So, in theory, we should get smart devices that arent stupid about security and dont get taken over remotely.That would be a welcome addition to a market currently swamped by security vulnerabilities that have allowed hard-to-detect privacy violations and fueled massive denial-of-service campaigns against web infrastructure.
Android Things, the IoT platform Google(google.com) unveiled at its I/O conference here, aims to transcend the problems Android has experienced on phones by taking device makers out of the update loop.Gadgets built on this foundation,
GoogleTechnology companysays, will ship with software hardened against hacking attempts and at least three years of guaranteed, automatic security patches.
How are you supposed to shop for a smart device?
Here in the reality of 2018, IoT security remains a big bag of unknowns.Manufacturers will introduce connected appliances without clear statements of how long theyll get bug fixes even though these things, if used like the non-connected sort, will stay in service for decades.
Alternate Title: Google is trying to make your smart home safer
Even answering basic questions about security
featuresSpecial attractionin an allegedly-smart device seems too difficult for some companies, while government regulation has been patchy and sometimes slow to respond to clear failings by firms.One reason: Its hard to know that a device without a screen or a user interface of any sort has been hacked.
That may lead to a certain willful ignorance or learned helplessness.I dont think that consumers are quite thinking about security yet, observed summed up Carolina Milanesi, an analyst with Creative Strategies.
All this contributed to a horde of connected
camerasA camera records and stores photographic imagesand other devices being hijacked and enlisted into the Mirai botnet in Oct. of 2016, then employed to launch denial-of-service attacks that left much of the web unreachable astride the U.S.In other cases, hackers have been able to tune into the video feeds of connected cameras by exploiting vulnerabilities in them.
Various third parties are trying to get a sense of the problem.For instance, Underwriters Laboratories is developing its own cybersecurity labeling program, Consumer Reports (disclosure: I occasionally write there as well) has begun testing connected devices for privacy and security, and a group of researchers at Princeton University is building a database of IoT security.
Have something to add to this story? Share it !
Things to know about Android Things
With Android Things,
GoogleTechnology companyhopes to give developers and customers more than just vague assurances.This platform is built on Google-certified chipsets from such manufacturers as Qualcomm (QCOM) about which those companies can build smart devices.Then it adds a secured and stripped-down version of Android, on which developers can write applications using standard Android tools.
Google promises a minimum of three years of security fixes for each major release.That itself is well short of the lifespan of a thermostat or an LED bulb; Google hasnt told what the maximum period of update support would be for Android Things, but its absolutely not just three years.The developer blog post announcing this platforms 1.0
releaseAnnouncenotes additional options for extended support.
Devices running this platform have been emerging since Jan. see, for instance, the Lenovo(lenovo.com) Smart Display that
LenovoTechnology companyintroduced then at CES, or the LG(lg.com) smart speaker shipped last month.But Android Things role went unadvertised until Google formally announced this effort on Monday.
During a keynote Wednesday morning, Android Things project-management lead Vince Wu said Android Things would soon show up in additional Google Assistant-based smart speakers and Smart Displaysand would work for everything from connected doorbells to point-of-sale terminals.Note, be that as it may, that Googles own Nest thermostats dont yet run on this platform.
Other attempts to address this problem
Milanesi, the Creative Strategies analyst, offered a tentative endorsement of Googles move but noted the companys competition.At CES Samsung(samsung.com) announced that it would incorporate its Knox security platform into its smart-home devices, and Apple(apple.com) (AAPL) has been pushing its own HomeKit platform, under which
AppleTechnology companyreviews and approves the security of third-party devices.
Last month, Microsoft(microsoft.com) (MSFT) introduced its own IoT platform, Azure Sphere.Based on the open-source Linux operating systemitself a major departure for the firmthis includes a full 10 years of guaranteed updates, a duration much closer to the service life of household gadgets.
The best possible next development would be to see the likes of Google and
MicrosoftTechnology companyprominently advertise their guaranteed-update timelines, if not get into some one-upmanship on that front.
Being able to compare the support pledges on different connected gadgets would mean you wouldnt have to feel so dumb once trying to buy a smart device.Until then, consider yourself more than welcome to hold off on flinging yourself into the connected-home lifestyle.
More from Rob:
Your crypto exchange probably less secure than your
emailE-mail (electronic mail) is the exchange of computer-stored messages by telecommunicationaccountThe agency that protects your privacy is in for big changesGmail still lacks these important features8K TVs are coming, but dont buy into the hype