A glimpse of our consumer future? Happy SkyNet Day.
“The internet of things” is one of the buzziest bits of jargon around in consumer electronics. The idea is to put computers in all kinds of products—televisions, washing machines, thermostats, refrigerators—that have not, traditionally, been computerised, and then connect those products to the internet.
If you are in marketing, this is a great idea. Being able to browse the internet from your television, switch on your washing machine from the office or have your fridge e-mail you to say that you are running out of orange juice is a good way to sell more televisions, washing machines and fridges. If you are a computer-security researcher, though, it is a little worrying. For, as owners of desktop computers are all too aware, the internet is a two-way street. Once a device is online, people other than its owners may be able to connect to it and persuade it to do their bidding.
On January 16th a computer-security company called Proofpoint said it had seen exactly that happening. It reported the existence of a group of compromised computers which was at least partly composed of smart devices, including home routers, burglar alarms, webcams and a refrigerator. The devices were being used to send spam and “phishing” e-mails, which contain malware that tries to steal useful information such as passwords.
Ross Anderson, a computer-security researcher at Cambridge University, has been worrying about the risks of smart devices for years. Spam e-mails are bad enough, but worse is possible. Smart devices are full-fledged computers. That means there is no reason why they could not do everything a compromised desktop can be persuaded to do—host child pornography, say, or hold websites hostage by flooding them with useless data. And it is possible to dream up even more serious security threats. “What happens if someone writes some malware that takes over air conditioners, and then turns them on and off remotely?” says Dr Anderson. “You could bring down a power grid if you wanted to.”
That may sound paranoid, but in computer security today’s paranoia is often tomorrow’s reality. For now, says Dr Anderson, the economics of the smart-device business mean that few sellers are taking security seriously. Proper security costs money, after all, and makes it harder to get products promptly to market. He would like legislation compelling sellers to ensure that any device which can be connected to the internet is secure. That would place liability for hacks squarely on the sellers’ shoulders. For now, he has had no luck. But Proofpoint’s discovery seems unlikely to be a one-off. (From The Economist, January 2014)
And, let us not forget that cars are now just computers on wheels, just ready for hacking and crashing (of the software kind).