Smart-Home Devices: The Ugly
Technology is fundamentally good and helpful to us; but, like so many things in our modern world, there is the good…the bad…and the ugly.
In October 2016, what might have been the largest Internet crash in the United States occurred, crippling Web sites – and in the process businesses because of lost productivity – and sending an alarming message to Americans from the East Coast to the West Coast that connectivity comes with consequences.
The malicious cyberattack, actually a series of them, was described by authorities as a distributed denial of service, or a DDoS, hack job that has yet to be solved. The DDoS hack job targeted Dyn, a company that provides online-infrastructure services such as domain names, email clients and traffic controls, among other behind-the-scenes software support that allows the Internet to operate.
“Typically, DDoS attacks are targeted at single websites, not a big DNS hosting provider,” Brian White, chief operating officer of Red Owl Analytics, a security firm in Austin, Texas, that recently was acquired by Forcepoint, told the San Francisco Chronicle in an article titled “Internet attacks cause major Web outage.”
GitHub, a code supplier, was on the hit list, as was Twitter. Other sites affected, most of them wildly popular and visited frequently, included Airbnb, Amazon, Etsy, Kayak, Netflix, Reddit and Spotify. In addition, The Boston Globe, CNN, The New York Times and Wired were down.
“Taking out one DNS provider can affect thousands and thousands of websites, turning big sections of the Internet black for a while,” White said. “Without DNS the Internet goes dark.”
The hack job was so monumental, lasting for hours and compromising countless computers, that the Federal Bureau of Investigation, the U.S. Department of Homeland Security and the White House were monitoring it.
“DDoS remains a popular protest attack,” White said. “Most attacks today are designed to avoid detection and steal information, but DDoS is a very public demonstration. Though we don’t yet know the intention or a perpetrator, this attack was clearly designed to grab attention.”
Extortion remains the most-common motive for cyberattacks, with the bad guys demanding serious money in exchange for freeing up information. With no million-dollar ransoms broadcast, authorities believe the October 2016 cyberattack might have been for sport.
“There are a number of reasons why someone might want to do this,” Jeremiah Grossman, chief of security strategy at SentinelOne, a security firm in Palo Alto, Calif., said in the San Francisco Chronicle article. “The easiest one is they’re just jerks – and that’s not uncommon. Reason No. 2 is extortion, though that doesn’t seem to be the case here. Reason No. 3 is maybe you’re just stretching your legs, trying to figure out what you’re capable of.”
All of the above gives great pause to connectivity – and not just DNS connectivity but also consumer connectivity. Smart devices, which probably will be the top gifts of choice for the 2017 holiday season, as there are so many on the market, can be hacked into. Think about it: Alarm clocks, flat-screen televisions, vacuum cleaners, wearable tech and more are vulnerable to cyberattacks. So exists the Internet of Things.
“The Internet of Things encompasses a wide array of electronics: smart washing machines that will text you when your clothes are done, refrigerators that can order more groceries, wearable tech that can monitor your biorhythms, and talking toys that respond to words uttered by children,” according to another San Francisco Chronicle article titled “How smart home devices are being hijacked to attack Internet.”
Yes, children’s toys. Barbie, the iconic blond bombshell, has gone AI (artificial intelligence). The half-century-old doll, reworked as Hello Barbie, is programmed with speech-recognition software so children can have conversations with her. She talks and listens. Cool, huh? Yes and no. The creation of Hello Barbie puts a mini computer into a child’s hands, one that, if hacked, can threaten safety.
“…even if it is the most security and privacy hardened toy of its kind, the doll marks a watershed moment,” writes Sean Sposito on the SFGATE Web site in an article titled “Will Barbie be hackers’ new plaything?” “If Hello Barbie succeeds in the marketplace, other toy makers will take that as a sign that they, too, should employ similar tactics. And they might not be so careful.”
Here are tips on how to potentially prevent a cyberattack in the ubiquitous smart home of today.
- Research before buying hardware and software.
- Strengthen wireless systems and use encryption.
- Change passwords often – not easy ones.
- Audit / update smart-home devices regularly.
“Among security researchers, putting a piece of tape over a computer webcam has become a tongue-in-cheek recommendation for those who are extra paranoid about their privacy,” writes Brian X. Chen in a New York Times article titled “Here Is How to Fend Off a Hijacking of Home Devices.” “With smart speakers like the Amazon Echo and Google Home, there is an equivalent: a mute button to disable the device microphone so it can no longer listen.”