I couldn’t have said it better myself although I have said as much about all cryptocurrencies which have a public ledger. Edward Snowden made the comment at the Blockstack event in Berlin, Germany. They are completely insecure and unsuitable for personal or business use in the long-term due to a lack of privacy. There are other issues that Edward touched on such as extremely slow transaction times and many more I’ve talked about in other posts.
Snowden also predicted that a coin which fixes these various issues could be the one to replace Bitcoin. While I fully agree privacy and security in Bitcoin and most other coins are an issue, aside from that most currencies are slow, inefficient, difficult to use and simply don’t work properly to send or receive payments. This will all eventually be fixed but so far what I find is that some currencies fix one problem while ignoring the rest.
Unsurprisingly Edward Snowden recently revealed to the world that the NSA is tracking cryptocurrency users including Bitcoin. What makes it worse, but also not surprising is that they tricked users to install security software they wrote that actually feeds all of their private data, cryptokeys, back to the NSA directly. It is soon going to be an absolutely necessity to increase your own security and to start using better, more secure coins that cannot be so easily tracked. This is the equivalent of the government following you around and poking around your wallet and watching each transaction you do even with cash. There’s no privacy anymore and ironically cryptocurrency is part of this reason, or shall we say at least, the majority of insecure, public, permissionless blockchain based currencies. This could send the value of currencies like XMR/Monero skyrocketing as a Bitcoin alternative. While Monero is in my opinion better in almost everyway to Bitcoin, it is still not the perfect coin as it does have some issues including the use of PoW and of course the whole public, permissionless issue, speed issues etc..
IoT (Internet of Things) is simply a fancy way of expressing that we have more devices online and connected to the internet than ever before when compared to my favorite tradition of Desktop PCs, Tablets and Phones. With the advent of embedded computing becoming more affordable, powerful and easier to develop than ever using tools like Raspberry Pi based on the ARM platform, this means we have a plethora of new devices and embedded, internet connected devices added to every day things we use.
Common examples of these are new cars, alarm systems, video cameras/surveillance systems, fridges, stoves, home locks, lights, watches, medical equipment and so much more.
The security issue with these devices is more challenging and complex than ever before for both the end user and businesses using them.
There is no doubt or anyone in denial that it’s an issue and the privacy, security and financial risks can be quite high. Security in general works on the basis of weakest link and it is arguable that a random internet connected device in your house or business poses an immense security risk with some of these devices having little to no security or out in the wild vulnerabilities.
These devices are certainly not impossible to secure, in fact the majority of them are easy to secure but it’s simply not the forefront or priority of most device makers or developers. Because of this devices are often completely unsecured and don’t even need to be hacked, sometimes they run a telnet,ssh or web daemon which can be accessed with no password or a dictionary password like admin/admin root/root or with just a username. There are others which cannot be easily updated which have vulnerabilities that end up being found later and exploited. Even more difficult some of these devices are physically inaccessible and installed in appliances and other devices where it can be harder to update them. A lot of companies would be reluctant to push out updates because often if the update failed it would render the device useless without physical intervention.
We can only hope standards emerge in the industry where updates will be easier, standard and guaranteed but this is unlikely to happen. Even with companies who use these products and recognize it is an issue there is only so much planning that can be done for devices that are not easily managed or accessible.
The only practical solution today is to try to firewall and physically isolate IoT devices where ever possible to reduce the risk (but for a lot of companies this is not easy or practical). At the end of the day more advanced network planning and management will be required and so will hardware firewalls play an ever increasing role in trying to prevent and detect attacks to these devices.