Deployments of “Internet of Things” (IoT) connections, devices and networks will continue to multiply over the next few years despite growing privacy threats and the prospect of opening up billions of new routes for cyber-crackers and hackers to exploit, according a new study from the Pew Research Center about IoT security breaches.
The advantages and benefits the IoT holds out in terms of linking machines to machines (M2M communications) and people to valuable network resources, services and opportunities is overwhelming perceived threats, Pew Research highlights, a development that by and large typifies our penchant for rushing to adopt new technologies well ahead of being able to realize, much less fully comprehend, their implications.
Just four percent of the world’s population was online 18 years ago – in 1999, Pew Research’s Lee Rainie and Janna Anderson write. The term “Internet of Things” was coined and the MIT Media Lab book, “When Things Start to Think,” was published that same year, they note.
As Telecompetitor has been reporting, those visions are now being realized, and fast, spurred on by advances and applications of artificial intelligence (AI) and machine learning. Cars, voice-activated digital assistants, home appliances and home energy systems number among the leading applications being rolled out, but the speed at which IoT technology is emerging is enough to cause mental vertigo.
As the Pew researchers point out, IoT deployments are also growing fast in healthcare and personal fitness, public safety, power, energy and transportation infrastructure, in industrial facilities and retail shops and across commercial and industrial supply chains, not to mention among households, where they are being used for a growing range of purposes, including locating and keeping track of people and pets. Cyber-crackers, hackers and criminals, not to mention businesses and governments, may be drooling at the prospects, at least in a metaphorical sense.
IoT Security Breaches
IoT security specialists presented attendees with 47 IoT vulnerabilities within 23 IoT-enabled products from 21 manufacturers during the Sept. 2016 DEF CON exhibition, Pew points out. Products included door locks, thermostats and wheelchairs.
About a month later, Internet performance management company Dyn was the victim of a massive distributed denial-of-service (DDoS) attack, the authors continue. Having gained control of tens of millions of IoT devices, such as printers, DVRs, cable set-top boxes, Web and even baby cameras, perpetrators used them to carry out the cyber-attack. Among other things, the DDoS attack blocked Dyn’s ability to connect Internet users to the Web addresses they wanted to access, a list that included Amazon, HBO, Netflix, PayPal, The New York Times and Wall Street Journal and Twitter.
Even more vexing, “a simple software program called Mirai was used to create the botnet that initiated the attack,” the authors note.
More broadly, IoT security specialists have been demonstrating the ease with which connected cars, voting machines and even power plants can be cracked and people, organizations and society victimized. Included among several listed by the authors, analysts explained how a vulnerability in the design of smart light bulbs could be used in a “bricking attack” that shuts down traffic lights in an entire city.
The threats extend all the way up to representative democratic systems of government, prospects that haven’t gone unnoticed by leading figures in commerce, industry and government. “My guess is we are reaching the high-water mark of computerization and connectivity and in a few years we are going to be deciding what to connect and what to disconnect and become more realistic about what can work,” the Pew researchers quote a speech given by Bruce Schneier at the Organization for Economic Cooperation and Development (OECD) in Cancun, Mexico in June 2016.
“We are creating a society by which a totalitarian government can control everything. Right now it’s more power to the powerful. And we are living in a computerized world where attacks are easier to create than defenses against them,” Schneier was quoted.
“This is coming faster than we think. We need to address it now. People up to now have been able to code the world as they see fit. That has to change. We have to make moral, ethical and political decisions about how these things should work and then put that into our code. Politicians and technologists still talk past each other. This has to change.”
Following up on people’s perceptions of the wide and profound range of issues and threats the IoT poses, Pew Research conducted an unscientific poll of 1,201 individuals. Among the highlights:
- 15% believe significant numbers of people would disconnect in light of emerging threats to privacy and security
- 85% believed most people would become even more deeply involved in “connected life.”
Many respondents pointed out that functional and security flaws and vulnerability are intrinsic, irremovable aspects of technological evolution, and that purveyors are always one step behind those looking to identify and exploit them. “People can get used to anything, and – just as with terrorism – the inevitable occasional damage from deliberate or inadvertent failures in highly networked systems will become routine,” a professor of innovation and history at a state university responded anonymously.
“Occasional terrorism using Internet of Things connections is very likely, shutting down infrastructure, hospitals, businesses, etc. Hackers will always find vulnerabilities in highly networked systems, and technical fixes will not change that.”