Hackers have an open door to millions of IoT devices.
The Internet of Things is booming. After first featuring in the infamous Gartner Hype cycle in 2011, the trend has inspired 6 years of ever more use cases for connecting our physical and digital worlds. Factories are connecting their workers, robotics, and products. Cities are connecting their citizens, transport and infrastructure. Athletes are connecting their bodies, phones and performance stats. And the race to be the leader in the IoT space has got Cisco, IBM, and Intel watching their backs for wide-eyed innovators coming up the rear.
The potential for IoT is staggering. How effective healthcare would be if doctors could track patients remotely, catch red flags earlier and attend to more people. Imagine the effects on hunger, if we could better track the life of food, and the way we transport it around the world. Consider the reduction of stress, if you controlled your household at the click of a button, and worried less about being cost, energy and time efficient.
But in our push to connect the planet, and be the fastest, the cheapest and the most fashionable, corners have been cut and shorter routes favoured.
Do you remember the Dyn cyber attack in October 2016? If not, maybe you’ll remember the day when Twitter, Netflix, Amazon, BBC, GitHub, CNN, Paypal, Reddit, Starbucks and Spotify, to name but a few, simultaneously and repeatedly crashed. It was the largest DDoS, or Distributed Denial of Service, attack in history, disrupting the internet the world over. For many people, the attack truly showcased how fragile our online world can be.
What was most worrying about this attack, in particular, was the realisation that without the IoT boom, the attack wouldn’t have happened.
IoT devices such as connected baby monitors, smart TVs and internet-enabled CCTV cameras were connected digitally to create a cyber weapon called the Mirai botnet. The way the hackers infiltrated these technologies was very simple. Mirai scanned the internet for IoT devices which were protected by factory default passwords. Not the passwords unique to your device, printed on the side or found in the instruction manual. It’s the passwords associated with the small pieces of hardware making up the product on the inside. Passwords which tend to be exactly the same across thousands of components, all shipped off to end up in devices all over the world.
Essentially, because the manufacturers didn’t make the effort to alternate the passwords across their product, hackers have an open door to millions of IoT devices.
And Mirai is still at large. The code for the cyber weapon is online and easy to access. The IoT component passwords are simple to find on the dark net. Meaning attacks like the Dyn attack are only going to continue, and grow in complexity.
It’s not the end of the internet, however – with advances in weapons, there are advances in defence. But what this particular case proves is what happens when we put speed to market, fashion and profit above all else. IoT isn’t the only Gartner trend to spark pressure on companies to their eventual detriment: remember Google Glass?
The difference with IoT though, is that this is more than just a tech trend. Connecting the world by harnessing the shedloads of critical data is a mammoth, but world-changing task. The planet will be in a better place as a result of positive advances in IoT – from the health and welfare sectors to the energy and manufacturing industries.
There’s an estimated $5 trillion going to be spent on IoT before 2021, by companies and organisations looking to fulfil potential and increase bottom lines. This is great news for futuristic ways of living, but unless each dollar is paired with another dedicated to security, the advances will by all for naught. The new US Senate proposal put forward In August, holding vendors to account, is a step in the right direction.
We must now all accept that IoT has an Achilles heel, and hackers have pretty good marksmanship.
If tech is going to change the world, we need to be aware that the culture of MVPs and startup agility has its limits. Security in tech should be one of the first considerations, not a post-investment afterthought. Everyone who is building must also accept the responsibility of the potential of their creation – both the good and the bad.
Making the world a better place doesn’t just mean augmenting it – protection is just as worthy a cause. We must champion those building sensibly and thoughtfully, as well as those who are fast and profitable.
IoT can change the world – so let’s ensure that change is overwhelmingly in our favour.
How do you think we can do this? Share your thoughts with the Exasol community below.