Civilisation is an agreement. We agree to pay our tax, obey the laws, and generally avoid berserking around the joint. Where these agreements breaks down you get riots that scale into civil wars, then collapse. That’s less of an issue so long as the problem is over there – so that when a culture soils the sheets you don’t have to deal with the stink.
But if there’s one lesson of the connected era, it’s that there is no more over there.
An interesting case in point recently surfaced on the website of Dan Tentler, a geek who – when he’s not flying drones across the San Diego skies – takes a peek at the various vulnerabilities of all of our connected devices. That’s like shooting fish in a barrel these days, because so many of these devices have such shoddy firmware and such poor default security settings they’re practically begging for someone like Dan to come along and take a look.
At their sleeping babies.
It turns out that an entire class of webcams parents use to keep an eye on their offspring have such poor security settings that it’s possible to take a snap of the sleeping children from pretty much anywhere on the Internet. Neat, huh?
After Tentler’s findings surfaced, New York City’s Department of Consumer Affairs issued an extraordinary warning to the purchasers of those connected video cameras, advising them to “buy a secure device”, “use a strong password”, and other recommendations of the sort that come from a good place but fundamentally rely upon the manufacturer producing firmware that’s up to the task. More often than not, it isn’t.
Over the last few years we’ve learned ‘hardware is hard’. Now we’re learning, ‘firmware is harder’.
Firmware has to operate the device reliably, and handle all of the issues that arise from maintaining a connection to that cesspool of hackers and state actors we charmingly call the Internet. Firmware has to hold the line against the barbarians. That’s job #1. If that fails, then the hardware becomes a Trojan Horse.
With the number of connected devices per household heading from the tens into the hundreds over the next few years, that’s a lot of firmware that has to be just about perfect in its capacity to defend against attacks.
This problem isn’t new, it’s simply scaled to the point where it touches almost every one of us, almost all the time. In a world of connected objects, we keep walking into the buzz saws of vulnerability. But there is another way.
Nearly a year ago I wrote about the new ‘table stakes’ in connected devices – enough computational power to be able to run the ‘blockchain’ consensus security protocol that supports Bitcoin. IBM and Samsung publicly announced a partnership to create blockchain-based security that would work well across many connected devices.
That work continues. It’s never been more important. Yet, just as the blockchain rises to become a pillar of our IoT security strategies, the protocol behind it has developed some serious scaling issues.
That’s to be expected. Even a genius like ‘Satoshi Nakamoto’ – whoever that is – wouldn’t be able to anticipate the shortcomings of a protocol that now supports millions of transactions per day across a globally distributed and replicated database like the Bitcoin blockchain. No one had ever run the experiment before, and no protocol survives an encounter with the real world, with all its pointy edges of implementation.
That was demonstrably true for TCP/IP and all of the protocols that ride on top of it. There are now thousands of RFCs covering nearly every protocol – with frequent amendments as a protocol ‘grows up’ into something that’s widely used. That’s the form of the human endeavour: we learn, and we apply those learnings.
This doesn’t seem to be happening in Bitcoinland. For more than a year, various partisans have fought conflicts about how to make the network handle its increasing transaction volume, disagreements that threaten to break out into full-scale civil war, a fracturing of Bitcoin, and… well, no one knows what happens after that.
The Bitcoin community can’t seem to reach consensus on the changes required to grow up. It’s quite possible that at some point later this year the transaction volume on the Bitcoin blockchain will make something designed for reliability unreliable enough that no one will be able to trust it.
Security begins with governance. Where you can’t govern yourself, anyone else can govern you. If Bitcoin falls over, the blockchain – which can exist apart from Bitcoin and all its argy-bargy – will be unfairly stained with that instability, giving shonky hardware manufacturers all the reason they need to avoid the obvious security solution as ‘unreliable’.
In the connected world, we have to accept that civilisation asks us to build consensus. There is no other way forward, because consensus is the mortar in the wall that defends us against the barbarian hordes outside, constantly probing for weaknesses, looking for a way in. ®
Building secure multi-factor authentication