Hugo Fiennes was the Hardware Manager of the original iPhone, a patent holder for NEST and is now CEO at Electric Imp. Few people understand hardware security better than Hugo.

He shares his thoughts on some of the major considerations that IoT hardware needs to, but largely isn’t, taking into account. IoT security encompasses requirements that are new for many product designers – provisioning, authentication, OTA upgrades and link encryption – and weaknesses in any one could potentially be used to compromise the security of the end product. From physical attacks to analysis of communications channels, there are many possible attack vectors that need to be considered.

From hacked routers to refrigerators sending spam email, there have been a lot of scary news stories about Internet of Things (IoT) security, or lack of it. Some great thoughts on making sure you don’t make the headlines for the wrong reasons.

The BLN is now Business of Software Business of Software runs conferences for people that build great software businesses and products. To access talks online, hear about new events, contact speakers and stay in touch with great ideas, share your email address with us.

We'll NEVER sell your email. Unsubscribe anytime.

Transcript Below

Hugo Fiennes, Electric Imp: Hello everyone. It’s fun to be back here. It really this. This stuff has moved on, but I’m going to talk about general security here. There’s a tiny contractual obligation at the end. But I’m mainly talking about security and the IoT, which is something which is very concerning for me, as someone who is trying to solve it. But, also, I kind of want to see the problem solved. I don’t want stuff to carry on going the way it has been going for security. So, first, we’re going to get some scary bits. Really, security is something you must think of first. It’s beyond privacy, but you can’t have privacy if you don’t have security. And this is something which people are not doing in the market right now. Some people, I’m sure, there are lots of people here who are, but if you look at the market, the products coming out, there’s lots of really bad decisions being made. And its bad decisions being made which will hang around for at least a decade with stuff going into the field, and we don’t want to have the whole Scarta systems hooked up to open modems thing again because that’s pretty bad, as well. And you know, why? This is bad! You know, these are just the stories came out in most of these about the false cam webcam including the respondent’s failure to reasonable secure was the FTC ruling [Laughs] which was like, you know, that’s obviously the worst thing you want to see as a company is having a government agency tell you did something wrong. But, you know, there are all these things. The HP studied 70, studied a whole of 25… I mean, yeah, I think they surveyed about 25 products.

But they found like 70% of them weren’t even using encrypted connections.

And it’s like really? 70%? It’s really quite frightening what people are shipping into the market.

And I think hackers are just getting started with this. I just, I did this survey. I just, actually, looked at the DefCon, the DefCon abstracts for the last five DefCon, which is a hacking conference in Las Vegas. It’s not Black Hat where people do really serious, scary stuff. This is where people do the lighter side of hacking. It’s quite fun. You know, go there if you want to go and see what it’s like. It’s actually great. You go there and there’s no registration. It’s like pay cash at the door, and you get given a badge. There’s no [Laughs] because it’s like no one wants to give their name, strangely. But, I mean, interesting to see that actually the trend in number of sessions about IoT hacking, especially, you know, the IoT type stuff and consumer. There was suddenly a lot of people hacking consumer devices, which are out in the field now. And people are just getting started. You know, it’s, it’s kind of a very target rich environment out there in consumer IoT. So, some of this I’m going to talk about in consumer… It does apply across, across the spectrum and, to some extent, commercial industrial sometimes think, “Oh, well, everything’s behind our firewall anyway, which is exactly what, you know, the guys in Iran thought with their centrifuges as well. You know, you’ve got to be a little careful about that. So, one of the questions is why are there so many insecure ones?

One of the problems, I think, is that product companies are not aligned towards this. Really, it’s not an area they have experience with. They make products. They know their customers. They’ve now got told by marketing to make a connected product, and, so, they, like, tag a connection on the side and go, “Are we done?” And also, they work serially. Generally, what you have is you have an engineering team that they’ll do a product. Next year, they’ll work on the next project. Next project. There’s no concept of sustaining engineering, and the difference with connected products are you can’t do build, ship, forget, which is what most companies are doing who make consumer products, at least. They generally only see their products back if it fails. So, they just go like, well, you know, they’ll ship a version of firmware, and maybe they’ll do a couple of revs on it to get some little cheating bugs out in early production. And it’ll be the same forever. And the guy who built the firmware built it on his laptop without any source control because they’re not software companies. And they have this problem that they can’t, you know, five years down the road, if they wanted to do a firmware update, they might not, actually, be able to. They might not have the actual traceability and stuff that they actually need because they’ve never had to actually deal with this sort of stuff. A microcontroller was programmed, put in the field, and never changed. Had no facility to upgrade it even.

