be set up on the home router to allow the
toy to be accessed from the Internet.
˲ Wireless scale. The second example
technology we consider is a scale that
wirelessly connects to an access point
to send users’ measurements over the
Internet to their accounts on a server.
Users can access their data, graphs, and
trends via an online Web site or a smartphone application.
˲ Security siren. The third technology
is a siren that is part of a home automation or security system. The siren receives notification from entry sensors if
a suspected break-in occurs and sounds
an alarm. The various components in
the home automation system communicate over short-range wireless.
Tables 3 and 4 present a high-level
view of how our framework might be
used to evaluate the approximate risk
posed by these device designs. Interpre-
tations and rankings of different risk
levels are subjective and depend upon
perspective. Table 3 considers the tech-
nologies according to the characteristics
presented in the section “Evaluating Po-
tential Risks.” Table 4 summarizes the
consequences that can result if the secu-
rity goals discussed in the section “Hu-
man Assets and Security Goals” are not
met. Color-coding provides an overview
of the comparative risk patterns of the
different devices.
review articles
cant security review by product designers before the device enters the market.
Similarly, based on the data in these tables, consumer advocacy groups would
likely identify this device as one deserving post-market security auditing.
Fortunately, security best practices—
if deployed—could significantly harden
this device against attack: for example,
the ability to perform authenticated
software updates could allow the manufacturer to quickly address vulnerabilities once uncovered and strong audit
logs could help further dissuade attack.
Wireless scale. Turning to the wireless
scale, we see that although it does have
some technical features that increase
its potential exposure to attacks (Table
3)—particularly the inclusion of Wi-Fi
capabilities—it is not a particularly attractive attack target and the associated
security goals are not critical (Table 4).
While there are arguments for trying to
harden all devices against all possible
attacks, that strategy is not feasible in
practice. First, increasing security may
impact the usability, desirability, or utility of the product. Second, companies
do not have unlimited budgets to spend
on security. These tables suggest that if a
single manufacturer produced both the
mobile webcam toy and the scale, the
company would be well advised to focus
intended users and usage
Webcam used in
the proximity of children
sensors
video camera,
microphone
actuators
Wheels, speaker
Power
Several hours continuous
operation before recharge
Connectedness
High (externally addressable)
storage and
Computation
Medium
used by adults
to weigh themselves
Pressure sensor none
AA batteries
Medium (not externally
addressable)
Low
used to alert
home owners and
neighbors of
burglaries
none
Speaker
Continuous (plugged in)
Medium (connects with
automation devices)
Low
jAnuARY 2013 | voL. 56 | no. 1 | CoMMuNiCatioNs of tHe aCM 101
