Reflections on the New Technological Era

Last week I had the privilege to attend a tour of the HP SmartHome. A model of a residential building in the middle of the parking lot at HP’s campus in Cupertino represents what some might view as the home of the future. But it is the reality today. It demonstrates HP’s vision of how technology is about to become something more than just an integral part of everyone’s everyday life.

The main idea behind the smart home is dependent on the cloud computing concept, where a consumer’s profile exists in the cloud with all of her data that includes preferences, family photo albums, favorite movie collections and so on. That way all the various devices that the consumer possesses can be easily synchronized through the cloud simply by way of authenticating the user to her profile. This scheme allows the profile to simply follow the consumer when she goes home from work or steps from the living room into the bedroom. And of course, all the devices are now going to be online. And not just computers and TVs, but also printers, alarm clocks, digital photo frames, as well as all the kitchen appliances.

As we were walking from one room to the next and joking about being able to remotely raise the temperature in the oven to be too high in order to cause fire in the house and therefore receive a payment from the home insurance company, I kept thinking about all the possible ways such system can be abused. I can see the same problems and questions arising again as those that did with e-voting and medical devices. How do we protect data stored in the cloud? How do we provide good authentication schemes for distinguishing between legitimate users and attackers? At which point should the system take control in its hands in order to avoid accidents?

Smart home is an example of many cool ideas people have about what we can do with modern technology, but in more and more cases, security and privacy are turning out to be the limiting factor. As we are entering this new technological era, we should keep in mind that software security is not limited to protecting websites or credit card numbers. It's about realizing the potential of information technology. And our job as security practitioners is to help with that and prevent catastrophes caused by technology, like the one that happened at Rutgers, from happening.