But that doesn’t work with connected because the world is not static. You’ve now exposed it to a whole lot of nondeterministic nasty people. And things change over time. You know, up until the hour before Heartbleed came out, everyone who had a fully patched server was like, “Yeah, my server is secure.” And then, in that moment, everyone went, “Oh crap.” And suddenly, you know, rushed to the logins to patch everything, but it was the point. No one knew. You can think you shipped something that was absolutely secure, and it may be on the day you shipped it. But the day afterwards, it could be absolutely blown wide open. And that really doesn’t work very well with product companies. They’re not used to that.

So, this is, and I have to do my Alec Guinness now,

“It’s your home has become a wretched hive of scum and villainy. We must be cautious.”

But you know, this is what it’s going to be like if people don’t change. You know, you will be having Spam come out of your power monitors. Your dishwasher will be trying to update its firmware from a server whose IP address has changed. And the people who made your connected lights didn’t update their app, and, hence, you can only use it with the phone you stopped using years ago. And, you know, that’s frightening, and that can happen. I think probably will happen for certain grades of product. But what can be done about this? [Laughs] So this is what I’m kind of here to talk about.

This is going to be a fairly high level thing. I did a very deep dive into IoT security right down to, like, you know, power profiling and glitching attacks and stuff like that. If anyone wants those slides, I did them at the Arm TechCon last year in Santa Clara, I can email them the slides. So, this is going to be a bit of a higher level version of that.

But the number one rule: secure firmware updates

Without user intervention, is a very good thing because otherwise you can’t fix anything once you’ve shipped it. And this, you know, you look at your home router. Hands up. Who’s upgraded their firmware on their router at home? That’s pretty… About 40-50%. Maybe. That’s pretty good. This is a tech audience, though, I guess. So, you’re good. You know, but most people don’t. I mean, there are some which manage by the ISPs and that’s fine. But the number of holes in routers. Routers could self-update. By definition, they’re hooked to the internet. But no one does it. And, you know, but Belkin had a great one. They had signed firmware updates. Unfortunately, they had put the key in the firmware, and people found that. That wasn’t good.

There’s a great one. If you look for the dealing connected, there’s a great page ttdevttys0.com or something where the guy, before it shipped, they posted the firmware update. The guy downloaded the update, cracked it. They did another firmware update. He cracked that. They did another firmware update. He cracked that. This was all before it had hit the market. They had, like, four firmware updates, and he cracked every single one. And then he just lost interest because it was just no fun anymore. They weren’t throwing any challenges out, but, you know, that’s the thing is people are doing this stuff. They’re shipping stuff out to the market, time to the market. It’s like, “We must get it to market,” but they’re not thinking about the damage to their reputation. Like, I’m not sure I’d buy a d link product. You know, I think a d link switch it works. So you know… But that’s number one rule.

Number two: really start at product definition.

People are defining products and they’re going, “How do we make it secure?” And it’s like, every single thing you are doing, you have to think, “Can this feature that marketing want be done securely?” They want something that can walk in and press a button on the phone and it all works without, say, authentication. It’s like bad idea. You need to think about that. What if they’re, the wireless network is being shared with your neighbours? You can’t relay the local network being your security layer. But the problem with this is products get a long way down, and then someone goes, “Now, let’s make it secure.” And then you have to go back and break features. So, you need to think about it very easy… Early. You need to think about the feature set. You need to think about the user experience. You can still make good user experiences secure. It just takes a lot more thinking about it. Make sure your set-up process is secure. A lot of these aren’t. I mean, even Google Chrome, the Chromecast plugs into your TV. You can send dissociation packets. If you send enough, it drops offline and comes back in conflict mode. And then they did a Rickroll once that would play Rick Astley on your TV just by pressing a button on any Network which had a Chromecast on. Just kind of cool.

And data flows. The other thing.

What is the appropriate level of protection?

