It seems like convenience always trumps security. This last week there was a story about Tesla being hacked and Siri opening the door for anyone who asks. I’m beginning to wonder why we call these devices “smart?”
Tesla Is Controlled From 12 Miles Away
A Chinese security research lab posted the results of a study they did on a Tesla Model S. Keen Security Lab is part of Tencent, Asia’s largest internet company. The researchers wirelessly attacked the car’s network through the in-car browser. From there, they can take over the displays in the car, turn signals, unlock the doors, adjust the seat and sunroof.
Later in the video, the Keen Security Lab team demonstrates that they can retract the side-view mirror and pop the trunk while the car is driving. Even more alarming, the vulnerability allowed them to activate the brakes and stop the car.
According to the Keen Security Lab blog, they reported the issues to Tesla and worked with them to patch the flaw. Tesla offers a bug bounty for discoveries like this and told the Verge that Keen Labs will be rewarded for the discovery.
Hey Siri, Unlock the Front Door
This week Reddit user sportingkcmo (Marcus) posted an interesting story about his August Home Smart Lock and Apple’s HomeKit. After setting up his house with HomeKit he was commanding his home like a starship captain in Star Trek. Unfortunately, Siri doesn’t seem to care who is asking to open the door.
Being the gracious host that she is, Siri let the Missouri man’s neighbor into his home. It turns out that Marcus had an iPad Pro in his living room to control his “smart” home. As Marcus was leaving in his car one day, his neighbor ran up and asked if he could borrow some flour. Marcus agreed and started to get out of the car, but his neighbor said, “I’ll let myself in.” The iPad Pro in the living room heard his request to be let in and unlocked the door.
Forbes points out that this is not an August Smart Lock issue, but an issue with HomeKit. The Forbes piece also states that Apple is probably still more secure than most of the other smart home companies because of their encryption requirements.
I’m wondering if we should have a special software triangle. If you’ve ever done any sort of production work, you may have heard of the production triangle. The idea is that you pick 2 items from a triangle consisting of good, fast and cheap. If you want something good, but inexpensive it won’t happen quickly. Something fast and cheap might be very poor quality. You get the idea. When it comes to software, it seems like you can only pick 2 of the following: secure, convenient and quick.
At the moment, we’re getting a lot of fast and convenient software in our smart devices. Be sure to do your security updates or wait for some of these products to mature. That’s what I’m doing. It has nothing to do with the fact that I cannot afford a Tesla or smart home products. “Yeah, that’s it. I’m concerned about my security,” he wrote under his tinfoil hat in his Canadian bunker.