The Internet of Things: Asking for Trouble

A Hacker’s Wet Dream

By John Lawrence

Hackers are licking their chops over the latest push by high tech corporations including San Diego’s Qualcomm to create an Internet of Things in which everything is hooked up to the internet: your refrigerator, your thermostat, your security system, your car.

It will be a hacker’s paradise. Already hackers have carried out a distributed denial of service (DDoS) taking Netflix, Twitter, Paypal and other major websites off the air. Hackers were able to direct an overwhelming amount of traffic to a company by the name of Dyn which acts as a switching hub for internet traffic.

The Internet of Things (IoT) is driven by corporate needs to find a new way to keep revenues flowing now that cell phones and computers seem to have reached their maximum growth capacity. So why not promote an internet in which all your household appliances are online? That way you can use your cell phone to set your thermostat, check on your refrigerator to see if you should pick up milk on the way home, check your cameras to see if the FedEx guy left a package etc.

Only problem is that most of these devices, which also fall under the heading of Home Automation, have little or no security built in. The net effect is to make your home more insecure and subject to entry by crooks and thieves. If your home security system is hooked up to the internet, it can be hacked with the result that your home is actually less secure. Do you really want your garage door hooked up to ther internet so you can check to see whether or not you left it open?

The point is that the less number of devices that are hooked up to the internet, the better. The more that are hooked up, the more that hackers have to work with for an attack like the one on Dyn. The reason is that every such device has to have an internet address. Once hackers decipher that address, they can use it to send a request to any server. If they decipher enough addresses, they can overwhelm and crash any server. Thus legitimate requests are denied and Twitter, Paypal and others are temporarily at least out of business. Those addresses are already available on the “dark internet” where they sell credit card numbers and other illegal items. Also available are default passwords which are rarely changed.

Therefore, despite Qualcomm’s business model which projects an increasing number of devices hooked up to the internet, you are better off not having any household devices online. You can have Home Automation without being hooked up to the internet. You just won’t be able to use your cell phone to control it or have access to it remotely. Your home will definitely be more secure that way, but the cell phone corporations like Qualcomm will lose money. Internet security for your refrigerator is not a major or sexy selling point. So you will probably never hear about it in an ad. Consequently, internet security which would be quite expensive for your refrigerator will probably not be built in. Hence your refrigerator will be more hackable, creating the tradeoff between the convenience of knowing whether or not you need milk versus the ability for a hacker to open your front door.

So Who Needs It?

Silicon Valley corporations are running out of profit margins for devices such as digital cameras, laptops and ipads so they have to develop more gadgets for the consuming public whether they need them or not. In many cases, we are better off without them. This is from an Atlantic article, The Internet of Things You Don’t Really Need:

Photo by Adrian McEwen and Hakim Cassimally

But at what cost? What improvements to our lives do we not get because we focused on “smart” things? Writing in The Baffler last year, David Graeber asked where the flying cars, force fields, teleportation pods, space colonies, and all the other dreams of the recent past’s future have gone. His answer: Technological development was re-focused so that it wouldn’t threaten existing seats of power and authority. The Internet of Things exists to build a market around new data about your toasting and grilling and refrigeration habits, while duping you into thinking smart devices are making your lives better than you could have made them otherwise, with materials other than computers. Innovation and disruption are foils meant to distract you from the fact that the present is remarkably similar to the past, with you working even harder for it.

A lot of people are fascinated by “smart” gadgets when a plain old dumb gadget serves their needs just as well and in many cases better. How many times have I waited for a smart paper towel dispenser to actually dispense its towels. I’m also perfectly capable of turning water on and off without having to wave my hands under the faucet in the hopes that it would actually turn on. High tech nirvana is selling false hopes and dreams in an attempt to lull us into complacency and make us forget what is really valuable in this world. Hint: it’s not more gadgets.

Hackers Could Do Some Serious Damage

The hackers who perpetrated the attack on Friday, October 22, 2016 represent only the first wave of those who will be exploiting the vulnerabilities of the so-called Internet of Things. Despite its promotion by Qualcomm and others, it is not a desirable scenario for everything to be hooked up to the internet. The fewer things hooked up, the better. Especially systems like communications and electrical grids. It might be a complete annoyance for hackers to hack into individual homes, but it is quite a different story if they manage to disrupt the electrical grid for an entire region of the country. Do we really want street lights hooked up to the internet or parking meters? Until really secure internet devices become available, we are all better off if fewer things are connected with the internet.

Internet expert, Ashton Mozano at the University of San Diego, said, “A teenager with some limited technical ability could download the code [for the malicious software] from github and get into the game. Given the widespread ignorance, inaction and hubris in the Internet of Things manufacturing realm, this event is just the tip of the iceberg.”

All the hacker or hackers have to do is to identify an internet device such as a webcam that has little security built in and then do a search for all such devices. Then they order those devices to make a request to a particular server such as the ones at Dyn and the internet shuts down for all those using websites for which Dyn is a key component. Since the requests come from a wide variety of devices, it is impossible to identify the source of the hack. So anonymity for hackers and relative child’s play on behalf of those who would screw up the works.

This is from Scientific American:

The IoT is a vast and growing virtual universe that includes automobiles, medical devices, industrial systems and a growing number of consumer electronics devices. These include video game consoles, smart speakers such as the Amazon Echo and connected thermostats like the Nest, not to mention the smart home hubs and network routers that connect those devices to the internet and one another. Technology items have accounted for more than 73 percent of holiday gift spending in the U.S. each year for the past 15 years, according to the Consumer Technology Association. This year the CTA expects about 170 million people to buy presents that contribute to the IoT, and research and consulting firm Gartner predicts these networks will grow to encompass 50 billion devices worldwide by 2020. With Black Friday less than one month away it is unlikely makers of these devices will be able to patch the security flaws that opened the door to last week’s attack.

It does not take much sophistication on the part of the hackers. Malware such as the Mirai botnet is well known to most security experts and can be easily downloaded by almost anyone. I guess the makers of such insecure devices as potted plant monitors, that send a text message when a plant needs to be watered, could care less about the hackability of their gadgets. It’s all about sales, and who cares about whether or not their device leads to home invasions or robberies. Some of the more ridiculous hook-ups to the internet are devices such as “smart” dog collars, Pixstar internet photo frames, Xiaomi night lights, and Prodigo espresso machines. Obviously, these markets are unregulated. They need to be ASAP so manufacturers can’t foist insecure devices on the American and world public. This is only going to create huge headaches in the future. However, the Age of Trump is the Age of Deregulation which will turn into a holiday for hackers.