There’s always an appropriate level of protection. There’s a how much money you want to spend to secure something. And there are commercial considerations here. You can’t… Everyone can’t have, you know, military grade security with a… What military grade security is, I don’t know. The other one is budget for it. People are shipping products and going, “Oh, you’re shipping to the field.” And leaving aside the thing that, remember, Apple’s going to update their OS every year. You budgeted for, like, getting those consultants back and refreshing your app. Often not. But, you know, along with like, you know, app maintenance and stuff like that, security maintenance isn’t free. It’s better than the alternative, though. If you’re trying to build a brand and build trust with consumers on connected products, you need to try and get it right. You need to at least, you know, be aware of this stuff and don’t say stupid things as soon as a breach is notified. We’ve had that recently. So, you know, updates for the product lifetime. So, people have talked about poison pills in connected devices that when you stop updating them, you need to make them go away because an insecure device is worse than a semi-working insecure one. That’s kind of an interesting point, and I don’t think the world is quite ready for that yet. You know? When my water heater is not, is now 15 years old and is out of support, do I disable the connected features completely because that’s the best way to keep it secure or do I just send an email to them saying this is going to be insecure, could be insecure… Click here if you want to carry on using it but we don’t recommend it. There’s complicated areas there which people are going to have to think about and, you know, that’s an application thing. But you need to have development discipline to do this, and that’s something which a lot of places don’t have.

This is going slightly into a technical thing. What are you concerned about? What are you trying to protect against? There’s some things which are very hard to protect against. Physical. Physical is very hard to protect against. If someone has direct access to the device, they could do almost anything with it, whether or not it has to do with the internet. They can, like, pull the wires out connected to the motor and make it do funny stuff. But, really, you know, there’s, you look at the physical, the local, man in the middle attacks. Server side attacks, what areas are very vulnerable, what modes are vulnerable and can be set up at modes, for example. And how much cost can your design bear? This is the level of security you wanted. How much paranoia you have, essentially.

The other thing, which people talk about a lot in hacking stuff, is your attack surface. The more things you try and do on a device, the more areas you have open, the more likely you are that someone’s going to find a problem with one of them. And, often, once you’ve found one hole, game over. You know, once you’ve found a way in, you’re gone. It’s like Apple will do loads of work on secure boot, and then someone finds a bug in Safari. And suddenly they’ve got, they’re back at their user level, and they find a privilege escalation and bang, they’re route on your phone. Which is kind of how some of the, the boot run chain hasn’t been broken. I think in the last three phones. But people have still got jailbreaks on it because of that. You find your way in one place and work from there.

So, just an example of physical security. You know. You need to pick an appropriate level of paranoia. It doesn’t need to be expensive. You just need to not do silly things. So, if you opened up, you know, if there was a, a thing at DefCon last year where they cracked I think 40 consumer devices in 20 minutes or something. And it was like, they just opened up and went, “Oh look! There’s a header. It’s a four pin header. Probably a serial pin header. Oh look, it’s got a Linux console on it. Done!”

Audience: [Laughter]

The BLN is now Business of Software Business of Software runs conferences for people that build great software businesses and products. To access talks online, hear about new events, contact speakers and stay in touch with great ideas, share your email address with us.

We'll NEVER sell your email. Unsubscribe anytime.

And then there were other ones where they went like, “Oh look! There’s an embedded MMC. Hang on. I’ll just ground that one and put an SD card in it, and I can boot off anything else. I can read the data throughout or plug an SD card in, read the entire route file system.” Bad! There are things we can do which are similar, but, you know, when you actually look, if you just, like, hide your test points and take out the backdoors your engineers have put in for debug in your production build, that can cost you nothing. It then gets to the points where he has to pull the chip off and wire it and spend a week delving around to get into your system. That is nothing, but then if you actually disable it in the micro-controller, you have a secure boot loader, you’ve got proper memory protection things to guard against Runtime flaws, you’re talking about, you know, maybe $100,000. Maybe having to fib a chip and actually change a metal layer to turn off the protection at a chip level to crack into it. Free if you people are going to bother spending $100,000 on a talking toy. So, you’re probably safe there, but, you know, and then, you know, you go more over that, you’ve got things like silicon fingerprinting and all these interesting incredibly hard to replicate, but it depends what you’re trying to do. The main thing is just have some, just find some hackers or some security consultants to try and fall over your product before you get it out of DVT stage, before you go to production, and they’ll point out 3 or 4 things which are very cheap to fix. And they give you some extra security.

