Podcast Episode: Securing the Internet of Things

Today almost everything is connected to the internet - from your coffeemaker to your car to your thermostat. But the “Internet of Things” may not be hardwired for security. Window Snyder, computer security expert and author, joins EFF hosts Cindy Cohn and Danny O’Brien as they delve into the scary insecurities lurking in so many of our modern conveniences—and how we can change policies and tech to improve our security and safety.

Window Snyder is the founder and CEO of Thistle Technologies. She’s the former Chief Security Officer of Square, Fastly and Mozilla, and she spent five years at Apple focusing on privacy strategy and features for OS X and iOS. Window is also the co-author of Threat Modeling, a manual for security architecture analysis in software.

Click below to listen to the episode now, or choose your podcast player:

%3Ciframe%20height%3D%2252px%22%20width%3D%22100%25%22%20frameborder%3D%22no%22%20scrolling%3D%22no%22%20seamless%3D%22%22%20src%3D%22https%3A%2F%2Fplayer.simplecast.com%2F8f2a3740-4a96-4194-9394-41d23b8b4b4d%3Fdark%3Dtrue%26amp%3Bcolor%3D000000%22%20allow%3D%22autoplay%22%3E%3C%2Fiframe%3E

Privacy info. This embed will serve content from simplecast.com

You can also find the MP3 of this episode on the Internet Archive.

In this episode, Window explains why malicious hackers might be interested in getting access  to your refrigerator, doorbell, or printer. These basic household electronics can be an entry point for attackers to gain access to other sensitive devices on your network.  Some of these devices may themselves store sensitive data, like a printer or the camera in a kid’s bedroom. Unfortunately, many internet-connected devices in your home aren’t designed to be easily inspected and reviewed for inappropriate access. That means it can be hard for you to know whether they’ve been compromised.

But the answer is not forswearing all connected devices. Window approaches this problem with some optimism for the future. Software companies have learned, after an onslaught of attacks, to  prioritize security. And we can bring the lessons of software security  into the world of hardware devices. 

In this episode, we explain:

• How it was the hard costs of addressing security vulnerabilities, rather than the sharp stick of regulation, that pushed many tech companies to start prioritizing cybersecurity. 
• The particular threat of devices that are no longer being updated by the companies that originally deployed them, perhaps because that product is no longer produced, or because the company has folded or been sold.
• Why we should adapt our best current systems for software security, like our processes for updating browsers and operating systems, for securing newly networked devices, like doorbells and refrigerators.
• Why committing to a year or two of security updates isn’t good enough when it comes to consumer goods like cars and medical technology. 
• Why it’s important for hardware creators to build devices so that they will be able to reliably update the software without “bricking” the device.
• The challenge of covering the cost of security updates when a user only pays once for the device – and how  bundling security updates with new features can