The IT world loves phenomenal names and cool sounding words such as The Cloud, Big Data and The Internet of Things.

The Cloud, turned out to be a means for everyone to see their most beloved celebrity naked.

Big Data, turned out to be a means for data mining for further invasion of our privacy.

The Internet of Things (IoT), currently our most beloved word, will highly likely lead us to disasters caused by internet based attacks no one has ever (yet) dreamed of.

The industry seems to be moving a lot faster than internet security experts can catch on. The notion of security is at total loss as the companies move forward, without taking proper precautions into account, and prematurely introducing new products and services that are slowly converging into autonomous systems.

I do realize I sound pessimistic about the subject; we must always move forward but with taking precautions before going full ahead to disaster.

Let me give you a few examples as to what can be achieved via Internet of Things related technologies as of this writing:

So who will control and secure the IoT devices ? That is a question that needs to be answered before things get really out of control. It is not a sci-fi movie any more, your fridge will now order food for you. One can only imagine what an internet enabled toilet can do; hopefully not the things that come first into our twisted minds.

Two things need to be solved immediately, before these devices increase in terms of number and also level of autonomy.

Device transparency and forced firmware upgrades

IoT enabled devices must share common security features and must allow forced firmware updates to increase level of security without human intervention.

Network infrastructure changes

Software Defined Networking (SDN) may lead the way to implementing policies to define what types of IoT devices may perform what types of actions thus limiting the likeliness of these devices from becoming Bots to participate in attacks. But the question remains as to how these will be applied to your typical router at home which obviously has no SDN or professional firewall/IDS capability.

What Not to Expect from a Typical User

The WEP wireless encryption algorithm was cracked in 2001 and it is still in use in many homes; moral of the story being you cannot (or should not) expect a person to take security measures on his/her own, as a router is just a device that connects the household to the internet, which was set up some time ago by a technician sent by the telecommunications service provider.

It is therefore now the manufacturers’ job to enforce security measures in these devices, either by the forced firmware approach I mentioned above or by some other method which needs to be discovered as soon as possible before something terrible really happens, as in my humble opinion the IoT implementation in its current state, is simply an accident waiting to happen.