But the main things are, the main problems with attacks are the ones that are replicable. As I said, if someone has physical access, they can do anything. It’s fine. As long as they can’t take what they find from that, like, pull keys out and then go, “And here’s something. Here’s a program that runs on Windows which will then attack everything on the local network“. Or, even worse, “here’s something I can point at a showdown, showdown web crawling of internet accessible devices take all of these URLs so IP addresses and compromise them all and have them sending Spam in ten minutes“.

That’s the thing you want to look out for.

So, you know. This is one of the things which you’re trying to look at, and, for physical security, you know, it’s physical security is generally you want to stop people getting stuff out that can be used to do these type of attacks. These type of attacks that are the damaging ones. These are the types of attacks that ruin your reputation. One person hacking your thing, if no one else can replicate it without de-soldering the chips, not really a problem. So, this is where we get to the point of platforms, what a platform is good for. Now, obviously, we sell a platform. There are other platforms. But the main thing is that you should really separate your OS from your application. This is how it becomes a tractable problem. A lot of people, right now, in embedded, are kind of, it’s not even where we were 40 years ago with real systems. Embedded is used in every bit of code you compile in a tie binary image and put it on your device and go, “There we go. Done.” But connected devices are very complex.

You have multi-threaded. You have, you know, stacks and OS stacks and resource management, all these type of things going on. And people are building all of this into their single binary image and shipping it. And that doesn’t work so well because it means that only you can maintain it. If you make it, you have to maintain it.

Now, not everyone can afford to do that for every device they make, even they make in a single company. Whereas if you have a separate thing, if you have, like, you know, the standard computer model of an OS and an application, someone else can maintain the OS for many customers. Someone else can have security experts and maintain that stuff for many customers, and that’s where it starts to become a tractable problem. Now, obviously, we do this, and we do it in a certain way. Other people do it in other ways. I mean, Arm is doing embed OS, which I’m guessing is going to be, you know, something similar. They just bought people who made RTLS stacks. So, yay! They’re thinking about security. They’re thinking about a stack level thing, but it’s really really good to have that separation so that people, you know, people making products, concentrating on the application. It’s not like, you know, if you’re making a spreadsheet on a windows machine, it’s not like you write your own disc drivers to save your files. You leave the OS to do that.

The issue is, in embedded, it’s very hard for the engineers to have that step of giving up complete control. But it’s something that people are going to have to be able to do to really be able to make many good products. You just have to give up that and trust that someone else would’ve made good design decisions for you. The other thing about this is it has very good alignment. If a platform provider is trying to keep a platform secure, that’s all they want to do because if their platform isn’t secure, they will lose customers. [Laughs] And so they’re aligned with, like, the long-term connectivity, maybe a decade down the line keeping that platform secure. It’s all they have to do. So that works really well.

Also, platforms can do stuff like insulate from the hardware which because hardware moves very fast, especially right now in IoT. You know, last year on stage, we announced the M003 which was like a two chip solution, which was like about $8. Now, we have a one chip which is about $2 and it’s a single dye of silicon. And using our platform, you can just go, “Ah, my code just moved because it’s in the VM.” It just moved directly onto this $2 chip with Wi-Fi and everything. So, you know, you can get that level of mobility and not, you start developing on one thing and by the time you ship, you’ve got the rest of your application ready, the hardware’s cheaper, which is really good. So, I kind of just said that but [Laughs].

This is kind of the contractual mention. We make a cloud platform for people to build connected devices with. We deal with lots of the things which are key about connected devices and security, an arm to your application. But we work with people who want to build devices but realize that it’s not the best use of their time to do all this digging and all this security maintenance. Someone has to do it. We would like to do that for you. And that’s about it, I think. And I said if anyone wants the TechCon slides, then bug me afterwards and I have a great one which is it’s all fun about, like, you know, power glitching and power signature analysis and all the fun stuff. But and we’re hiring as well in Cambridge.

So, [Laughs] if anyone has any questions, I’m quite happy to try and answer, answer ones. It’s kind of weird because I’m CEO and Cofounder. And I’m also an engineer, but that’s good because we make a platform. Platform should be built by engineers because they’re for engineers. So, you know, we have a low bullshit thing hopefully. [Laughs]

The BLN is now Business of Software Business of Software runs conferences for people that build great software businesses and products. To access talks online, hear about new events, contact speakers and stay in touch with great ideas, share your email address with us.

We'll NEVER sell your email. Unsubscribe anytime.

