As much as we here at ReadWrite are genuinely enthusiastic about the Internet of Things, it’s never been without a heavy grain of salt.
We’ve never been afraid to question, analyze and critique the form and function of connected devices and the biggest ecosphere they inhabit. Unfortunately the recent DDoS attack that affected the East Coast
It’s of no surprise that since I’ve been writing a monthly Hits and Misses column for IoT products, that the misses component pretty much writes itself as technologists and start ups connect more and more devices with the internet. Kitchen appliances in particular seen particularly vulnerable to derision by many, particularly when we talk about kettles and refrigerators.
But it’s worth noting that the recent DDoS attack has been in part, attributed to the vulnerability of certain connected devices including smart appliances and security cameras which has made some question the value of connected devices. The reality is that the market decides what products become connected to the internet.
Whether the sheer plethora of smart device has you questioning their capability to be connected (a phenomenon that is otherwise known as smart or intelligent, cause for derision alone in some instances). But the vulnerability is not specific to the device per se, but rather how it is made and secured in the first instance.
So, here are some of the devices that are today connected to the internet. Whether the vulnerability in such devices has bought their security into question or the value of their creation is simply questionable due to their inanity, you should consume at your peril:
Pregnancy tests are highly reliable and easy, even if they do involve the slightly undignified act of peeing on a stick. Pregnancy Pro is described as the first pregnancy test that syncs with your smartphone and provides access to an app that offers information and support personalized to you.
The consumer downloads the app, pees on the stick provided, and then gets personalized information about her fertility. Upon downloading the app, she can detail whether she’s trying to get pregnant or not. That lets you avoid an awkward “congratulations” message.
The pregnancy test, at $15, is double the cost of a standard test. There are certainly better apps for tracking fertility like Clue and even wearables like Bellabeat’s Leaf, a health tracker that monitors activity levels, sleep quality, stress levels, ovulation, period, and contraception tracking as a cohesive whole.
Recently, the security of pregnancy tracking apps was bought into question when it was revealed that vulnerabilities in the Glow Pregnancy App would allow an attacker with rudimentary software tools to collect email addresses, change passwords, and access personal information from participants in Glow’s community forums, where people discuss their sex lives and health concerns.
While it’s not enough to bring down the internet, it could certainly compromise more than one relationship.
A smart egg tray
If you have a pathological fear of stale food and the subsequent food poisoning, you’ll recall the Quirky + GE Smart Egg tray, that was launched in 2013.
It’s basically a tray to store fresh eggs that syncs via Wi-Fi so you can use your phone to check how many eggs are left in the tray. It’ll also let you know when the oldest one got in there so you know how fresh your eggs are, and how many you might need to pick up on the next trip to the supermarket. The app lets you select each egg one by one to check its shelf life.
While there’s no evidence it’s ever been hacked, you can use IFTTT to make it even smarter. Think of it as a precursor to the smart fridge.
Hacking an insulin pump
One of the most hotly contested area of digital health is diabetes. The diagnosis and treatment of Diabetes 1 and 2 is subject to a plethora of apps, diagnostic tools and management devices and health activists have been long awaiting devices that allow them greater convenience, flexibility and practicality in managing their condition.
Yet it was only this month that Johnson and Johnson released information that vulnerabilities in the One Touch Insulin Pump could mean that a remote attacker could spoof the Meter Remote and trigger unauthorized insulin injections. The Animas OneTouch Ping pump, which was launched in 2008, enables diabetics to dose themselves with insulin using a Wi-Fi remote control, removing the hassle of directly accessing the device, which can be worn under the patient’s clothes.
It’s apparently the first time a manufacturer had issued such a warning to patients about a cyber vulnerability.
The Mapo connected beauty mask
While this mask looks like something from a German horror film, the Mapo by Wired Beauty is a sign to beauty regimes of the future. A sensor connected face mask analyzes your skin’s temperature and measure its moisture level, and the accompanying app uses that information to track your skin’s health and give recommendations about your beauty routine, such as when you should be cleansing and what type of products work best for you. It’d be perfect to wear to the door to frighten small children.
The Jeep Cherokee?
In 2015, online-security researchers Charlie Miller and Chris Valasek shared their ability to attack a Jeep Cherokee wirelessly courtesy of a presentation at infamous hacking conference Def Con. They were able to attach themselves remotely to a Jeep Cherokee and disable the transmission and brakes and take over the Jeep’s steering. Scary stuff and it resulted in recall for 1.4 million vehicles. Jeep has since patched that vulnerability.
However at this year’s Def Con, the duo demonstrated how they could again take control of the same 2014 Jeep Cherokee they hacked the year before. This time they sent false messages to its internal network, overriding the correct ones. This allowed them to make the vehicle turn sharply while it was speeding down a country road.
They also were able to make the vehicle unintentionally speed up, or remotely slam on its brakes. It’s sobering stuff that suggests that self driving cars have bigger things to worry about than the trolley problem.
Cheap hardware and open-source software are making it easier to connect all manner of devices. What’s still hard is coming up with an application that’s actually useful. Is the thing that your device is replacing really broken — or are you stretching to find a reason to put technology somewhere where it’s not useful?
The Haz Umbrella
If you’re the kind of person who buys cheap umbrella’s that survive only a single hail storm due to your propensity to leave them on the subway, then the Haz Umbrella wants to make your life better.
It’s wi-fi connected to alert you if you ever leave the it out of of your sight. There’s even a corresponding app that notifies you of the latest weather in case you are unable look out the window, If you thought the smart clothes peg was stupid, then here is its big brother.
It’s easy to place scorn on the trivial nature of some connected devices. But the reality is the that you can’t tar an entire industry with the weaknesses of a number of products. Do we know how many are vulnerable? No. Nor do we know what portion of blame should be ascribed to the manufacturer or the consumer with their default passwords.
But this won’t be the only attack inflicted on connected devices and we should be ready for repeat performances, especially with those devices with life cycles longer than ten years or so where their earlier protections may become obsolete. We’ll need to be on the lookout.
Originally published at readwrite.com on October 23, 2016.