Ricochet is the best place on the internet to discuss the issues of the day, either through commenting on posts or writing your own for our active and dynamic community in a fully moderated environment. In addition, the Ricochet Audio Network offers over 50 original podcasts with new episodes released every day.
Do you remember that thing? It was the panic of the week last fall. Some jerks took large portions of the internet down for a couple hours. Everyone was in a tizzy for a bit. Well, the problem is still there. At least now nobody’s in a flail-your-arms panic over it, so maybe it’s worth discussing solutions.
Since there’s very little reason to remember the panic of the day even a week later, let me remind you how this works. A couple years back “Internet of Things” became the fashionable buzzword, so we all went out and bought WiFi enabled toasters. Now you can start toasting automatically when your alarm clock goes off. The fact that your toast will be ice cold by your seventh snooze is a small price to pay for living in The Future! But when you got your FutureToast, you didn’t bother to change the default password (it’s a hassle and if you did you’d forget the new one and what’s the worst that could happen anyway?) Mr. Nefarious Hacker sees that you’ve got a FutureToast, and he can log into it too. With your toaster and the 13,000 other ones that nobody’s changed the passwords on (and the 3300 GarageNoMores, and 4200 BlindsWithScience, and 132 HubCapConnects) he’s got access to a massive number internet connected devices. Mr. Nefarious Hacker can then use them to form punishing denial of service attacks, making the internet useless to the rest of us.
How do we solve this problem? It seems resistant to market forces. From FutureToast Inc.’s perspective adding security to their toasters makes them cost more and makes them less user friendly. That translates to less toaster sales. The Customer doesn’t care; the fact that his toaster is a tool for world domination doesn’t stop it from providing toast on demand.
If you ask the computer security industry, they tend to tell you “Government Regulation.” Every FutureToast variant has to have a password change on first boot up, mandated by law. This solves the problem in the future, but there’s still a heck of a lot of unsecured devices in existence today. The government is also a good way to take all the vitality out of an industry. Maybe there are better solutions.
You could educate the public. As a rule that never works. Take me as an example. I know this is a thing, and I think it’s a big enough problem to post about it on Ricochet. Now ask me what my password is for my Raspberry Pi. It’s not hard to guess.
You could hack back. If you go into my FutureToast and change the passwords then Mr. Nefarious Hacker can’t use it. But then I can’t use it anymore, either. That approach amounts to the destruction of property. This is also not a good solution.
You could, and I can’t overstate the general applicability of this solution, actively wait for your problem to go away. We haven’t seen Mirai in the news much at all even though nobody’s fixed the problem. Maybe the world wakes up and realizes their fridge really shouldn’t have anything to say to their toilet and they stop buying IoT devices. Maybe we figure out a better way to catch the people behind these attacks and launching them becomes a much riskier proposition. Maybe Russia gets into a war with China and the world’s supply of hackers gets busy fighting one another. Maybe none of those happen and we’re still stuck with the problem.
What do you think, Ricochet? Got any brilliant ideas?Published in