Audience Question: Hi Hugo. In one of the threats I’ve seen in a couple years, I’m curious if you have a suggested solution is device reliable device identity? Because one of the risks is the example of a sensor in the link and tunnel, right?

Hugo Fiennes, Electric Imp: Yeah.

Audience Question: That says there’s a radiation threat and Manhattan gets shut down.

Hugo Fiennes, Electric Imp: Yep.

Audience Question: If someone’s spoofing identity, who’s problem is that? Is it ultimately the hardware or software? Where do you see that problem getting solved?

Hugo Fiennes, Electric Imp: I mean, it’s a system level problem. I mean, I think there are ways you can address that. Some of the stuff that we do in our system is every device doesn’t necessarily have an identity. The usual, like, Mac address. It has a big long secret which is stored in an area of memory which ten of you should be able to get to. You know, it’s harder protected in several ways. And then you never send that across the link. In case the link is being compromised. You send challenges against it. And then you can tell it, “Is this valid?” Because if it doesn’t have that secure identity, it doesn’t matter if it has access to the communication link. All you know is that something which was not out… Your challenges giving you data. So, you discard it as bad data. It doesn’t help you get the good data. It does help you reject had data. And there are some people like finger printing stuff, which is like incredibly hard if not impossible. I mean, it’s, the guy lost me when he started going off into how it worked. But it’s incredibly hard. It’s the actual characteristics of the silicon which are being used as the unique identifier. So, you can do interesting stuff which is pretty much impossible to replicate. But yeah, I mean, you know, part of it is provisioning. You want to know that, in that process, someone can’t go, you know, provision a device and say it’s in the link and tunnel. Wait a year. It’s actually not in link and tunnel. It’s in their bedroom. And then start feeding bad data into it. You know, you kind of need to be able to have a provisioning process which will deal with provisional locality and can’t be redone and all of these sort of things like that. One time provisioning. But it can be addressed cryptographically. And it’s just that some people don’t think about that. They’re just trying to get the thing working, and I think that’s part of the problem with design. You need to think worst case all the time, especially for a critical infrastructure. It may be easier for a talking toy. [Laughs] Anything else? Oh, at the back.

Audience Question: I’m told by experts I’ve spoken to that there’s a trade-off by productivity and security i.e. there’s a curve which says if you have absolute security, you can do nothing.

Hugo Fiennes, Electric Imp: Yes.

Audience Question: How do you see that balance in the connected world?

Hugo Fiennes, Electric Imp: I think the balance is something which is interesting. People don’t know it yet. I mean, you know, there’s, you always get, like, the very high security projects which I believe happen in government stuff, where they get completely hamstrung because the requirements are so stiff they work out they can’t build anything within that requirement set. It’s always best to try and start with too much and cut back. [Laughs] You know, it’s just like if, for example, the provisioning isn’t working and you can’t get your per device signatures, maybe that’s okay at the beginning and then you can internally work out, “Hey we’re going to deploy that and work out how you can update something in the field to like step back.” But I mean, this is a part of thing. You need to find it. You need to look at your use cases very carefully with the people who are actually asking you to build this stuff. It’s like there’s no point if marketing say they want this thing and you say, well, it’s going to require physical locality and a special chip in your phone in order to get the security you want, they’ll go, “Oh, but you don’t really want exactly that.” And they may step back at that point, but you’ve got to get that buy in of how it’s actually going to work before you spend, go down a lot way because I think the problem with security on some things is they go down a certain way, they realize it’s a problem, and they’re too far down the path and too committed, and they have to ship. And that is the worst thing ever because that is when the bad stuff happens because it’s just like, “It’s not secure. We’ll fix it in the next one.” And it’s like, for a device that’s in the field for a decade, the next one may be 5 plus years away. So, it’s always to say everyone always has infinite time, you know, when they’re [Laughs] but it’s time before shipping is a lot easier than time after shipping.

Mark Littlewood: Thank you.

Hugo Fiennes, Electric Imp: Anyone else?

Mark Littlewood: Can you give a little, I mean, just a quick overview of your background because you didn’t-

Hugo Fiennes, Electric Imp: Oh yes! Sorry, I… People here before will find it very boring. But quick. My background is I did some various stuff with Symbian and mobile bulletin boards back in the ’80s.

Mark Littlewood: It doesn’t look like he was born in the ’80s.

