Ricochet is the best place on the internet to discuss the issues of the day, either through commenting on posts or writing your own for our active and dynamic community in a fully moderated environment. In addition, the Ricochet Audio Network offers over 50 original podcasts with new episodes released every day.
The Internet of Things (IoT), basically, is the connection of electronic devices not normally used for computation to the Internet. The definition of IoT also includes devices that aren’t necessarily connected directly to the Internet, but communicate with each other via a wireless network that’s in turn usually accessible from the Internet.
Take modern home security systems such as those offered by Xfinity. This kind of system allows you, for example, to go on the Internet while you’re at work and access systems in your house remotely — to lock or unlock doors, turn lights on or off, or view the feed from security cameras. Other IoT devices in your house might let you change the thermostat setting or check food inventories in the refrigerator. IoT also allows devices to act on their own or interact with each other: For example, your refrigerator could be programmed to detect when you’re running out of milk, eggs, or Guinness Stout, and automatically place orders over the Internet to restock itself. Self-driving cars will probably make heavy use of IoT technology. Infrastructure can be modified to provide information about traffic jams, dangerous road conditions, or bridges in danger of imminent collapse, and then automatically apply the brakes or reroute self-driving traffic.
Normally, I’m fascinated with technical progress, but I have strong misgivings about IoT. I may be risking my geek card here, but I’m much more concerned about the cyber security implications than excited by all these new gee-whiz applications.
Presumably, anything you could do remotely, hackers could do as well. Nowadays, when you connect a computer to the Internet, the malware attacks and intrusion attempts start almost immediately. I’m running a firewall and several anti-malware programs, yet several times a year I still need to go on a manual search-and-destroy mission to get rid of some evil piece of rat-ware infesting one of my computers. I update Windows and my protective programs regularly, but it seems they are always a step behind the latest threats.
If computers are vulnerable to hackers and malware, IoT devices will be vulnerable as well. What kind of protective software will all of these new Internet-connected devices have, and how foolproof will it be, given that big corporations and the government can’t even prevent their databases from being hacked? Imagine having no heat in your house until you can remove the latest Russian Trojan from your Internet-enabled thermostat. Imagine a hacker in China turning off your refrigerator, or a burglar with an iPad unlocking your front door. There have even been cases of baby monitors being hacked to spy on babies and their parents. In some cases hackers even yelled at the babies to wake them up, just out of malice apparently.
So far, none of this has bothered me too much, given that I have the power to prevent it from affecting my life. After all, if you don’t want your personal belongings (other than computers and smartphones) to be part of the IoT, you can easily opt out: Just don’t get an Internet-enabled security system or baby monitor; don’t buy that Internet-enabled toaster or nose-hair trimmer.
But when you leave your home, you’re no longer in full control of your environment, and your life may be in the hands of Internet-connected equipment whether you like it or not. It appears that hospitals and medical device manufacturers have jumped on the IoT bandwagon too. You might want to think twice about checking into the hospital after you read this recent article from Wired magazine about drug infusion pumps used to feed controlled dosages to patients in hospital beds:
The new vulnerabilities would allow attackers to remotely alter the firmware on the pumps, giving them complete control of the devices and the ability to alter dosages delivered to patients. And because the pumps are also vulnerable to the previous library vulnerability [security researcher Billy Rios] disclosed, an attacker would be able to first raise the dosage above the maximum limit before delivering a potentially deadly dosage without the pump issuing an alert.
The IoT revolution is here, and trying to stop it now would be a bit like standing by the expressway yelling, “Get a horse!” at passing traffic. Besides, there are a lot of applications that sound really promising. But I don’t intend to be an early adopter. Presumably, as the technology matures, security will catch up, but I expect the situation to get worse before it gets better.
So what’s the solution?Published in