UPDATED 08:10 EST / JULY 31 2013

NEWS

Death By Internet of Things: How Smart Gadgets Kill

Amidst all the excitement over the Internet of Things and how our cars and homes and factories are going to vastly improve our lives by talking to each other, you might want to take a step back to consider the kinds of security risks that this new level of connectedness will pose.

Very few of us actually read the safety instructions when we get our hands on something new, but with the Internet of Things there’s a lot more at stake than the remote chance of ending up with burnt fingers. When intruders can potentially infiltrate your home, your car, or even your HEART, it’s worth paying attention to some of the things that could go horribly, horribly wrong with the next generation of tech.

IoT has been edging towards reality one gadget at a time – first it was smartphones capable of switching the channel on your TV or unlocking the front door, now we have funky gizmos like the Nest thermostat that automatically adjusts the temperature in your home to your preference, and Satis, the world’s first Bluetooth-enabled smart toilet. Great gadgets each and every one of them, but a big risk lies in the networks used to manage these smart objects – one that hackers, mischievous or more sinister, can easily learn to exploit.

The subject of IoT security will be one of the hottest topics up for discussion at the Black Hat conference this week. The briefing, Home Invasion 2.0., will see researchers discussing the security systems – or rather, the lack of – in connected devices like the Nest, Insteon and Vera Lite smart home controllers. What’s frightening is that some of the systems they’ve looked at lack even the most basic security protocols like user authentication, potentially leaving them open to manipulation by anyone who can access the home’s network.

“The Haunting”

 

One of the most telling examples of this gaping hole in IoT security was described by Kashmir Hill in Forbes, who successfully infiltrated the ‘smart homes’ of eight total strangers in the US, simply to prove it could be done. In her report, Hill describes how she hacked into the Insteon wireless remote control system, gaining access to things such as the home’s lights, garage doors, TV and security cameras which could be turned on and off at the flick of a switch.

“I can see all of the devices in your home and I think I can control them,” I said to Thomas Hatley, a complete stranger in Oregon who I had rudely awoken with an early phone call on a Thursday morning.

“He and his wife were still in bed. Expressing surprise, he asked me to try to turn the master bedroom lights on and off. Sitting in my living room in San Francisco, I flipped the light switch with a click.”

A very real, and scary haunted house scenario, but at least there’s nothing lethal about it. At the very worst, someone might exploit these vulnerabilities to burgle your home, but no one’s going to get hurt, right?

Hackers Driving You Up The Wall

 

Unless your burglar’s a psychopath, he’s probably more interested in relieving you of your assets rather than your life, but your connected home isn’t the only vulnerability with the IoT. There’s been a lot of progress in the area of so-called ‘smart cars’ that are constantly hooked up to the web. Many drivers appreciate being able to make calls, check their email and social media alerts, and choose their entertainment while they’re on the road. They also like the fact that their cars can advise them when the tires need changing, or when the oil needs topping up – it makes life so much easier, after all. But with all that connectedness comes a downside – the smarter the car, the more deadly it could turn out to be.

Forbes (again) describes how security researchers Chris Valasek and Charlie Miller were awarded an $80,000 grant from the Defense Advanced Research Projects Agency (DARPA) to find out just how risky it could be if a hacker were able to gain access to your car. What they found, using a Toyota Prius and Ford Escape as their guinea pigs, was not encouraging at all. In the course of their tests, they succesfully managed to take full control of both vehicles, blasting the horn, causing brake failure and even turning the steering wheel by remote.

Who Could Be So Heartless?

 

Taking control of someone’s car sounds like great way of commuting the perfect murder, but there are more sinister methods that a cyber-assassin could pursue. For example, did you know that its possible to hack into your heart and make it explode? If you happen to be fitted with a pacemaker, that is.

This terrifying hack was due to be the subject of a talk by the legendary hacker Barnaby Jack, who sadly turned up dead in San Francisco last week. Jack was scheduled to appear at this year’s Black Hat to demonstrate how he could attack heart implant devices remotely. We don’t know the ins and outs of his hack (and it’s probably not a good idea to publish them!), but Vice.com reveals that Jack had developed software that allowed him to remotely send an 830 volt electric shock to anyone wearing a pacemaker from a distance of fifty feet, something that would almost certainly result in instant death for the unfortunate victim. Jack also came up with a way to infiltrate wireless insulin pumps in hospitals from 300 feet away, a vulnerability that would allow him to dish out more or less insulin as he desired, sending patients into hypoglycemic shock and again, almost certainly killing them.

If there’s anything positive we can take from these revelations, it’s that most of the vulnerabilities are careless oversights that should be simple enough to fix. Moreover, for the more lethal hacks a certain amount of expertise would certainly be required to ‘get the job done’ so to speak, but that’s not really the point I’m trying to make.

As the Internet of Things furthers its grip on our lives, the numbers and types of vulnerability are only going to grow with it. And as the IoT evolves, the need for a smart controller will also begin to diminish. As smart objects learn to communicate directly with one another, there’s no longer any need for a middle man, which only increases the risk that a single breach could allow a hacker to infiltrate multiple devices.

It’ll be interesting to see what answers developers can come up with. One product, called the Canary smart home security system, is set to arrive early next year. The system boasts of multiple sensors and cameras working around the clock to detect any intrusions within your home.

The attention being paid to IoT security is a good thing, even if it can be unsettling. Only by exposing these risks can they be mitigated, and that’s something we need to work on ASAP. Right now the IoT is clearly very insecure, and anyone using it needs to be aware of those risks, no matter how ‘remote’ they might seem.


A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU