Friday, February 07, 2014

Ain’t misbehavin’, but sometimes the Internet of Things is

We don’t have one of those elegant Nest thermometers, but when we – most fortuitously, as it turns out – had our new HVAC system installed last fall, it did come with a smart thermostat of sorts.

We don’t do all that much with it, as we seldom – make that maybe never – have the need to futz with it remotely, but I did set it up so that, whenever we change the temperature setting, I get an e-mail. I didn’t ask for this feature – it pretty much came with setting the device up. (Thanks for letting me know that the temperature was changed, by the way. Good to know!)

However little we utilize it, that thermostat is the only smarty pants device in the house. (We have long specialized in smarty pants humans.)

Yes, our computers are wirelessly wired, but, nope, our refrigerator is not connected to our TV. Our electric toothbrushes aren’t attached to our microwave. Our toaster oven doesn’t talk to our toilets.

Most of our connections are of the knee bone connected to the shin bone variety.

So I don’t have to worry about all sorts of high IQ devices breaking bad.

Not that the devices themselves are innately evil, and decide on their own to go over to the dark side. It’s that they’re susceptible to being taken over by hackers, evil doers who’ll take over your not so smart fridge. The hackers probably won’t turn the fridge off so your milk goes sour and all those lasagnas in the freezer turn to mush – although let’s not put it pass them. But these “look at me, I’ve got a computer on board” fridges, thermostats, home spy cams, etc. are being hacked.

On January 16th a computer-security company called Proofpoint said it had seen exactly that happening. It reported the existence of a group of compromised computers which was at least partly comprised of smart devices, including home routers, burglar alarms, webcams and a refrigerator. The devices were being used to send spam and “phishing” e-mails, which contain malware that tries to steal useful information such as passwords. (Source: The Economist)

Oh, swell.

It’s not enough that we get spam from Nigerian scam artists and Viagra hucksters on real computers, now we’ll be getting them courtesy of the ice cube dispenser on someone’s new stainless side-by-side fridge or their Kindle. Swell, just swell.

With these home devices:

Security is often lax, or non-existent. Many of the computers identified by Proofpoint seem to have been hacked by trying the factory-set usernames and passwords that buyers are supposed to change. (Most never bother.)

Well, it’s not just Mom and Pop Smart Fridge who aren’t making these changes. A number of years ago, I was doing some market research for a client and I came across a money management firm that was using “admin” as the login to their server, and “password” as their password. Not so smart…

Smart devices are full-fledged computers. That means there is no reason why they could not do everything a compromised desktop can be persuaded to do—host child pornography, say, or hold websites hostage by flooding them with useless data. And it is possible to dream up even more serious security threats. “What happens if someone writes some malware that takes over air conditioners, and then turns them on and off remotely?” says Dr [Ross] Anderson [computer-security researcher at Cambridge University]. “You could bring down a power grid if you wanted to.”

Wouldn’t you just love to find out that your toaster oven’s hosting kiddie porn? Or that your thermostat’s responsible for bringing down the power grid?

A brave new world, that has such people – and smart devices – in’t.

No comments: