Listen to this episode here.
Welcome to Episode 1, Part 2 of “Smarter Everything”, our new podcast series where we delve into the fascinating and sometimes concerning world of smart and connected devices. In this episode, we're joined by Joe Britt, CEO and Founder of Afero, and Dr. Hugh Thompson, Managing Partner of Crosspoint Capital Partners and a prominent figure in the global cybersecurity industry.
Together, we explore the exciting advancements in technology, while examining the crucial need for those who create, develop, and deploy these devices to prioritize the security and protection of their users. From the dangers of robot vacuums being hacked to child monitors being compromised, the consequences of neglecting security can have serious implications.
Join us as we look into this critical topic and uncover the challenges of ensuring the security of an unsuspecting public in an increasingly connected world.
Here are a few key takeaways from the episode:
- How will hyperconnectivity impact our daily lives?
- How can consumers ensure their connected devices are secure?
- What are the potential benefits of smart and connected technology?
Show Highlights, listen here for the full episode.
Bret Jordan: Joe and Hugh, we live in these really crazy and fun and exciting times. So much is happening today. I would like to talk a little bit about smart and connected things. How do consumers understand these products? How do they find products that have these guarantees of security? Unfortunately, consumers just buy whatever they can at the cheapest price possible, and then they deploy it in their home and think they're fine because somewhere they thought their device was secure.
Joe Britt: Yeah, I mean, the big challenge is how to distill a complex risk down into a form that an average consumer can understand. And it’s a hard thing to do. It’s kind of the Wild West. How do you know that something is secure? One of the approaches that we've taken at Afero is to use third-party labs to take our stuff apart.
I was just reading an article about one of the most popular brands of robot vacuum cleaners. The more modern ones have cameras on them, right, which they use for navigation in the house. The reason I bring this up is because this particular article was about a bunch of photos that had somehow found their way off of one of these vacuum cleaners and onto a website of some very unsuspecting consumer in their bathroom as the vacuum was cleaning it. I think this is one of the biggest challenges, especially until we have some broadly accepted standard way of communicating to consumers what their expectation should be around security and privacy for all of these products.
Hugh Thompson: Joe, I like how you phrase that. What should your expectation be? And today, I guess, fortunately for many people, they couldn't even imagine what does it mean to have a hacked light bulb, or what does it mean to have any kind of device that's out there? They've never experienced anything like that firsthand, and usually they've never experienced a security related personal problem. But many people can't conceptualize What would it mean? Or, Should I even care if my light bulb was hacked? Those two things don't make any sense together until you show folks, well, actually, a hacked light bulb is kind of a gateway into the rest of the things that you have in your home. And those things may have microphones, those things may have sensory capabilities, or the fact that if you can get into a device that doesn't have any sensory capabilities but is kinetic, it might be possible to combine attacks.
I've seen some fascinating proof-of-concept combinatorial attacks against a home where at the same time they're manipulating the HVAC system, they're taking something else that has a heating element and actually getting to a combustion event because they're combining things, right? The physical governor of the thing that had the heating element typically wouldn't allow it to combust. But if you make its environment 105 degrees, which is not common inside of a home, then you can get fascinating things to happen.
Joe Britt: Boy, that's a great use case. What you said is a nightmare. And as you were explaining it, I was thinking, gosh, what if that happened? You had a fully smart apartment and somebody did what you just described and started a fire and then they also locked all the smart locks so you couldn't get out. Just incredible nightmare scenarios that come from these combinations of devices and so strongly illustrates why it's important that the consumers’ trust not be violated. These devices have to be secure.
Bret Jordan: My neighbor, she's a social media influencer, has quite a few connected products from various companies. None of the Hubspace stuff, but some other stuff. And she had some cameras in her baby's room and she had them in there so she could watch her baby. However, her two-year-old son started complaining about going to sleep every night. You know, that there was a boogeyman in the closet. My neighbors eventually came to find out, someone had compromised the camera and had been watching and talking to their child all night long. And it's things like this that just curdle your blood.
