Re: Solution looking for a problem
I'm a tinkerer, so I like joining things together but I only do it where I see a purpose.
So my car has in-car GPS tracking. Sure, it can go on the Internet and provide me a live trace of my car's whereabouts but it doesn't, unless instructed. Having it online and able to a) text me if it moves and b) text me it's exact location is very handy, however.
I just put access control on the side-gate to my house. My girlfriend wants to lock her bike away, not in full view, and we have a side-alley that's perfect. We don't want to leave it open, though, so - while balancing on her bike - she has to be able to cycle to the door, unlock it, go inside, lock up her bike, come back out and get into the house. The alley has a gate from and back of it (the back leads to our garden). I don't want the back gate being opened except from the garden. There's no need. So the easiest solution was to put on an RFID reader and a maglock. She can cycle up, doink her tag on the gate and get in without someone else doing the same. She doesn't have to faff with keys from a bike, or get off the bike only to then wheel it into the alley. And the bike is safe.
Side-track? Well, while doing this, it was actually cheaper and easier to put in all the RFID and maglock than even a conventional decent gate-lock. And we know if the gate is opened as it beeps in the house. And, as massive online-orderers, we often have parcels delivered. Traditionally they are given to our neighbours but - honestly - we think that's annoying for both them and us. For large parcels we could now provide a code to get into the alley where parcels can be left and locked away. But for things like that, being able to REMOTELY open the gate is something I'm considering. The same GPS kit I use in the car has the ability to control relays by text message (for cutting off the fuel-pump if your car i stolen), and it's about £20 for the whole thing. Putting that it would let me know on my phone if someone's opened my home gate and allow me to open it for them. I often get delivery drivers phone when I'm at work and ask where the parcel can be put safely.
Now, I have an analog CCTV system. I bought a cheapy DVR recorder for it. It can record 16 channels and has a 1Tb hard drive so it can store several MONTHS worth of CCTV. Better, however, is that it *can* be accessed remotely. I don't do it as a matter of course but - should my side-gate be opened with a code, or I get a phone call, I can see who they are and what they're delivering and that they've done it right and not walked off with my girlfriend's bike in the process.
Feature-creep like this is inevitable as the hardware gets to the point where it's so cheap that you get the feature for free. I'm actually quite anti- living my life through cameras and smartphones. I've spent years of my working life trawling CCTV footage of one kid pushing another in a playground, and it's not at all fun. I quite like the last few schools I've worked for because they just don't have that level of CCTV nor need it. But, still, the ability to buy a cheap device and it have these features is great as a geek. I lock them down and don't just have them providing a way into my home network, but that's just a question of specific management of them.
However, a cheapy £20 in-car GPS has this stuff nowadays, including GPRS/3G live tracking, relay control, text-alert etc. A cheapy £75 DVR has it too, including free smartphone app. As we move forward, everything gets all these features "for free", and that's the real danger - you can't stop manufacturer's putting in a generic chip that does everything and offering its entire functionality up to the user even if they only bought it as a GPS-tracker. But how do you lock that down, manage it, audit its usage, etc.?
That's the problem we face. Not "why would you do that" (the answer is, the second someone makes an electronic fridge control with those features for a couple of quid for each chip, every fridge in the world is going to start having the ABILITY at the very least), but "I have 20 devices that ALL do that by default and for free, how do I manage them?"
Hell, Arduino-compatible boards are £3 each on Amazon. You can get a GSM shield for £20, a wireless one for £10, an Ethernet one for £8, and Bluetooth, RFID etc. for a pittance. That's geek-toys sold as commercial units. Imagine what prices the manufacturer's are being offered when they just want a circuit to do a particular job, and what other functionality those same chips offer? And do you think that just because they use a chip that has all those features, and even if they don't properly hook them up, that's it wouldn't be a security risk still?
The IoT is something that has a natural progression to ubiquitous technology. And it's scary. Because if you're going to pay £1 for a chip that monitors the temperature in your fridge, but that comes with wireless access too, and LCD display drivers, and text-alert functionality (like commercial and medical fridges already do), all for the same price and package size - there's a point at which people will just slap it all on "just because" or forget to turn it off (or not turn it off in case they can licence you that functionality later!). Stopping that isn't going to be possible because of the business case. Managing it as a user is what's critical and needed.
What we don't have is a way to manage the inevitable. We don't have a way to securely enable/disable functionality, enforce a household policy, make them all talk together, etc. That's what's needed. Pretending that your next tech purchase won't tie into the wireless isn't reflective of reality, however.