Beast of Burden

By on Mar 26, 2017 in News

What can Disney’s Beauty and the Beast teach us about smart homes and the impact of the Internet-of-Things on network security?BeautyandtheBeast

At first glance, there doesn’t seem to be much of a connection between network security and a fairy tale about an enchanted castle, but a closer look reveals a surprising synergy. In a (mostly) tongue-and-cheek write up for Wired, Anna Vlastis argues that Disney’s live-action remake of one of their most celebrated films is nothing short of “a cautionary tale about the smart home.”

Charmed Into Complacency

It’s one thing to watch an animated teapot sing, quite another to see a live actor slip into its CGI rendering. As Vlastis points out, using humans to represent enchanted appliances makes the film “feel less like a workplace sitcom and more like dystopian novel.”

Vlastis goes on to warn that consumers shouldn’t be fooled by the novelty of a “Stanley Tucci-voiced harpsichord.” These enlivened utensils hide a more sinister motive beyond entertaining musical numbers. Their anthropomorphism lulls us into complacency, allowing us to forget just what they are capable of. While Vlastis plays this insight for laughs, she makes a valid point. Our smart homes are vulnerable precisely because we underestimate the capabilities of our wired toasters and internet-enabled lightbulbs. In the wrong hands, these devices provide an easy entryway for hackers and ne’er-do-wells.

“Over the last few years, we’ve been connecting anything and everything we can to the internet under the guise of simplicity,” writes Lifehacker’s Thorin Klosowski. “Security with IoT devices is so bad that when we hear about a hacked IoT device, we generally release a large collective shrug. This isn’t a huge deal yet, but it’s going to be.”

“We’ve brought this stupid future on ourselves.”

Surveillance through Passive Consent

With actual magic mirrors becoming a favorite DIY project, it’s only a matter of time before we can all get weather updates and check our email while contemplating our reflection. But as Vlastis points out, this contemplation can go both ways, with third-parties tapping into your device get a bird’s eye view of you and your home.

“Some might argue that the magic mirror’s invasions of privacy can be used for good,” writes Vlastis, before pointing out, “Just because surveillance can be used to fight crime…doesn’t make it a one-solution fits all technology.”

Allegations of spying microwaves aside, many experts warn the Internet of Things won’t just allow hackers into your home; it will open you up to all manner of surveillance. As US director of national intelligence chief James Clapper told the Guardian earlier this year, “In the future, intelligence services might use the [internet of things] for identification, surveillance, monitoring, location tracking, and targeting for recruitment, or to gain access to networks or user credentials.”

It’s Always a PICNIC

Computer techs and IT professionals often commiserate over the complications that result from user error. Whether it’s a PEBKACK (Problem Exists Between Keyboard and Chair), an ID-10T Error (Idiot Error) or a PICNIC (Problem in Chair, Not in Computer), the result is the same: when it comes to computer problems, it’s often the body in front of the keyboard that’s to blame.

When it comes to IoT security, many security issues can be traced back to user apathy and ignorance. Most consumers are unaware of the threat posed by their smart thermostat or television set. Unfortunately, even the savviest of tech enthusiast can get lazy, assigning the same password to multiple accounts, for example, or agreeing to user agreements without reading the fine print.

“While it’s tempting to blame the IoT (Internet of Teapots) for the bloodthirsty townspeople, or for the Beast’s fate soon thereafter, the true culprit isn’t the smart home. It’s user error,” writes Vlastis. “Only when the Beast falls in love with Belle does he breach his own best security practices, giving her the mirror that ultimately proves his downfall. A reminder to all who share their passcodes and devices: Love can make us hasty with our information. And that information—or misinformation—can do IRL harm.”

“IoT seems unstoppable,” laments Klosowski. “One researcher suggests we’ll have over 80 billion smart devices on the internet by 2025. That suggests that everything in your home will be online. From your fridge to your office chair.”

“What happens next is at least partially up to us,” he continues. “You can demand better security. Or you can refuse to buy any of this crap to begin with. Whether that’ll actually change what device makers do is doubtful, but at least you won’t have to worry about the government spying on your microwave. If nothing else, change your default password.”