Understanding the Connected Home: Who has root access to your home?
August 28, 2015 | By Peter Bihr |
Understanding the Connected Home is an ongoing series that explores the questions, challenges and opportunities around increasingly connected homes. (Show all posts on this blog.). Update: As of Sept 2015, we turned it into a larger research project and book at theconnectedhome.org.
Your apartment is yours alone, and unless you share the key with someone, only you have access. Right? But that may be about to change: With connectivity come power struggles and access & rights management as well as security issues.
Let’s consider the following, loosely sorted in order of ascending maliciousness:
- Rights managements is hard to understand. If you’ve ever encountered a situation where you needed to assign read/write/execute rights for a personal computer, server or network without proper training you’ll know how confusing this is – even professionals regularly fail at considering the exact rights settings. In a connected home we’d have to assume that there are layers of access rights for building/apartment/room/device, or something along those lines – all of which would be non-intuitive to handle. Screw-ups seem almost unavoidable.
- How about malware? What if your smart fridge offers a back door that allows criminals to steal your email password (like it happened last week)? Why does your TV listen in on what you say in the living room? How do we deal with government and non-government entities that use our devices and white ware to spy on us like they did with smartphones? What will be the rootkit of the connected home? What will the malware look like that takes control of the connected home infrastructure, what whill it do, and who will be behind it? Will it allow criminals and governments to listen in on your conversations, or allow the music and movie industry to shut down your tv and stereo if they suspect pirated copyrighted content in your apartment?
- Who has root to your home? root access is what we call full, unfettered access – including the rights to shut out other users or delete all data. Who are the parties who have this kind of access to your home? Is it going to be you? The landlord, owner, or renter? What about assisted living situations – is it the resident or the care facility? This is a situation we’ll need to tackle at least partially through social norms, but also through some kind of legal framework so we can make sure the residents are in charge of their home.
The first two are pretty straight forward, ethically speaking: Rights management needs to be super simple and understandable to prevent issue with #1, and malware – legal or illegal – that grants anyone but the residents access to their home is unacceptable and to be considered a security issue.
It’s the cases around #3 that I find most interesting and threatening. It’s likely that all kinds of parties will try to leverage control over an apartment against its residents. To mention just a few examples of how this could go all kinds of wrong, consider the following scenarios:
- We have already seen cases where leased cars won’t start if the lease payments are overdue – a truly malicious, out of proportion invasion of privacy.
- Imagine a health insurance that will track if a diabetic takes any sweet beverage or food out of the fridge, and reports back or blocks access to the fridge to begin with.
- What happens if a crooked land lord pressures residents to move out by messing with the houses lighting and heating systems?
This is where we’ll see truly ugly power struggles play out. This is going to get ugly before it gets better.