The Internet of Things gives hackers an attack path

Web-connected gizmos played a major role in Friday’s attack that took down retailer, social media and other websites.

(Bloomberg)—Are you looking forward to the day when your sleeping baby’s diaper tells you it’s wet before the wetness wakes your baby? Or are you dreading the day when a hacker or the government can learn everything about you that your car, appliances and even your internal organs can divulge?

Either way, that day is coming, as cheap sensors connected to the internet invade almost everything around us. Linked by wireless technology, they make up what’s been dubbed the “internet of things.” For consumers, that could soon mean coffeemakers that delay grinding when you hit your alarm’s snooze button. For businesses, it could mean gigantic savings when pipes report their own leaks, warehouses place their own orders and cows that need milking communicate through something more direct than mooing. It also means new security issues—a threat vividly illustrated Friday, the day online security cameras almost took down the internet.

The situation

A Chinese security camera maker said its products had been used to launch a cyber attack that on Friday severed internet access for millions of users. Hackers linked the web-connected cameras into a so-called bot-net that was used to overwhelm internet servers by flooding them with requests for connection.

Dyn Inc., a significant Domain Name Server that facilitates the loading of web pages, experienced outages for several hours Friday morning before restoring service only to have another DDoS, or distributed denial of service, attack start midday. The attack left consumers without access to e-commerce platform provider Shopify Inc.; Etsy Inc., No. 23 in the Internet Retailer 2016 Top 500 Guide; Twitter Inc.; Spotify; Reddit and The New York Times, among other sites. Many of the same sites went down again Friday, as did Inc. (No. 1 in the Top 500), Pinterest and eBay Inc., according, a site based in the Netherlands that collects status reports and disruptions on websites.

The attacks came as tech giants like Samsung Electronics Co. Ltd, No. 658 in the Internet Retailer 2016 Global 1000; Apple Inc. (No. 2) and Google Inc. have been stepping up efforts to connect all kinds of devices—from thermostats to smart watches—to the internet.

In 2015, Amazon introduced Dash Buttons, which attach to washing machines and pantry doors and, when pressed, reorder supplies like detergent and Kraft Mac & Cheese. This year, GE put out a washer that can automatically reorder detergent if it’s running out, and makers of devices ranging from printers to glucose meters are following suit. Companies ranging from Microsoft to IBM have launched new tools to make it easier for smaller companies to manage internet-connected devices. Altogether, the network of connected objects is expected to eventually dwarf the internet of people: Some researchers predict that by 2020 as many as 20 billion devices will be connected, up from more than 6 billion now.

The background

In 1982, computer science students at Carnegie-Mellon University put sensors in a Coca-Cola vending machine and connected it to an early version of the internet so they could tell if it was empty without having to walk all the way there. The term internet of things was coined in 1999 by Kevin Ashton, the co-founder of an MIT center that helped develop the radio chips that businesses now use to track goods and materials. But for the most part, web-connected gadgets remained out of consumers’ reach until the rise of smartphones, which use a score of sensors to track everything from motion to eye movement, led to a steep drop in prices. Sensors typically connect to an at-home hub via a Wi-Fi network or connect to other devices via Bluetooth technologies.

The argument

More data, more problems. The data collected, monitored and transferred by wireless devices can include names, addresses, credit card numbers or even health information. Doors and electrical systems can provide clues into whether a house is empty. And while technology companies confidently power ahead, U.S. officials are moving more slowly, trying to fashion rules that could keep the internet of things from becoming a vast feeding ground for hackers who could turn devices against their owners as well as steal information, a task that gained urgency after the Dyn bot-net attacks.

Former U.S. Vice President Dick Cheney said that he disabled the wireless feature on his defibrillator in 2007 because he feared terrorists could use it to kill him. The U.S. Federal Trade Commission brought charges against the maker of web-enabled security cameras for leaving the devices vulnerable to hackers. Hardware companies are also struggling to figure out which devices mainstream consumers will be willing to pay to connect to the web. Nest says its $249 thermostat will pay for itself by lowering heating and cooling bills. But wireless diapers may have to be a lot cheaper before consumers regard them as anything more than a novelty.


Leave a Reply