Devices like smart heaters, smart bulbs and smart refrigerators have direct access to unlimited power supply; they have direct access to the internet. And things can go really bad.\n\n\nAnd with IDC predicting that the worldwide IoT market will grow from $655.8 billion in 2014 to $1.7 trillion in 2020, security is becoming a very serious topic.\n\n\n\n[ Also on CIO.com: Threat geography: Why certain kinds of cyberattacks come from certain places ]\n\n\n\nBruce Schneier has talked a lot about the security risks of IoT, going so far as to say that IoT is unpatchable. Billions of connected devices are running some older version of Linux that has known exploits. The hardware vendors who sold these units moved on to the next version of the hardware and never bothered to update the OS powering these devices. They have no real incentive to do so. Their revenues come from the sale of new devices, not from updating older ones.\n\n\nAt the ongoing Embedded Linux Conference, that is co-located with OpenIoT Summit, Dirk Hohndel, Chief Linux and Open Source Technologist at Intel asked Linus Torvalds if he is worried about the scenario that there are billions of unpatchable devices out there.\n\n\nTorvalds replied that he isn't overly worried about the unpatchable IoT devices that are already in use, saying \u201cI don't worry about it because there's not a lot we can do. As you say, it is unpatchable. It's a fact of life.\u201d He or the Linux community can\u2019t do anything about those devices because it\u2019s all about hardware vendors. But he is concerned about it from a problem solving point of view, \u201cIt's something we should worry about in the sense that we should make sure it doesn't keep on happening.\u201d\n\n\nHistorically, on the hardware side the big problem was that vendors were rolling out new hardware every six months, leaving the old hardware unpatched. Even if they used Linux they never released drivers or other components so the Linux community could help patch things up. \u201cThis is very frustrating to me as a kernel maintainer," Torvalds said, "because at no point in the embedded world did those people push their improvements back to me, because they didn't have the time to do that, really, and they didn't have the time to interact with the kernel community, which A, we are busy people, but B, we have issues like maintainability and quality control that the people who are churning out a new device don't have."\n\n\nThe good news is that companies now have business models around IoT through add-on services and apps, which means they can continue to get value out of existing devices.\n\n\nAnother important thing that\u2019s happening in the embedded and IoT space is that instead of churning out custom chips for each device with custom drivers running on them, device makers are finding it cheaper to use chips that are made in billions of units. This also makes it easier for kernel developers to target that hardware and patch holes.\n\n\nTorvalds thinks that especially the ARM community has started to become so much better. He agrees that this issue still exists \u201c\u2026but we're in the situation where, by now, as kernel people, we can actually patch up, or at least keep up with some of these hardware improvements, which in the embedded world, has traditionally not been the case.\u201d\n\n\nThat said, security is not, and has never been, Torvalds' primary concern: \u201cI'm famous for not always agreeing with the security people is that security to me is always secondary. The primary job is always, get the job done. If you don't get the job done, who cares about security anymore, because that piece of hardware will not be used.\u201d\n\n\nHe is of the opinion that when you have a new industry that comes up with new crazy ideas, they want that functionality, that service, that feature to reach out to customers. Yes, they will get things wrong, but they will improve. When you build a smart bulb you invest time on what exciting things it can do and not spend years in figuring out how it could be exploited by hackers. "Security is always, always, always going to be second, playing second fiddle to functionality,\u201d says Torvalds.\n\n\n\u201cI think we're getting to that point where now people are finally looking at [IoT] security, which is really, really good," Torvalds said. "Will we ever be perfectly secure? No. Is it slightly distressing that there will be billions and billions of devices that are going to be open to security problems? It's slightly distressing. I have smart appliances in my home. If somebody hacks into my home, and makes my furnace go crazy, and I wake up and it's 95 degrees, I feel really stupid, but at the same time, many of these devices, it's not the end of the world.\u201d\n\n\nSecurity will always be a cat and mouse game. Some security exploit may not burn your house down but there can be other implications. Noah Harlan, community director\/president of AllSeen Alliance gave me this hypothetical example: our smart bulbs have access to unlimited power supply and access to the internet, someone can hack into these bulbs and build a massive bit mining network. The point is you can never think of all the possible scenarios of IoT can or will be exploited. There will always be some guy sitting in his basement plotting, looking for an exploit. It\u2019s a brave new world.