Hugo Fiennes, Electric Imp: [Laughs] I was born in the ’70s. Just. Early ’70s. So, I did communications stuff back then, modems, stuff like that. I did Symbian mobile stuff. I did MC stuff. I made car .mp3 players. My car .mp3 player company got acquired by Rio, made other .mp3 players. Apple hired me after that. I did the first four iPhones, which weren’t hardware secure. We found that everyone wanted to buy them and unlock the bass band, it turned out, so they could use them in other countries. But we weren’t trying to protect against that, so they still bought them. So that’s fine. [Laughs]

I was at Apple for, like, five years. I just a year before the end I did the Nest Thermostat design, the hard rock architecture and sort of how that fit together. But when I was at Nest, you know, it was like Nest was just making a connected product. And they did a fairly good job of security. It didn’t have physical security. Though someone did a hack where you could buy one, hack it, put your Trojan in it and then return it to Best Buy, and they’d sell it off the shelf. And you’d end up with your Trojan in someone else’s house.

So, that wasn’t perfect, but at least these encrypted, at least these encrypted, the communications. So, and, you know, they probably address that now, anyway. And but so Nest was interesting, but, you know, they were they were attacking everything in a very sequential manner, in a product company way. And it was like, “Okay, we’re doing this! And now we’re doing a smoke alarm. Oh, and it’s got a different chip in it. Oh, let’s write everything again!” And then I saw that as kind of, like, that wasn’t solving the bigger problem. The bigger problem is if I want, as a geek, I want to buy connected devices because I love toys, there aren’t any good ones. Someone should try and help people make good ones. So, you could say that’s consumer-ish, but, you know, I want to see efficiencies as well. I want to see the world work in a more efficient way because IoT is delivering data from real world objects and causing things to be more efficient and less resources to be wasted. I mean, that’s a huge huge thing. And I would have loved to announce one of our corporate partnerships, but it’s been announced there. It’s on my website, but I can’t say the name. But we have some, like, commercial equipment people who are using our stuff to monitor big expensive pieces of equipment around the world.

I don’t think… It’s not mentioned on my website. No. It will be next month, though. They said we can talk about it next month, but yes. That’s my background. It’s geeky communications-y a long way back.

Mark Littlewood: Okay.

Audience Question: I’ll pick up on that. A comment of what you just made is what you just described is very similar to what I was talking about in terms of large scale equipment, making it more intelligent in cities. I was going to comment and ask a question, but the comment was when I first started getting into my work talking to designers… They told me if you want to understand cities, read Jane Jacobs “The Death and Life of Great American Cities.” They all told me that. I read her book, and it’s based on the idea that cities work when they create safety and privacy for people. And the link between that and today’s discussions is cyber security privacy, I think, is stunning. So, it leads me to the question, having just tweeted a link to New York’s traffic lights being hacked.

Hugo Fiennes, Electric Imp: [Laughs] Oh, there’s a great one. All of Michigan’s ones were hacked and today was an open Wi-Fi just on a weird frequency.

Audience Question: Yeah, there you go.

Hugo Fiennes, Electric Imp: [Laughs]

Audience Question: Because no one thought it would ever, anyone would be interested in hacking, right? So [Laughs] I just wanted to comment to the degree of which you’ve already seen people asking or looking at your level of security for things around public infrastructure, transport systems, all of those things that we see in the smart cities as well.

Hugo Fiennes, Electric Imp: People have. And I think infrastructure, the thing is that I think there’s a certain amount of thrash where cities who in the US have quite a lot of power to work independently are commissioning their own things, but you want to have a government standard. So, you must have this level of security because then you must take over… It takes over all the responsibility of them. They’re a bit paralyzed by making decisions in case they make the wrong one, deploy something bad, and then get elected out or whatever because that’s, kind of, how politicians work. I mean, there is, there are very real people working in the security field, especially for connected cities. We’re not really in that area because, you know, currently our stuff works on Wi-Fi and Wi-Fi is not everywhere, but when we get to other communications models, then it may well be. There are a lot of people. There are people who know the right thing. I think the issue is there are still people waiting for universal standard, and I’ve kind of said this before. I don’t… I think the universal standard exists already for connected devices. It’s called restful APIs. You just have to move them from the device up to the cloud. But I think a lot of people are waiting for a standard that if there was a, if there was a government blessed standard, it’d be great. But it’s unlikely that that’s going to happen, and it won’t suit everything either because standards don’t. Standards fit a vertical, and it’s like, but how can we secure our IP cameras? And it’s like well, you can’t with that. Doesn’t work on that bandwidth level. So, you have issues there. I love how that didn’t answer your question at all.

