keep an eye on his child via his smartphone, Marc
Gilbert installed Internet-connected video baby monitors
in his home in Houston.
evening, Gilbert heard a strangerís voice bellowing
obscenities from the monitor. He disconnected the device
after realizing that it had been hacked.
a pretty technical guy, and I thought I knew how all
this stuff should be hooked up," said Gilbert, who
has written several letters to his congressman and other
elected officials, trying to bring the security issue to
decades, hackers have used the Internet to break into
network routers, personal computers and advanced
now, a whole new generation of often-mundane household
devices is being connected to the Internet ó and
hackers are having a field day.
to smaller, cheaper processors, speedier wireless
connections and the explosion of smartphones and
tablets, itís becoming easier and more affordable to
digitally link just about any object ó sports
equipment, watches, light bulbs, washing machines,
you can think of it, someone has probably stuck a sensor
on it and connected it to the Internet.
a PC, the devices have operating systems and processors.
And when they are connected to the Internet, hackers can
break in and seize control.
and consumers havenít taken the same security
precautions as they would with a PC, however, enabling
hackers to turn seemingly innocuous gadgets into drones
that can be used to spread malicious spam or launch a
massive cyberattack ó disrupting services or shutting
down entire networks.
more frightening for many security experts is the
prospect that the hackers could cause physical harm to
people by shutting off thermostats, cars or even medical
fears led doctors to turn off the wireless functionality
of a heart implant in former Vice President Dick Cheney,
out of concern that someone might hack it and attempt to
the Wild West out there again," said Tommy Stiansen,
co-founder of Norse Corp., a San Mateo, Calif.,
cybersecurity firm whose threat-detection team has
discovered a wide range of devices being hacked.
"The number of devices that have been compromised
attacks are expected to multiply with the proliferation
of Internet-connected devices. By 2050, analysts
project, there will be 50 billion Internet-connected
devices, or five such gadgets for every man, woman and
child on the planet.
for the most part are helpless because they usually have
no idea their gadgets have been commandeered.
home wireless router can be configured to provide some
rudimentary protections, but most users typically turn
on the firewall or anti-virus software on their PCs,
thinking that would be enough. And as such the wireless
router becomes an unlocked door of sorts for hackers to
gain access to the household devices.
Inc., a Sunnyvale, Calif., cybersecurity company,
tracked a global attack this year that sent 750,000
malicious emails from more than 100,000 gadgets ó
including home Wi-Fi routers, TVs, DVRs and even a
do you update the software on your refrigerator?"
Proofpoint Chief Executive Gary Steele said. "I donít
even know how you do that."
Gilbert, a technician for an oil company, discovered
that his baby monitor had been hacked, he ripped out the
entire home network and rebuilt it from scratch.
wife, he said, taped over webcams installed in their
laptops and PCs. And he was particularly disturbed to
learn there was even a search engine devoted to helping
hackers find Internet-connected devices, sometimes
including the passwords to gain access to them.
attacks arenít limited to individuals: Businesses and
large organizations also are getting slammed.
are hooking up all sorts of gadgets to their companiesí
networks that their IT departments donít recognize or
know how to manage. In other cases, businesses
themselves are deploying unsecured Internet-connected
devices to make their operations more efficient or to
launch new services.
and Sans Institute, an Internet security research and
training firm, released a report last month that found
Internet-connected devices in places such as hospitals,
insurance firms and pharmaceutical companies had been
addition to getting access to patient files and
information, the attackers managed to invade radiology
imaging software, conferencing systems, printers,
firewalls, Web cameras and mail servers.
concerning to us is the sheer lack of basic blocking and
tackling within these organizations," said Sam
Glines, CEO of Norse. "Firewalls were on default
settings. They used very simple passwords for devices.
In some cases, an organization used the same password
such instances, companies such as Norse will contact
large organizations and try to alert them to the
breaches. Some companies take action; others prefer not
to deal with it. Although some breaches are also
reported to law enforcement agencies, most lack the
resources to deal with what they perceive as a
relatively trivial crime.
bad as things are now, security experts fear that these
attacks may cross over into the physical world.
could access an Internet-connected smart lock and open
the front door to burglars or tap into a smart meter and
turn off the heat in a home during the winter, causing
pipes to freeze and burst.
regulators are starting to take notice.
September, the Federal Trade Commission announced its
first settlement in an "Internet of things"
security case. The FTC complaint said Trendnet Inc. had
falsely advertised its security cameras and video baby
monitors as being, well, secure.
to the FTC, a hacker exploited a flaw in the camerasí
software, and that led to other hackers posting links to
the live feeds of 700 cameras. These feeds showed babies
sleeping as well as kids playing and adults just
of those was a security camera that Casey Mahoney of
Salisbury, N.C., had placed in his companyís offices.
was surprised when someone posted what they claimed was
a link to a feed from the camera on the companyís
Facebook page. He assumed that it was a link to spam or
malware of some kind. But when he eventually clicked on
it, he discovered it was indeed the video stream from
guess I wasnít too surprised because thereís people
out there and thatís all they do. They just
hack," Mahoney said. "Maybe I was a little
surprised that a large company like Trendnet would have
a flaw like that."
experts are calling on manufacturers to build more
encryption into these devices and add safeguards that
prevent them from running other programs.
sure itís slowly going to be addressed," said
Johan Sys, managing principal of identity and access
management for Verizon Enterprise Solutions.
same thing happened in the mid-í90s when everyone was
joining the Internet. They had the same security
problems. Now weíre in that cycle again, and thereís
going to be some pain."