We have all heard about various Internet-connected home appliances that are being developed by various major vendors and demonstrated at several home and electronics shows over the past year. But my friend who goes by the pseudonym A. Lizard has come up with a darker side of things that any homeowner should be concerned about. Here is his report:
Imagine discovering that your major appliance has problems via email from the factory leading you to a web page giving you a choice of dates and times for a field service technician to visit. Imagine that tech having the right part, doing maintenance called for in the work order, and leaving with your appliance really fixed.
This technology is being researched at almost every major manufacturer of major appliances. It will make the innards of your appliance accessible via web browser by putting a mini-web server inside each appliance. It will replace the service tech's screwdriver adjustment of an internal control with a piece of software to check that adjustment and tweaking it from the manufacturer's server, calling a human in if the problem can't be fixed programmatically.
The user gets to remote control his appliances via the web. Getting ready to go home? Log into your home, turn on the hot tub, crank up the air conditioner. Check the contents of the refrigerator so you can shop if needed on the way home.
Convenient? Certainly. But there is a catch.
If your appliance's web server isn't properly secured, your household appliances become hacker playgrounds. Security is rarely discussed in the context of Net-enabled appliances of whatever nature.
Imagine: your house is on fire because someone turned the heating element on your toaster ON, the gas valves on your range top ON, and the igniter in the range OFF. However, little damage to valuable contents was done because a burglar had turned your security system OFF and most valuables left with him. Too bad he forgot to turn the fire alarm back ON. You then discover that your bedroom and bathroom security web cams have been publicly accessed for, apparently, months.
This is the flip side of web control. If someone who doesn't like you gets access to the control, you won't like the results. Worse, the ability to fix a device online can be used to break it as well. The sensors and digital controls required to make it possible to go under the hood can be used to wreak havoc as well as remote repair.
Would manufacturers implement web-controlled appliances without security? They already have.
The Belkin 425VA UPS powering my computer comes with a built-in web server. I discovered that the default software install enabled me to monitor and control my UPS from anywhere with a browser and Internet connection, exactly as promised in the documentation. What it did not tell me is that anybody sitting in a Thailand cybercafe could turn off my workstation.
This was fixed in the next software release, although unsatisfactorily with a password that is transmitted in the clear across the Internet to "protect" the monitoring and control features.
This isn't the only problem with web-control. We found out from Code Red fiasco that Cisco and others didn't secure their browser-controlled routers and other network components. If Cisco didn't get this right the first time, will General Electric? Whirlpool? Kenmore? GoldStar?
What's the fix?
To start with, any web server that controls appliances must be SSL/TLS capable and firewalled. Automatically installed updates must be sent securely and the appliances MUST cryptographically verify that the updates are genuine. If the web server and the appliance aren't in the same box, the link between the server and the appliance must be examined for security problems. I would not recommend using IIS for your web server either, given the security issues surrounding it. Furthermore, full manual control must be available and the user must be able to turn off the web access with a single easily accessible switch.
If you are an appliance vendor, you should assume that copies of the service manual will be available at every hacker ftp and web site and that these internal appliance URLs are going to be banged on by thousands of user-friendly script-kiddies with lots of time on their hands to run their software bots.
If you are thinking about buying one of these gizmos, I would recommend waiting until the second generation of these devices are available for purchase. By then, product liability suits against manufacturers who didn't secure appliances properly involving death, serious injury, and property damage will be working their way through the courts, and the engineers who didn't get it right the first time will be frantically implementing the workable solutions their bosses wouldn't let them put in the first time.
A manufacturer might want to get an outside design review to ensure that this sort of thing is checked. I've expanded my consulting practice to include this, and you can check out my web site here.
To subscribe, send a blank email to
informant-subscribe@pez.oreillynet.com
To be removed from this list, send a blank email to
informant-unsubscribe@pez.oreillynet.com
David Strom
david@strom.com
+1 (516) 944-3407
back issues
entire contents copyright 2001 by David Strom, Inc.
Web Informant is ® registered trademark with the U.S. Patent and Trademark Office.
ISSN #1524-6353 registered with U.S. Library of Congress.