Teaching Smart Devices to Lie

Smart Hardware is not just “Software Wrapped in Plastic”

Recently I’ve been thinking a lot about architectures for the Internet of Things. About how those architectures affect the security of our devices, but also how we think about security—and about data—and I’ve come to the conclusion that we’re doing it wrong.

In fact I think the very idea that hardware is just “software wrapped in plastic” has done real harm to the way we have built smart devices.

For the most part the wide scale security compromises we’ve seen with the Internet of Things have been, unsubtle. Mirai for instance was a piece of malware that identified vulnerable IoT devices using a list of just 60 (or so) common factory default usernames and passwords, then it logged into them, and took them over to form part of a botnet.

Infected devices continued to function perfectly normally, except for occasional sluggishness, and an increased use of bandwidth. So their owners generally didn’t notice anything is wrong.

For the most part the wide scale security compromises we’ve seen with the Internet of Things have been, unsubtle.