you ever stopped to think about how many items in your
home are connected to the internet?
you have (or even if you are doing it just now), have
you stopped to wonder why? The umbrella term for all
these connected appliances, electronics and other
devices is "smart."
are living in the age of the smart home, smart car,
smartphone, smart remote, smart thermostat, smart fridge
Ö well, you get the idea.
what does all this "smartness" do for us?
it might allow us to adjust our thermostats when we are
a thousand miles away on vacation or enable our
microwave ovens to respond to voice commands.
just how secure are all these internet-enabled devices?
very, according to two internet security experts with
whom I spoke.
of those experts is Bruce Schneier, fellow and lecturer
at the Harvard Kennedy School of Government and author
of the forthcoming book, "Click Here to Kill
Everybody: Security and Survival in a Hyper-connected
prefer our software full of features and inexpensive ó
at the expense of security and reliability,"
because our appliances, electronics, cars, medical
equipment and other devices essentially have become
general purpose computers, they are now at risk for the
same hacks as any other computer that runs
now have millions of computers ó in the form of
devices ó connected to the internet," said
Matthew Green, an associate professor of computer
science at Johns Hopkins University.
interconnectivity is known as the Internet of Things, he
computers are all vulnerable," Green said.
"They all have software running on them and
unfortunately, not all of it was written by the best
software developers. And to make matters worse, the
software often doesnít get updated."
Schneier and Green pointed to the largest distributed
denial-of-service attack (DDoS), which happened in
October 2016 and infected computers with malware, known
as botnets, to bombard servers with traffic until they
took down Twitter, Netflix, Reddit, CNN and many other
websites around the world for almost an entire day, both
Schneier and Green said.
was the innocuous conduit for accomplishing this majorly
DVRs and home internet routers with weak passwords and
poorly written software ó much like the ones you and I
have in our homes today.
problem, Schneier said, is that, "You have no way
of knowing if your device is affected by this (or any
other) botnet and you kind of donít care. And there is
no way to patch it. It will be a member of that botnet
until you throw it away, which could be a decade from
added, "Once computers start affecting the world in
a direct and physical manner, there are real risks to
life and property. And the market wonít resolve
disabled cars, purposely interrupted pacemakers and the
shutdown of electrical grids.
are only two ways to fix the problem.
must demand it, which, Schneier asserts, wonít happen
because customers donít really know whatís going on.
Governments also should pass laws ensuring that device
manufacturers build and update their products to reduce
software vulnerabilities, he said.
why is it that everything seemingly is moving toward
becoming a part of the Internet of Things?
itís cheaper to make appliances and other devices with
smart technology than not, Schneier said.
the cheapest way to make a refrigerator (or any other
appliance or electronic device) is to grab a general
purpose CPU chip off the shelf and build all the
functionality into the software," he explained.
"But that CPU chip comes with internet
connectivity, messaging services, video software, a
microphone ó whether the manufacturer wants it or
can consumers do to protect against a hack?
really, really hard to know what software is running on
smart devices like fridges, ovens, thermostats,
doorbells and in smartphone apps (to name just a
few)," Green noted.
advice for consumers includes:
If you are buying something on Amazon from an overseas
company youíve never heard of, thereís a good chance
there is some sort of security vulnerability you should
be worried about.
If you connect a device to your Wi-Fi network, you
should assume the device is a risk to the security of
everything else on the network.
You should look into whether a device has a software
update mechanism and if it does, you should look at
whether the software updates automatically or manually.
If you donít need Internet-of-Things functionality and
there is another option, take it.
that the government regulate this," he said.