There is also an issue of scale here, too. Internet interfaces are nothing new, but the sheer number of devices with IP addresses seems to be ramping up exponentially. Vendors, it seems, are attempting to differentiate their products by throwing in a web interface or an Internet-based back-end service. “One of the things that I’ve tried to impress upon the engineering teams I’ve worked with over the years is that just because you can, doesn’t mean you should,” says Mackey. “Do I really need a Bluetooth-enabled toothbrush?” The cost of adding Bluetooth, wifi or other network interfaces to devices is now trivial. And there are readymade solutions that are very simple to implement, at least from an engineering standpoint. But as Mackey points out, the process doesn’t stop there. Vendors need to ask themselves if they really know how to secure those interfaces. “Is the security of the connection a core competency of the vendor who’s supplying it?” he asks. “That starts to focus the problem around prioritisation of effort. We know, in tech, that securing things is an ever-increasing problem and, by extension, requires a level of competency that isn’t there – especially if you want to effectively do a land grab around the piece of technology or a particular capability.” By ‘land grab’, Mackey means being first to market – grabbing as large a slice of the market as you can before your competitors weigh in. It’s that sense of urgency that causes security to be forgotten. And while that might be an immediate issue, at some point it can come back to bite you. “History has shown us, pretty much since the beginning of computing time, that there is always some software defect that someone will be able to exploit eventually,” he says. “It may take years to surface, but it’s in there.” What you do about that is a tricky question. Patching operating systems and applications on desktop and laptop machines is well understood and the mechanisms for doing it are highly advanced – but even so it works imperfectly with many machines running unpatched and vulnerable software. But what about when that code is held in firmware with no over-the-air (OTA) updating mechanisms to support it? And there’s also uncertainty, as Mackey points out, about what we should regard as the lifecycle of these devices. “I was truly shocked to hear, a few years ago, that some of the original devices that I’d put out when working for a company 15 years ago were still very much in service,” he says. “Those were industrial systems and they had an expectation of serviceability that measured in a decade plus. I don’t believe the Barbie dream house will have such a longevity to it, but nonetheless, the vendors aren’t necessarily applying the same level of ownership to the software.