, make it easy to use, and keep production costs low (both in terms of cost and development time).

Adding security to a device will only add development time and cost, by the way.  And we’re in a market where time and $ both are costly attributes, especially when you’re in a race to get out in front.

So, here’s the bottom line. 

  • If there’s a device that can be “seen” from another device (web site, mobile device app), it’s hackable.
  • If this device didn’t require for you to enter an account name/password, it’s probably wide open and very hackable.
  • If this device did require for you to enter an account name/password, but you didn’t change the default, it’s probably wide open and very hackable.

And in some cases, the results aren’t pretty.  As an example, James demonstrated a surge protector that allowed users to remotely turn off the attached devices (think turning off the lights at home from work).  Pretty cool, eh?

Well, a couple lines of code pushed to the device, and he had it turning off and on up to 100 times per second.  And he discovered (not during his speech, but earlier in the day) that some items (light bulbs) will actually explode when you do this.

Some other example of this new “The Internet of Unsecured Things”

  • There are web sites that will actually help you find unsecured web cameras
  • Some of these web cameras are security cameras that are used to watch stores as the clerks handle credit cards and enter information into the registers that, thanks to high-def, are completely recordable and retrievable.
  • Mobile devices (more the Android than the iPhones) can be exploited so that the camera, microphone and stored files are all at risk.
  • Tools are now available that will gather information about all wireless devices (think phones) that are simply in a room.  To demonstrate this, Mike flew a quadcopter over the room packed with about 500 of us and then revealed a workable list of all the devices.

Sound familiar?  It should.  We went through a similar time back in the 90’s through early 2000’s, when it was more important to add the connectivity to our computers than it was to secure that connectivity.

But the stakes are higher.  Back then the amount of money that was dependent on the proper flow was chicken feed compared to now.

But also the risk was all digital.  We didn’t have the connections to the real world.  Think about it.  Refrigerators.  Cars.  Surge Protectors.  Home Security.  Cameras.  The value of connecting and controlling those devices?  Yes, but also the risk of giving connectivity and control of those devices to a bad guy.

It’s going to be an interesting next couple of years folks.

But we’ll be there with you!

Want to hear more?  Check our our free lunchinar next week.  Click here for more info.