Depending on your outlook, the Internet of Things (IoT) is either an exciting frontier that promises to embed smartness into a world of unforgivably dumb objects or a gilded cage of expensive proprietary technology whose security standards we must take on trust.
Judging by the IoT products making their first appearance on the stands at this week’s Consumer Electronics Show (CES) in Las Vegas, the industry is still careering gleefully towards the latter.
It doesn’t help that some of the press releases read like a cross between an entry from a novelty innovations catalogue and an early April Fool’s Day.
Take L’Oréal’s “under $200 (around £160) bizarre haptic Hair Coach (pictured above), whose spec sheet reads more like a new smartphone than something for hair. Incorporating a microphone, accelerometer and gyroscope, it uses Bluetooth and Wi-Fi interfaces to transmit data on how effectively users are brushing their hair to an app that analyses dryness, tangling and technique.
It’s easy to be flippant but you could just brush your hair. Could – would – someone hack such a device to steal sensitive data on split ends? We found no mention of security anywhere.
Then there’s the 360 Smart Bed, which helpfully adjusts its body support throughout a person’s sleep cycle. They’ve thought of everything: if you snore, it tilts the head upwards to aid breathing. It even has a foot warmer, while the app (pictured above) offers you data about your hours abed.
Then you read about the “intelligent biometrics” that tracks heart rate, breathing and body position, all piped to (of course) a smartphone app and you wonder whether it’s a good idea that it synchronises with thermostats and fitness trackers. Security? Doubtless it’s a well-sprung Fort Knox but that bit seems to have dropped off the press release.
This is CES, so it would be remiss not to namecheck Samsung’s Family Hub 2.0, also known as a fridge. Invented as long ago as 1999, internet fridges now have version numbers and are called “hubs” because they have become information nerve centres as much as places to keep things cold.
This one has internal cameras, voice control and an interface to the MasterCard Groceries app for easy ordering. It knows what people are eating more surely than any supermarket.
Security researchers have been picking at security flaws in smart fridges for years, including in Samsung’s. It’s not that anyone nasty is attacking them yet – they are too few in number to be worth it – more the earnest hope that fridge makers realise that’s coming.
Anyone who fancies a holiday from all this IoT might want to look way as we mention the breezily Orwellian Ocean Medallion from cruise giant Carnival Corporation.
Ostensibly a wearable device to ease keyless room entry and on-ship purchases (it connects to credit cards), the Medallion does other clever things. Families can find each other on very big ships and even gamble using it. Waiters can find out about customers – including optionally being connected to their social media profiles – using an iPad app.
It all comes down to a simple question, says the New York Times: “Do passengers really want to sacrifice privacy for personalization?”
Perhaps they do but it doesn’t appear that anyone is asking for permission. And if they were asked, would customers understand the importance of where all this personal data ends up?
Beyond startups with their amusing gadgetry (smart trashcan anyone?) the world of IoT increasingly turns on big organisations who want to make it easier to transact on their terms while handing over the personal data that builds wider market power.
After a year when cybersecurity anxieties started warping the world in all sorts of odd ways, perhaps the ironic pleasure of CES has become how it reminds us of the old world, not the new.
One comment on “All that glisters is not security gold at CES in Las Vegas”
Internet fridges may not be plenty, but they’re still a big risk:
The components and software used are most likely largely industry-standard IoT devices. Which means that they’re vulnerable to some of the same hacks that your doorbell and TV are. I would be willing to bet that there were some fridges in that massive IoT botnet DDoS last month.