Commentary

Second Owners Of Smart Devices May Inherit Security Risks

When connected things are sold, they don’t necessarily know they were sold.

The connectivity, or link to the former owner, may continue to reside with the seller, whether they realize it or not.

This issue was highlighted at the RSA computer security conference last week when Charles Henderson, global head of X-Force Red at IBM, told attendees that security issues often are passed over regarding second ownership of a connected product.

“The wide variety of home automation IoT devices today are designed primarily for convenience and functionality, with long-term security often overlooked or ignore completely,” Henderson said.

“All the efforts are focused on that first owner,” he said. “It’s time we start looking at the entire lifecycle.”

A house with smart lights connected to a hub could be sold without the seller realizing they still have the controlling app on their phone. As an example, the Osram Lightify Gateway, which allows the controlling of household smart lights from anywhere in the world, looks like a simple plug and is only about 2 by 2 inches.

A smart thermostat also could remain connected to a previous owner’s smartphone, which could have been set to automatically change the temperature at a certain time each day.

A connected car? Henderson said he had one, sold it and determined that some of the remote authorization he had were never revoked.

A smart object may be sophisticated enough to manage lights or appliances but still not be smart enough to know it has a new owner.

5 comments about "Second Owners Of Smart Devices May Inherit Security Risks".
Check to receive email when comments are posted.
  1. R MARK REASBECK from www.USAonly.US , February 20, 2017 at 11:24 a.m.

    Seems like connecting with "Smart" things is a pretty Dumb idea.
    WHY WHY, WHY does anyone want to Filet themselves open to every
    aspect of your life, especially in the financial area?   How about you lazy
    fools who can't be bothered remembering anything, who even program your car to
    make the car payment FROM YOUR BANK ACCOUNT, then you sell the car, where is that info on the net??
    The general population is dumbed down enough by "smart devices". You don't have to know math, any kind of history, how to diagram a sentence, or remember your kid's birthday.  This isn't technology, this is a war for your privacy and intellect, under the guise of "convienience"  .

    The self driving car will eventually implode, my prediction.

  2. Paula Lynn from Who Else Unlimited replied, February 20, 2017 at 3:19 p.m.

    If people could read and write for themselves, they wouldn't need others to tell them what to do and how to do it and live their lives themselves. The printing press was the scurge of the church in the 15th and 16th centuries for the same reason. We are going backwards.

  3. Chuck Martin from Chuck Martin replied, February 20, 2017 at 5:58 p.m.

    Time will tell, Mark. You are not alone with such views.

  4. Craig Spiezle from AgeLight LLC, February 20, 2017 at 8:55 p.m.

    This is not a new issues and we are heading towards a collision from online security to physical safety. OTA has been raising this issue for nearly two years on the need to "re-provision devices, homes and auto on re-sell or rental.  This is a core component of the IoT Trust Framework see https://otalliance.org/IoT.

  5. Chuck Martin from Chuck Martin replied, February 20, 2017 at 9:04 p.m.

    Totally correct, Craig, but now getting louder.

Next story loading loading..
About the Author

Chuck Martin is Editor of the AI & IoT Daily at MediaPost and writes the daily Connected Thinking column. He is a NY Times Business bestselling author and his latest book is “Digital Transformation 3.0” (The New Business-to-Consumer Connections of The Internet of Things.) He is CEO of Net Future Institute and a frequent keynote speaker internationally. Follow him on Twitter @chuckmartin and contact him at Chuck@MediaPost.com.