Tom Pittman's WebLog

2020 November 13 -- Danger: IoT Eunuchs

Friday the 13th comes on Friday this month, and lucky thing it did, because this is a very unlucky topic. Three years ago this month, the second feature article -- after the usual bunch of one- and two-page opinion pieces, and after the cover story on political efforts to force electronic products manufacturers to support "green" (they didn't use that word) products and fuller employment (likewise) by allowing people repair broken devices instead of grinding them up for landfill so that factory workers in China can get the salaries that might otherwise be earned locally in repair shops. I think it's a fine idea to repair rather than discard, as long as there are people willing to do the work, and somebody else willing to pay them for it. The designers in Silly-Con Valley cannot imagine anybody earning less than $100K/year, let alone such people preferring to eat wholesome bread rather than sugary cake (Google "let them eat cake" if you cannot remember your history). Apple is cited as one of the worst offenders. Now I have another reason to refuse an iPhone, besides politics and political correctness, which denies me the confidence that any modern Apple product is usable. Google is not mentioned in this article since they do not build consumer hardware, but they are nonetheless trying hard to pass up Apple in social hostility (see "The New Tinfoil Hats" last month).

In fine print on the bottom of each page, the IEEESpectrum announces that this is the "North American" edition. Obviously they don't want to antagonize their Chinese colleagues by the machinations of those nasty entrepreneurial Americans. Maybe the reason the 2020 Spectrum is so much better in editorial quality over 2017 is that they no longer separate out a "North American" edition. About the same time, another piece celebrated the separation of their "Institute" for that specific reason (offending the advertizers).

Article #2 in the same issue is titled "The Patchable Internet of Things" and if you are not yourself a castrated (eunuchs) programmer, you might easily infer from the title the sole reason for the lament in the first pull-quote, "Why are IoT devices so vulnerable to hacking?" There are actually two reasons, and both must be true for a device to be hackable.

First and formost, they are Patchable. An electronic device cannot be hacked unless it is remotely alterable.

Secondly, they are eunuchs -- I mean unix (same pronunciation, same difference). An electronic device cannot be hacked to mount a DDoS attack on other internet targets unless they are Turing-capable, meaning you can upload an arbitrary program to your "smart lightbulb" and expect it to turn the TV on in another location and set the channel. Lightbulbs have no business sending arbitrary messages to other devices on the internet. The authors of this absurd article want every "Internet of Things" device to have a complete unix operating system (they didn't say so by name, but they want the facilities of it) so that it can be hacked, and they have the temerity to suppose they can make it less hackable by making it more so. They are going the wrong direction. Really.

It's easy to make a device that can be remotely programmed to do its job** without making it hackable. It's very hard to make a unix (or unix wannabe, like Windoze) device that is safe from remote hacking. That's why the original Mac had a full order of magnitude fewer known vulnerabilities* than the next-best OS, back when there was a MacOS (under the covers OSX is unix, not a Mac). Another good reason not to get an iPhone.

Now that I fully understand what idiots they are who make these things, you will never get an IoT device into my house. You tell me it's on the internet, I don't want it. You tell me it's smart, I really don't want it: it's probably smarter than its own programmers, which isn't saying much.

* Another reason the original Mac was safer than unix: it wasn't programmed in C. Each new version of the MacOS got buggier, as they replaced more and more of the original Pascal with C code. See also my remarks on "Why Java?" and not C.

** IoT devices are promoted as remote control and/or remote sense devices that use the internet for those remote operations. Maybe the promoters have some other agenda in mind -- like spying on people unawares or messing with their lives (but they aren't saying so) -- so let's assume the promotion is honest:

An IoT lightbulb's sole function in life is to enable the owner to remotely turn on the grow lights over his pot farm in the garage (or better: turn the lights off, because he heard the Feds are coming by) remotely from his smart phone, and an IoT refrigerator's sole function in life (over and above what any cheaper "stupid" refrigerator might do) is to enable the owner to inventory its contents (again remotely from his smart phone), perhaps by reading out each item's UPC bar code and by tracking its weight over time, so to advise the owner in the store to refresh groceries that are getting low. Both of these kinds of requirements (reading out remote conditions and remote control) can be effected completely and satisfactorily from a smart phone by a single-page web server on the device and no other net access at all.

Obviously you don't want hackers turning your pot lights on and off randomly, and you probably don't want your mother-in-law seeing what brand of booze is in your fridge, so a password is needed. Note that a simple password field on the served-up page is adequate. Changing that password from time to time is necessary, but you can give it the same security your garage-door opener has, requiring physical presence by a simple button-push -- or perhaps a BlueTooth virtual button, but I wouldn't recommend it because the range is somewhat farther. Besides, a button is cheaper than all the hardware to support BlueTooth.

The pre-programmed web page would be hard-coded and cannot be changed other than by a firmware upgrade -- also requiring physical presence, but the best, most cost-effective IoT devices have their firmware in ROM (which cannot be changed except at the factory). In any case, the smart phone app can scrape off the text and/or image data to reformat it for the viewer's pleasure. By nature, the sensors are all hard-wired in the fridge and cannot be repaired except by the physical presence of the repairman, and it is not unreasonable for the vendor to do their debugging before they ship their product, so no upgrades are needed in the field at all, ever. The device cannot be hacked at all, let alone to mount a DDoS attack over the net to unsuspecting victims.

Complete Blog Index