Security will improve as technology improves but the main challenge of IoT is that unlike traditional software running on common hardware - upgradability and configuration is difficult due to the small form factor and awkward interface, hence why many IoT providers are going cloud first which makes sense from consumer level while it does not make sense from privacy point of view.
INSERT:
Btw while your toaster does not need to connect to your wifi many people forget what is the true value proposition here and why these devices need internet access - software - dumb devices that use the hardware only as operating shell but uses software to provide the smarts. In other words a toaster with WiFi connection will not provide you with a better toast but a toaster on your wifi might be able to serve toasted bread with broken hardware that is mitigated through a software upgrade.
The toaster example is extreme. I know! However if you look at Tesla you can apply the same principle at micro and macro level, i.e. the tesla already has the hardware for self-driving but it lacks the smarts yet - i.e. the software. Tesla converted the business of selling cars to a business of selling software - and that is way more valuable than just the car itself.
> upgradability and configuration is difficult due to the small form factor and awkward interface, hence why many IoT providers are going cloud first which makes sense from consumer level while it does not make sense from privacy point of view.
Remotely pushing updates and configuration doesn't necessarily imply loss of privacy in practice. I think that's a red herring. I work for Resin.io - we do automated deployments and updates and configuration management for fleets of IoT devices, but that's totally independent of how the device's data is stored and shared (or not).
Remote updatability does open up the _possibility_ that somebody could remote connect in to read that data out, or push an update to get to it, but that's quite a different gambit to devices that automatically scoop all your data, analyse everything you do and resell that to marketers. It's also essentially unavoidable if you want to have IoT that can accept remote updates, which given the IoT security situation to date is sadly clearly necessary.
This move to cloud-focused IoT architecture isn't about upgradability at all. It's a separate decision, with sometimes (often?) dubious motives, and that's where the privacy concerns come in for me. We shouldn't let the necessity of keeping devices up to date lead us to sacrificing the privacy of all our data, they're not that closely related. Windows automatic update is not really a privacy concern, Windows 10's ad tracking and cloud integration is.
I believe that we should look at this in a very different way. I frankly have no issues with remote updates and I don't think most people will have issue with the core of the idea as well. Why would they? This is more convenient than doing upgrade via USB and it is more secure in the long run.
But what I have issues with (and I think everyone else) is that I do not know if the upgrade is either not compromised or if it adheres to the same contact that I signed for - i.e. not to sniff my data and do other things I did not buy into.
Hence why, it will be a huge innovation if somebody can come up with a way of proving that software work as intended. Then the contact is the software and not the the TOS and I can use other software to verify that the software adheres to the contact I bought into.
I am sure we will reach to that level of sophistication one day.
There is something else that I would like to add as well. The idea of having your camera hooked on a cloud solution only works today because frankly we have a technology problem. Most people will not run their own data caters and the only convenient way of hook up your iPhone to have a continuous data stream is by signing up for a cloud service.
However, I think that will change soon as well. The first company (probably Amazon) which makes cloud technology seamless, i.e. consumers do not think about it, will revolutionise the market for IoT because you no longer have to rely on someone else's infrastructure that you would not trust - obviously you need to trust your cloud provider :) but cloud could be much as ISP - something that most people will sign up for.
> In other words a toaster with WiFi connection will not provide you with a better toast but a toaster on your wifi might be able to serve toasted bread with broken hardware that is mitigated through a software upgrade.
If something as simple as a toaster needs software to work around broken hardware, it means the device is defective and should not be used.
It depends on the toaster :) If you want to toast bread in various patterns that will most certainly require software. Is it necessary to have that? No! But if it cost little to nothing extra why would you not buy a toaster with this capability?
esp2866 coast as little as $10 and that is at retail price. From China you can purchase the same device for as little as $3 at retail and bulk orders are probably going to be way less expensive per a single unit.
AWS Lambda will charge you fractions of the cent per million requests and you do not have the operational cost. App Engine is mostly free if you don't have high volume.
Hence in the upcoming years, you will see the adoption of this technology at mass because it is cheep and easy to integrate!
I'd rather have a more reliable, efficient, secure, and well built "dumb" toaster with fewer points of failure than one that can print ephemeral art. (Is art what you meant by patterns?)
INSERT:
Btw while your toaster does not need to connect to your wifi many people forget what is the true value proposition here and why these devices need internet access - software - dumb devices that use the hardware only as operating shell but uses software to provide the smarts. In other words a toaster with WiFi connection will not provide you with a better toast but a toaster on your wifi might be able to serve toasted bread with broken hardware that is mitigated through a software upgrade.
The toaster example is extreme. I know! However if you look at Tesla you can apply the same principle at micro and macro level, i.e. the tesla already has the hardware for self-driving but it lacks the smarts yet - i.e. the software. Tesla converted the business of selling cars to a business of selling software - and that is way more valuable than just the car itself.