The Internet of Intrusions (Or, My Thermostat is Trying to Kill Me!)

Htcpcp_teapotThough I am reckoned old in Internet years, I do not fear technology. I do not shake my 2400 baud modem at you youngsters with your WiFi and your Snapchat and your pants all sagging down because your smart phone is as big as a billboard. No, my millennial friends, I’m not a digital native; I’m a long-time resident who moved here by choice. I have RSS feeds older than some of you!

Which means I speak from a position of love when I say we all need to have a talk about “the internet of things”.

Not long ago, just after dinosaurs roamed the earth but before the advent of Pandora, the only devices connected to the internet were those for which communication was a primary function. Your desktop needed to connect to the internet because you need por–err–educational research. Your phone let you talk to your friends by voice or text or complicated series of emojis like you were Paul Warfield in that Star Trek: The Next Generation episode. You get the idea. Today is different. Today, you can buy a whole bunch of internet-ready appliances such as lights, refrigerators, surveillance cameras, baby monitors, and crock pots. Yes, crock pots.

This constellation of appliances connected to the internet is something quite new with all sorts of tremendous opportunities and terrible peril. It’s called “the internet of things” and you control your little asterism in that vast constellation with the mobile device in the palm of your hand.

The easy-to-see problem here is any device connected to the internet is vulnerable to intrusion. Some hacker, cracker, or other ne’er do well will get their peek-on and what once was the monitor you used to buy yourself a little peace of mind has become the device that lets a stranger talk to your kid without your knowledge. You can imagine what a nightmare it would be to live in a house full of devices controlled by other people, yes? Good. I won’t need to go into that, then. Privacy is certainly a concern, but in a world with billions of connected devices, the chances of a bad guy mucking with your sweet web-lights is very small.

Unless, that is, you leave the door wide open. There was a little bit of a flap a few months ago over a web site that showed the uncensored feeds from thousands of private cameras. The owners of the site claimed they gained access to the cameras using only default user names and passwords, a claim, by the way that is pretty darned plausible. It’s not hard to get default login information for any of the “things” in the average “internet of things” home. It’s not hard to slip into an unsecured WiFi network and access any camera or thermostat (Temp goes up! Temp goes down! Temp goes up! Temp goes down! Temp goes up while you’re out of town on vacation and stays there!).

Obviously, you can help yourself quite a bit by changing all the default user names and passwords for all the “smart” devices you own. You won’t solve the problem, but at least you’ll lower your vulnerability. Another thing you can do? Don’t get into a vehicle that has any wireless capacity whatsoever. Those things are as easy to hack as Hillary Clinton’s e-mail server. A couple members of Congress have bravely stepped forward to fix the problem but don’t count on them to fix the problem. Even if they weren’t drooling idiots who are only fit for a reality show called “I Don’t Have Any Useful Skills; Make Me a Legislator”, Congress can’t fix the problem. Heck, our government just figured out that it’s a bad idea to give a Chinese national working in China complete access to every background check it’s ever done since the beginning of time. Don’t count on those Senatorial geniuses to craft legislation that’s anything but an expensive joke.

The real problems we face are two-fold. First, there is no such thing as an unhackable device. Okay, technically, you could stick it in a vault with no connection to the outside world and it’d be fine but that wouldn’t help you much, would it? You could create a home connection wherein every “internet of things” device you own is hard-wired into a home network that has no outside connection, but that costs a fortune. And you’re basically be living the life of George Jetson. Like I said earlier, your best protection is that you’re one person in a great multitude. You are of no interest to the average hacker so long as you take reasonable and prudent security precautions. On the other hand, if someone takes a special liking to you (and these days, the chance of running afoul of a random person with plenty of time and a lot of grudge to spend on you is higher than it’s ever been), your life will be interesting for quite a while.

Second, the companies that make these devices simply don’t care all that much about your security. Their jobs is to maximize profit. That’s what companies do. Don’t complain about it. They, and I’m especially talking about car companies here, don’t have to care about how easy their devices are to hack until you make them care. When your demands for better built-in security begins to influence their cash flow, they’ll listen. Until then, we get what we get.

Clearly, we have a lot of work to do, both on the producer side, to make sure devices aren’t ridiculously vulnerable when they go out the door, and on the consumer side, to ensure when we get out devices, we lock them down to the best of our ability. The responsibility for this falls squarely on us. Let’s hold up our end of things and make sure that manufacturers do the same. We won’t have a perfectly secure “internet of things” but we will have one that doesn’t scare the bejeezus out of me, and that’s a pretty good start, don’t you think?

(Photo Credit Wikipedia)

UPDATE (March, 2018): When I wrote this, I honestly didn’t think I needed to address the blindingly obvious point that the companies that have direct access to your devices aren’t particularly trustworthy either. Do you really think that Amazon invented Alexa just so you could bring up recipes and your latest booty-shaking playlist? Really?

We need to stop acting like complete idiots. In olden times, when someone rode into town selling a wonderful device that could do everything, some townspeople fell for the pitch without question. We called them the village idiots. Everyone else went slow and skeptical and waited to see what was in it for the guy promising the miracle. When Jeff Bezos offers you a miracle talky box, the very first thing any reasonably-intelligent person would do is question what he’ll get out of it beyond the modest purchase price. What, you thought that really low price for a semi-intelligent, voice controlled digital assistance was legit?

The truth is, Alexa exists to put you solidly into the Amazon ecosystem. Amazon gets your orders. Amazon gets your consumer preferences. Amazon gets your search preferences and music preferences and recipe preferences and…well, you get the idea. The same goes for Google’s assistant and Siri and the entirety of Facebook.

Hackers aren’t the only ones you need to secure yourself against in this new Internet of Things.

 

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s