In the brave new Internet of Things, everything’s connected to the internet. Your TV, your thermostat.
For cheaper stuff companies may decide not to spend the money for extra security. So, if you’re making, say, a new fitness tracker,
“It would be a lot easier, and a lot cheaper to design it without having encrypted storage, without all sorts of things that some people think you need to have,” said Lee Tien, senior staff attorney at the Electronic Frontier Foundation.
Because security is pricey, and consumers want cheap gadgets. For example, when a company first rolls out a product,
“You could spend tens to hundreds of thousands of dollars making sure that the first release is secure,” said security consultant Barrett Lyon.
So then the next question is, do you keep it secure? And for how long? For the life of a product? To do that, a company has to send out expensive patches when holes in security are discovered. Some of the bigger, more reputable companies do that. They’ll even pay professional hackers to try to find bugs.
“I think bug bounties are a great idea,” said Darren Hayes, associate professor of security and computer forensics at Pace University. “And these bug bounties are devised to offer rewards to people who find a vulnerability in their product and inform the company. And then they get a reward.”
The upshot, Hayes said, is if you want your connected fridge, thermostat or DVR to be secure, you’ll have to pay more. Because for these products, high quality means more security.