The Internet of Things blah blah revolutionise fifty billions blah blah everything connects to the Internet blah change your life.
There’s a simple, boring, accurate definition: Internet of Things is a new name for ‘embedded systems’. There are already billions of invisible networked devices controlling parts of your life, and they’ve been running for decades. The major change is that more of them are connecting to the Internet.
A computer that is part of a device. Perhaps an electronic device that contains a computer.
Where a general-purpose computer can be adapted by the user to suit many applications, an embedded system is pre-programmed for a single, specialised purpose. Usually you will buy the device hardware and software as a single unit for a single purpose.
Here’s a few examples. You will own many of them.
These are all embedded systems. They all contain a programmable computer. Most of them connect to networks, some of them to the Internet.
Every single one of these has a slew of security vulnerabilities. They were all designed to be as cheap as possible. Practically none of them receive security updates.
Some IoT/embedded devices that give particular attention to security features are:
We’ll come back to these, as they provide great examples of the cost tradeoffs that we need to make to achieve good security.