Developing an IoT Nightmare: My Smart Fork Ate My Data

Dr. Ben Zorn, co-manager of Microsoft's Research in Software Engineering (RiSE) group, wonders if the smart fork you are using to eat your spaghetti could be hacked.

It may sound like an IoT far-fetched security nightmare but it is a real possibility.

"If you look online, there's a smart fork and it's like wow, but the fork has a processor in it and it counts how many times you lift it," Zorn pointed out in a Microsoft podcast, "How Programming Languages Quietly Run the World," this week.

A clever gadget that counts how many times you engage with a plate of spaghetti or whatever you chose to eat and keeps track of how many forkfuls you're indulging in may be a boon to the diet conscious.

But what Zorn is concerned about is how the software for the fork and other IoT appliances was developed.

Are there protections built in to the smart fork application to keep it from being hacked? So that in a worst case scenario it might provide a way into your home network that connects your PC, smartphone and tablet.

As Zorn told his audience: "These things, by definition, are connected because they wouldn't be smart if they were just by themselves, and you don't necessarily know what software is running on them. And you don't necessarily know if somebody has compromised that software. So, for example, yeah, I don't really want to have to worry if my fork is trying to steal my Internet and my wireless password."

Zorn reminds listeners that in the brave new IoT world, there are smart toasters, too.

Could hackers use it to turn your PC data into toast?

The October 2016 denial of service attack on the Web was linked to hacked baby monitors. Prior to the attack, a HuffPost blog had warned parents that baby monitors were vulnerable.

As a New York Times article reported the day after the Web outages: "... the attack appears to have relied on hundreds of thousands of Internet-connected devices like cameras, baby monitors and home routers that have been infected -- without their owners' knowledge -- with software that allows hackers to command them to flood a target with overwhelming traffic."

Zorn and others are working on making all these IoT devices from smart forks to bathroom scales more secure.

It starts with application development. There are a lot of questions. How is the software being developed? How concerned with security are the developers? Will there be updates? What about security patches? What protections do consumers have?

"We know about Windows updates," Zorn said. "We know that we see PC updates frequently. But how many people update their fork?"

Software quality and security issues are all made problematic because of the marketing pressures to get IoT devices out to the consumer to beat the competition.

"They've got to get to market fast," Zorn noted. "Usually they're built on a software stack which is open source. But the biggest problem is, the level of scrutiny that people pay attention to with these things in terms of are they secure, what levels of care are made in creating that software?"

This is where it becomes a developer's concern.

Zorn said the Microsoft RiSE group is working to address IoT software quality issues.

"We work on software engineering problems," he said, "like how do we build software more effectively? How do we deploy software more effectively? How do we help developers understand where the problems in the code are, or what problems they should maybe do a code review for?"

One hopeful solution is to create open source software components that are tested for security and reliability. Rather than writing one-off code for IoT devices, developers would be able to use certified components in something like the Software Oriented Architecture (SOA) model.

Zorn is also working with the federal government on the possibility of creating an IoT version of Underwriters Laboratories (UL), which certifies product safety.

But until safeguards are developed, IoT security issues will continue to be a problem.

"This is an analogy of the Wild West," Zorn said. "Right now, we're just seeing all the problems that can emerge."