Audience Question: No, it does.

Hugo Fiennes, Electric Imp: But, you know, people are thinking about it. There are cluefull people thinking about it, and I think people like DefCon, the conferences like DefCon, are keeping these people honest, to some extent, because, like, everyone’s like, when this Michigan one came out, it’s like I think it was like all this stuff was on 5.4 gig instead of 5.8 and someone found a 5.4 gig radio on, like, Ebay and found, like, “Wow, I can connect to any traffic light and control any junction in Michigan.”

And it was like, people went, “What?” There was no password even. There was just open web stuff on that and a helpful DH server and everything. And it was like well, yeah, that wasn’t a good thing, but people seeing that and they’re being embarrassed into thinking a bit more. And it’s like, “We don’t want to be featured at DefCon.”

But that’s, you know, but that’s DefCons, they’re actually, they’re fairly tame. You know, that’s, they’re people that talk about their exploits. Often tell you what they’re doing. But the real problem is when naughty people, really bad people, find this stuff out. Maybe the NSA. You know, they will find this. If they find these holes, who knows what’s being exploited? And it’s more that, often, with embedded systems, you don’t know who’s, you don’t have the resources to log every access or to, you know, try and audit this stuff properly. So, it’s like if your network isn’t secure, you actually don’t know the extent of the damage, and that’s problematic. That really is.

Mark Littlewood: One last one?

Audience Question: So, building on that question a little bit and on your point initially that you can’t have privacy without security.

Hugo Fiennes, Electric Imp: Yep.

Audience Question: How do you see, can you amplify on how your platform platformizes, forgive that word, privacy, aside from security, given that they are overlapping but distinct?

Hugo Fiennes, Electric Imp: So, our platform is very much, anyone using it, we don’t touch the data. The data belongs to the person who is paying for the service. So, that means they’re completely flexible to do whatever privacy policy they want. So, for us, we keep the data secure. We encrypt it. You know, it’s authenticated. All these bits and pieces about passing the data, but, for us, you could just say that’s just passing the bucket, just like, “Whatever. It’s whatever you want.” Because the applications are so wide when you have a platform, I don’t think you can be prescriptive as to what, what privacy policy works because it can be very different from a consumer device to an industrial device which is leased. And if you’re monitoring a leased industrial, you know, take it, it belongs to you. It’s your machine. And your data is going over someone else’s network, but you have the right to collect it, you have the right to analyse it, you’re looking at usage patterns and all this stuff. And so we can’t be prescriptive about that. All we can do is make sure that the data is passed as securely as possible. Privacy is really case by case.

When people talk about devices talking to each other locally and having these, you know, the OS of the future, there’ll be a standard protocol for IoT. Everything’s going to talk to everything else. If that ever happens, which I don’t really believe it will, but if that ever happens then privacy would be an issue because it’s like how do you implement security, privacy policies on a per device level with people who want updates in their firmware? You know, it’s like, do you do encryption?

If you look at some, they have very, very fine-grained keying systems at the device level, which is quite heavy for the device, but it’s kind of the right way to do it because they go like, “Well, if you’re in every light switch, the person who owns the building has the right to control light switches or look at them, the tenant has, and then the person in the cube in there. You know, there’s multiple levels of control you may want in an infrastructure system, but people are still feeling their way around, how this works. And OIC doing that, actually building it into their speck is a very, is, you know, very forward-thinking, and they’ve put a lot of work in what people are trying to implement it. And a lot of work on provisioning, but, you know, cures them for actually looking at the problem and going like, “Well, this is not a simple problem. The solution cannot be simple either. We cannot gloss over it. And I think, you know, there’s thinking there going and… You know, smart people are thinking about this in many areas. For us, we take the simplistic. Your data! [Laughs]

Which is good, you know. Some people, they worry about platforms owning the data that passes through, and they’re like, “We don’t want your data.” Apart from this, we don’t want to be subpoenaed if there’s some legal data about that. But cool. Thank you very much.

Mark Littlewood: Brilliant. Thank you so much.

Thanks for watching that talk. I hope you enjoyed it. For more talks, go to thebln.com or better still come and join us. See you soon.