Your stuff may be increasingly “smart,” but the security on it almost certainly isn’t. If something of yours connects to the internet, it can be hacked — leaving your private data vulnerable, and potentially sweeping your stuff into an international criminal botnet. Now, the FTC is awarding a cash prize to a developer who’s designed an app to hopefully help you make your stuff more secure.
The FTC announced the contest back in January.
The name is a mouthful — the Internet of Things Home Inspector Challenge — but the idea’s clear enough. The contest invited developers to create some kind of tool that home consumers (not giant businesses) can use to help protect themselves from the security vulnerabilities in their stuff.
Because as the Internet of Things expands, the poor security baked into most of the things in question is becoming a massive problem, exacerbated by both poor design and human nature.
Why the FTC held the contest
We hear stories about the hackability of some thing or other basically weekly, at this point: cars, firearms, baby monitors, security cameras, printers, Segway scooters, televisions, DVRs — the list of items being remotely accessed, either for crime or just to prove a point that it can be, goes on and on.
Many devices are simply not well-designed, from a security point of view. For example, many devices have terribly basic, universal, or completely absent default passwords on them. Or worse, they’re hard-coded to accept only the password they ship with — or even none at all.
Of course, sometimes the devices themselves are designed pretty well… but we, the users, kind of aren’t. Human nature is a harder problem to solve: very few of us are technical experts; most consumers who buy things now simply expect them to work, and we expect that the companies that sell us these expensive gadgets will have arranged them to work safely.
So then when something critical — like, say, your home router — is already out of date and vulnerable before you even take it out of the box, consumers know neither that they need to update it nor, if they do, how. Extend that to watches, refrigerators, cars, ceiling fans, thermostats, door locks, light bulbs, and more that constantly need some kind of non-automatic update and, well, most people simply won’t do it. They’ll set it and forget it, instead.
That, then, is the problem the FTC challenged developers to take on: Could anyone create a single, easy-to-use tool that consumers could actually use, in the real world, to manage the security of their various stuff?
And the winner is…
Today, the FTC announced that the challenge has a winner: A man named Steve Castle, based in New Hampshire, will claim the Commission’s $25,000 top prize.
The tool Castle designed is IoT Watchdog, a mobile app that, theoretically, would make it a lot easier for low-tech users to identify the high-tech problems in their homes.
Basically, install the app on your phone, and you can scan your home Wi-Fi and Bluetooth networks for connected devices. The app would then tell users which of those connected devices need to be patched, or what common vulnerabilities those devices have and how to fix them.
Acting FTC chair Maureen Ohlhausen congratulated Castle and the runners-up, saying, “Their innovative ideas will help consumers secure their devices and aid the growth of the IoT overall.”
The FTC has a video demo of the winning app, as well as the honorable mention runner-up, on the contest page.
by Kate Cox via Consumerist