The internet of things or the end of all things?
The recent spate of Internet of Things hack attacks have me more than a little worried, is this a herald of things to come, will you have you be wary of your household appliances? 10 years ago, the idea that your fridge or toaster could be working against you was nothing more than a plot line for a low budget B movie, but these days with internet connected appliances and lax cyber security this is now a very real concern, with the frequency of such attacks increasing with shocking rapidity.As technology develops at such a fast pace, suppliers rush to be the first to provide you with this new and exciting tech, even if it has not yet reached its full potential. This is exactly what has happened with the Internet of Things. Suppliers have jumped on the bandwagon in an effort to be seen as forward thinking and innovative companies, but the reality is nothing more than pointlessly stuffing chips in bog standard items and selling them at 10 times the price. I myself have genuinely seen such products like a smart water bottle - a drinking bottle that connects to your phone so you can see how full the bottle is and how much water you’ve already drank. This instead of simply looking at the bottle itself to tell you.Because of the race to get these connected products onto the market as quickly and cheaply as possible, it is patently clear that the security of these devices were not properly researched or secured before flooding the market, as evidenced by the recent Dyn attack, in which tens of thousands unsecured “Internet of things” web connected devices were hijacked and used as a botnet for a targeted attack on the DNS service provider, the largest DDoS attack to ever occur. While one of the main product suppliers, Chinese electronics firm Hangzhou Xiongmai who supplied a large bulk of the unsecured webcams that were hijacked, has since issued a product recall, there has been no word from any other suppliers of the smart tech as to whether they will do the same or leave their products dangerously unsecured.
But it’s not just business that can be the target of such attacks, all network connected technology can be affected with the possibility of very dire results. It has been demonstrated that pacemakers can be remotely hacked, the pacemaker activated to execute the individual from a distance 1, or that an unsecured network enabled children’s toy can be hacked to interact with “smart” door locks, unlocking your house for intruders 2.
These may be small and precisely targeted attacks, but they paint a worrying picture when you consider the advancements in autonomous vehicles, with most large tech companies now working to be the first to offer them publicly, and Dubai offering remotely controlled passenger drones as taxis later this year 3. All it would take is a sufficiently skilled and determined hacker to break into the controlling systems, and the result would be massive and wanton destruction.
On an even larger scale, back in 2015, hackers managed to disrupt Ukraine’s national power grid, leaving citizens without power for up to 6 hours 4. With a little more effort, that could very well have been a nuclear power plant like the target of the Stuxnet virus, a worm allegedly released by the USA to disrupt Iran’s nuclear program 5, which would result in utter devastation on a colossal scale.
The speed of these technological advancements, their associated attacks and the increasing skills of hackers has even outstripped the ability of sovereign states digital security services to deal with the problem. The UK government has responded by opening a new National Cyber Security Centre in an attempt to curb the threat 6 and has even begun training schoolchildren in cyber security in order to fill the skills deficit 7, but will it be too little too late?
I'm not saying that we shouldn’t develop and improve our technology, but I do feel as though it’s now the time to be extra careful to develop cyber security alongside the technology. As we invite more and more internet based products into our homes, by not adequately securing them, we are quite literally putting out a welcome mat for strangers into our homes, to spy on us though our webcams, track our movements, or even execute us should they become bored with simply observing. Its definitely a worrying time for cyber security, and is set to become even worse if proper measures are not taken, and the security and safeguards are not developed and put in place to prevent these kind of attacks in the future.
If you’d like to know more about the Internet of Things and the threat it can pose to future security, or to simply discuss any points raised in this article, I’ll be glad to hear from you. To contact me, please email email@example.com