Thursday, November 6, 2014

The Internet of Us - Hardware Nowhere

Never leave your buddy behind in Houston, Texas!

The Holy Trinity of Hack

My friends and I used to joke around that there was a "holy trinity" in hacking. You had to understand software, firmware, and hardware in order to bring any value as a security researcher. I still believe that is even more true today than it has ever been. 

The Internet of Things (IoT) movement means merging these three paradigms into a more tightly bound conglomerate than ever before. Software on your cloud/laptop/desktop links to the firmware on your IoT's hardware, which transmits data upstream to the application firmware on your phone's hardware... bla bla bla

Bla, Bla, Blah!
We get it. Everything is connected. 

A Rad New Whatever

What's really cool about this movement is that we're seeing shifts in everything from architectural design to manufacturing. And the manufacturing is key. Think about the average Internet of Things concept. 

Do you want a Rad New Thing to connect your Blah to your Meh? Of course you do! Your Meh will now be IoT capable to speak to any Blah that understands Meh's protocol! 

We're connected! And it's So Special!
But, where do you pick up a Meh? With all the new IoT products that will be saturating the market in the coming years, how does one more easily go out and purchase this a device from the wild ecosystem of choices we'll have? 

I'll tell you how. You wont. The device will be made in your home. 

Get Outta Here

No, really! Have you checked out BotFactory? Their 3D printer, Squink, which survived its Kickstarter round in August, is designed to do this very thing. Sort of. 

Squink is the first step in this direction, and BotFactory clearly has the idea of home manufacturing in mind for their end game (at least they had better, or I'd be a really confused VC). 

Dog, I thought you wuz makin' serious tech, bruh... 
Squink takes 3D printing to the next level by introducing the concept of building printed circuit boards (PCBs) in the home. But, they even promise to go one step further. They state that Squink will be able to function as a Pick and Place machine as well. This means that not only will it be able to print circuit boards on demand, it will be able to place components on the board as well. 

The next step? On demand builds of hardware devices, flashed with firmware downloaded over the Internet. 

Need that Meh for your Blah? You've got it! 

But What Does It all Mean?!

If you're still wondering why this is important, think about how manufacturing affects the cost of devices that you use. Think about FoxConn in China, and the workers that have to build products for Apple. Think about the increased cost of business not only for those local economies, but for the companies that outsource from their home country overseas. Think about the massive amount of hardware trash piled up in India, Malaysia, China, and other countries that tear down and harvest the components we throw away. 

No, really....

Simplifying the manufacturing process to the homes that want the devices means the potential to change this existing model. It means decreasing the cost of manufacturing and making only one device instead of one hundred devices just so one customer can acquire that one device. That can disrupt a product's entire pricing model, ecological impact, and availability in a major way. 

This also means that hardware becomes far less important. Instead of hardware seeming like this esoteric voodoo magic box that only a small percentage of us understand, it opens up and becomes widely accessible. Why? 

Because we no longer need to care about it! Anyone will be able to build and play with their own circuit boards on demand at little cost! And they will be able to share their designs for free over the Internet instantaneously! That's incredible! 

Models Gonna Modulate

Essentially, we're on the precipice of another shift in computing. We oscillate back and forth between highlighting the importance of software, to the importance of hardware, and back. We're about to shift again. For how long? Who knows. That doesn't matter. 

What does matter is that security models will account for the upcoming change. How do we secure devices that are made on demand in the home? How will provisioning work? How will the firmware be loaded onto the new device? Can the firmware be signed and delivered over the network? If so, what does that require on the part of the 3D printer? 

There are many questions that must be answered here, and at Lab Mouse Security, we're preparing our answer. 

As always, if you have questions about IoT security, or want to engage us for a code review, please reach out to us via our Contact Page. 

Best wishes for the Internet of Us!
Don A. Bailey
Lab Mouse Security