Every time a major Internet-connected-product is released, we keep coming back to the debate over security vs. convenience. The progression of arguments goes something like this:
- One group expresses outrage/scepticism/ridicule of how this product doesn’t need to be connected to the Internet;
- Another group argues how the benefits outweigh the risks and/or how the risks are overblown;
- There will be news stories on both sides of the issue, and the debate soon dies down as people move on to the next thing; and
- Most users are left wondering what to believe.
As a security researcher, I often wonder whether the conveniences offered by these Internet-connected-devices are worth the potential security risks. To meaningfully understand the nuances of this ecosystem, I consciously made these devices a part of my daily life over the past year. One thing immediately stood out to me: there seems to be no proper mechanism to help users understand the ramifications of the risk/reward tradeoffs around these commonly used “personal” Internet-connected-devices, which makes it difficult for users to have any sort of effective understanding of their risks.