Never mind the made-for-the-Web stunts of journalists such as Forbes' Andy Greenberg driving a hacked Ford ( F) Escape. Or well-publicized conspiracy theories surrounding the death of Rolling Stone writer Michael Hastings in what may -- or may not -- have been a compromised vehicle. Or the stories of the critical infrastructure of everything from human pacemakers to power plant valves being susceptible to attack. reverse-engineered a high-end Japanese Internet-enabled toilet called the LIXIL Satis. Now any creep with a Web connection can ... I can't even write the sentence, it's so bizarre. The actual risk is probably minimal. After all, who really spends more than $5,000 on a toilet? But if after studying the app, the hack and the product, it's clear most everything in our homes thus connected can be compromised in similar ways.
Pretending the Internet of Things risk does not raise exposure to investor-backed enterprises is also cosmically naive. Last year, there was a hack of the automated hotel locks, of all things, made by global conglom Onity that went surprisingly underreported. Pretty much anybody with a spare Magic Marker, some cheap circuit boards and access to a few YouTube videos could create a master key that opens millions of hotel rooms around the world. Despite isolating the issue last summer and shipping north of 4 million patch kits, Onity still apparently faces hack-based burglaries. In May, hotel rooms in Tempe, Ariz., were robbed, and hotel video shows the Onity hack was probably involved.
What really stokes the security flames singeing the Internet of Things, Turner says, is that companies do not share information about attacks as they should. That creates a vacuum where the tested, private market tools of risk management cannot flourish. "Some sort of information compromise insurance should be available by now," he said. "But since nobody fully discloses, it's tough to create the basics, such as actuarial tables for information security risk." And get ready for the final investor insult: Considering the downside, it's not like addressing the Internet of Things risk is prohibitively expensive. "At most we are talking about a 2% to 5% bump in the total cost to produce a product. That is far less than marketing or R&D," Turner said. "I am baffled by the apathy in the space."