
When connected things are sold, they don’t
necessarily know they were sold.
The connectivity, or link to the former owner, may continue to reside with the seller, whether they realize it or not.
This issue was highlighted at
the RSA computer security conference last week when Charles Henderson, global head of X-Force Red at IBM, told attendees that security issues often are passed over regarding second ownership of a
connected product.
“The wide variety of home automation IoT devices today are designed primarily for convenience and functionality, with long-term security often overlooked or ignore
completely,” Henderson said.
“All the efforts are focused on that first owner,” he said. “It’s time we start looking at the entire lifecycle.”
A
house with smart lights connected to a hub could be sold without the seller realizing they still have the controlling app on their phone. As an example, the Osram Lightify Gateway, which allows the
controlling of household smart lights from anywhere in the world, looks like a simple plug and is only about 2 by 2 inches.
A smart thermostat also could remain connected to a previous
owner’s smartphone, which could have been set to automatically change the temperature at a certain time each day.
A connected car? Henderson said he had one, sold it and determined that
some of the remote authorization he had were never revoked.
A smart object may be sophisticated enough to manage lights or appliances but still not be smart enough to know it has a new
owner.