Hugh Thompson: As I mentioned, we've got five kids. You can imagine we've gone through many different types of baby monitors over the years. Having seen some challenges with some early internet connected devices, we almost always opted to go with an RF kind of a monitor. And what was quite fascinating – it happened to us two different times, I want to say maybe five years apart and I didn't realize it was happening in my son’s room for weeks and weeks – there was the scenario you're talking about. Somebody was talking to my son through the camera.
And I would say, Brett, to your point earlier, I've heard the argument so many times that, Geez, who's going to go after me, right? They got a lot of other people to go after. Like, I'm pretty low down the list. Why should I worry about this stuff? I don't think many people realize how automated and systematized these attacker groups have become. And the scale is so profound that they can cast a very, very wide net. And it really doesn't matter if you are an interesting person or not.
Joe Britt: You reminded me of the classic Mariah Botnet attack in telling that story. This was where millions of cameras were hacked and misused because in their manufacturing process, not only was no thought given to security, but no thought was even given to the hazards of all of those cameras having the same administrator name and password.
This was not unique to one manufacturer, by the way. I mean, many different brands of cameras had this vulnerability, and it became this sleeping army that was marshaled by one group, with one program. And that is an enormous hazard for all of this stuff. If forethought into security is not put in just for the safety of the user at home, it expands out geometrically across the entire population of devices. When they're all harnessed together and used for bad purposes it’s super scary stuff.
Bret Jordan: Yeah, I mean, just really, really interesting stuff. Obviously this has been a little bit of a darker, scarier topic, but I think it's important for consumers to be able to understand what these products mean and what it means for them in their lives and for their home. And what kind of things do they need to be at least mindful of or be able to ask the right questions about?
In a future podcast episode, we'll have Wayland Grange come and talk. He’s worked at Symantec and did a lot of the investigation into the original Dragonfly attack. So we'll go into that in a future topic. Kind of like the Mariah Botnet that Joe was talking about. We need to help everybody understand the risk, but then also, what are the really cool things? So maybe each one of you could talk a little bit about what you see as the really good things about all this technology, and where do you think it's going to go over the next twelve months?
Hugh Thompson: In many of these cases I can speak for myself. I don't even really understand how profoundly positive the benefit can be until I've actually tried it. The fact that, as you say, that I can check on the house, that I can check that the doors are locked, that I can check on my kids… massive improvement, not just for the safety of them, but for my willingness to give them, when they’re very young, additional room to run and explore and be creative. And you fast forward to a year from now, that curve is going to continue to go exponential. And I think it’s going to be a discovery process. Which of those things really should be connected? Are they bringing true joy, utility, safety, and a betterment to your family, to your community, to society?
Joe Britt: I have a couple of thoughts. One, I think over the next twelve months we'll see the beginning of exponential growth of this space, just looking at the number of products that are available and the number of manufacturers that are adopting these technologies. And so one of the things that is really exciting for me is all the good that can come from this, people being able to do things they were never able to do before, the form of doing things they've never been able to do before. There's things that Hugh was talking about, like Did I lock the door? Did I turn off the oven? Everybody has had these feelings, right?
But then I also think about the convenience factor. You know? Your kid comes home and he's locked out, and there's not a key outside. How does he get in? Well, if I can unlock the door from my phone, that's tremendously powerful and gives me a lot of peace of mind. What we're really talking about is pulling relationships together between us and things. And the more that we come to understand and appreciate the value – the direct value that comes from peace of mind as well as command and control over the way that we interact with our friends and family – it's natural that this will expand to a desire to have that kind of reach and awareness across everything around us.
Bret Jordan: Those are really great examples. I think there's so much potential here and I agree with Joe, that we're right on the edge of exponential growth of reliance on all of these smart and connected things and the things that we will be able to do.
The overall message that we want to give is that this is a really exciting time for this hyper connected world that we live in, and there’s going to be so many good things that come out of it. We do need to be mindful of the security and the risk, and hopefully we can partner with vendors and products that actually maintain their security.