I DON’T HAVE A HOT TUB SO…AGAIN, WHY SHOULD I CARE? The Internet of Things, or IoT, is beyond staggering. Remember when people thought it was so great that you could find an app for everything from finances to medical symptoms, controlling lights and security cameras, etc? It’s actually not great. All the IoT devices do is link you into the massive surveillance network. If it can connect to the internet, it can be hacked — and in some cases, even computers NOT connected to the internet can be hacked (see the work on air-gapped machines). Just because you don’t own a hot tub doesn’t mean you don’t own any devices that can connect to the internet of things. It’s seemingly impossible to buy new kitchen appliances without the technology. Washers and dryers, barbeque grills, bluetooth temp sensors for the food ON the grill; you name it, there’s a Wi-Fi/bluetooth enabled variety. Home security system Ring even had problems in 2016 because it was…you guessed it…hackable. Then there are the smartkey locks. Watches, light fixtures, the list goes on and on and on. There’s a certain irony in the idea that someone can get into your W-Fi enabled security system for your home and see what you see. If an adversary got into your Ring system, what could they determine? A lot. The Internet of Things has been hailed as easy to hack. In fact, Israeli researchers found last year that most IoT devices can be hacked within 30 minutes and added to a botnet. What can they use the botnet for? All sorts of things. “We investigated 16 different devices—baby monitors, doorbells, cameras, temperature sensors, [etc.] And out of these 16 devices, we were able to find the password for 14 of them. So, that’s a good percentage. What we did is we took these cameras apart in our lab and we looked for what is called a debug port. This is a connector, which developers and engineers use when they are building this camera to make sure it’s built properly. And because it’s very expensive to print out a new circuit board once you’re finished developing, all of these cameras actually had these debug ports still in the hardware. Once you connect to there, you have backstage access to the camera. Sometimes, there is a password you need to crack, so we had to do that.” The big picture is even more concerning. “Right now, devices you are buying today are very, very easy to attack and the problem is that once you attack it once, all of these devices can be attacked remotely. So you only need to do this one time—this process of taking them apart. And one problem, a big problem, with IoT devices when you compare them to computers and phones is that these devices are mostly going to be installed in some corner, in some alley, in some doorway, and not touched for 10 or 20 years. Think of street lights or traffic lights. And this means that you might be still using these devices after their manufacturer has gone out of business and nobody will ever issue firmware updates. You compare this to phones, where you find a vulnerability and the next week later, your phone restarts and voila, it’s patched. So, these devices are going to be here to stay and this means that probably consumers or network providers or something are going to be responsible for keeping these devices secure. This is very concerning based on what consumers have been able to demonstrate so far.” And let’s not even get into Alexa. For more information on the IoT threat, check out this article from Dark Reading.