The Internet of Things saw the latest confirmation of its significance with Google's recent announcement that it will be purchasing Nest Labs, the company behind lines of smart thermostats and connected smoke detectors. The $3.2 billion acquisition could likely prompt an uptick in adoption and awareness of smart devices in the home, which are becoming a priority for those in the digital privacy and software security communities.
"They're already delivering amazing products you can buy right now – thermostats that save energy and smoke/CO alarms that can help keep your family safe," Google CEO Larry Page said of Nest's founders, highlighting the potential for expansion. "We are excited to bring great experiences to more homes in more countries and fulfill their dreams!"
Nest will continue to operate as its own division and distinct brand within Google. This separation is also important from a privacy perspective, Ars Technica noted. Nest's devices gather a substantial amount of data about their users, including whether they are home and even what rooms they are in. Such information could be valuable to Google, prompting some users to worry about the amount of data sharing that will occur. But Nest has already clarified in a FAQ that it will continue to limit the use of customer data to its own products.
A security question for the Internet of Things
Such data could also be interesting to hackers, who increasingly have new vectors for attack into a growing variety of home tools, Gartner's Anton Chuvakin wrote in a recent blog post. He highlighted some of the specific dangers of the different home devices he has asking for IP addresses, including everything from his TV and his printer to a security camera set and a thermostat. He noted that the risks in each case are relatively low, as are the risks of smart kitchen equipment (as long as it's not something that can cause a fire), car unlocking (covered by insurance) and other home automation tools.
But in some cases, such as house locks or any devices that could cause fires or floods, he considered adoption out of the question, noting that Internet of Things security is an evolving field. With Google's acquisition of Nest, among other signposts, more attention is likely to be coming to this area. Developers will need to use tools such as source code analysis software to strengthen the code behind these devices, which is often less than satisfactory. As the profile of the Internet of Things rises, so too must the concern for software security.
"Except for maybe the iDevice maker, vendors who focus on and excel in hardware royally suck at software (if they can barely write a UI, do you think they can write secure TCP/IP drivers?)," Chuvakin wrote. He added, "Stakes are mostly low today, and the risk in IoT is low because the value is low and the threat is low (while vulnerabilities are high). Said value will skyrocket and so will the threat."
• Blog post: ‘Internet of Things’ creates new security concerns
• Mitigating M2M Security Risks in Embedded Systems webinar
Software news brought to you by Klocwork Inc., dedicated to helping software developers create better code with every keystroke.