Slashdot Mirror
Security Experts Believe the Internet of Things Will Be Used To Kill Someone
dcblogs writes: Imagine a fleet of quad copters or drones equipped with explosives and controlled by terrorists. Or someone who hacks into a connected insulin pump and changes the settings in a lethal way. Or maybe the hacker who accesses a building's furnace and thermostat controls and runs the furnace full bore until a fire is started. Those may all sound like plot material for a James Bond movie, but there are security experts who now believe, as does Jeff Williams, CTO of Contrast Security, that "the Internet of Things will kill someone". Today, there is a new "rush to connect things" and "it is leading to very sloppy engineering from a security perspective," said Williams. Similarly, Rashmi Knowles, chief security architect at RSA, imagines criminals hacking into medical devices, recently blogged about hackers using pacemakers to blackmail users, and asked: "Question is, when is the first murder?"
This event has already occurred, it just wasnt called Internet of Things. IN short, this is pure click-bait.
Good-bye
... they should return their "security expert" certification.
Bad actors have been using cell phones to trigger IEDs for a while now.
Oh, I'm sorry sir, I thought you were referring to me, Mr. Wensleydale.
Given how lazy and incompetent most device makers are about security, as soon as you have a bunch of marketing guys going "yarg, teh interweb of things" you just know there's going to be terrible outcomes.
They're not interested in designing something which is good, or safe, or well engineered. They're interested in being first to market, and what to put on the power point slides. Which means they'll take shortcuts, or ignore security entirely.
So, I'm sorry, but I'm betting a chunk of people on Slashdot have been saying this would happen for years -- I know I have, and I've seen lots of other people say so.
I have always thought the IoT was both a stupid idea, and one which would eventually kill someone.
No way in hell I'd give my fridge or my toaster access to my network, because I don't see any value in that.
This is the pipe dream of marketing people, and futurists who claim this will somehow improve our lives. But without a lot more proof these companies know what they're doing, you can't trust them.
Hell, the people who make things which are supposed to be connected to the interweb can't get security right. The people who make your fridge? Not bloody likely.
Don't want your smart TV, don't want your smart toaster.
Lost at C:>. Found at C.
This.
Because America doesn't already have the highest per-capita rate of firearms ownership and the highest per-capita rate of homicides by firearm in the world.
Oh, wait...
Il n'y a pas de Planet B.
Seems the US is in the mid range here:
http://en.wikipedia.org/wiki/L...
Although I suppose the worst offenders are in the third world.
Mod me down, my New Earth Global Warmingist friends!
Of course if I had a firearm and everyone knew that I had said firearm, they would be less likely to hack my furnace...
Here the US is like 180th:
http://en.wikipedia.org/wiki/L...
Mod me down, my New Earth Global Warmingist friends!
One day rock be used to kill someone. Og think mankind is the real monster.
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
It's just a load of bulls....[carrier lost]
It can't be 'the Internet of things' if you are still on dial up.
Faster! Faster! Faster would be better!
Them's fightin' words ....
Faster! Faster! Faster would be better!
Imagine a fleet of quad copters or drones equipped with explosives and controlled by terrorists.
Egad! Never mind that, imagine what they could do with an entire pla- nevermind.
systemd is Roko's Basilisk.
Because America doesn't already have the highest per-capita rate of firearms ownership
Correct it doesn't!
You're behind Canada and Switzerland in that particular statistic.
American's always think they have the most guns per capita but that's simply not true, even having less guns that many other peaceful countries you still manage to kill each other with them on a grand scale so that's still something to be proud of
All it takes to protect yourself is one good furnace with a gun.
They did accept a $10 million bribe from the NSA to gimp their own security.
https://www.iamthecavalry.org/
I turned on a firewall, bought ESD boots, and upgraded to Acme AV Pro!
They can't kill me now.
Political correctness is really just herd psychology pushed by insecure people who desperately seek social conformity.
Does that mean that a dial-up connection would result in a slow, painful death?
Political correctness is really just herd psychology pushed by insecure people who desperately seek social conformity.
Yes, it's click-bate, but I agree that there's a rush to connect everything to the internet without thinking about the security consequences; we have enough trouble securing the things already connected to the internet -- never mind an huge influx of cheaply-made, dumb, internet-connected knob turners.
Others have suggested that this isn't new because all technology can and has be used to kill people, but IMHO, the potential for "democratizing" remote and unwanted destruction of physical things is unnerving. Previously, only well-funded governments could pull that shit...
One day rock be pet. Ug be rich.
Get free satoshi (Bitcoin) and Dogecoins
http://www.salon.com/2013/08/21/report_michael_hastings_feared_his_car_had_been_tampered_with/
... believe that this new fire thing will kill someone
... believe that this new talking thing will kill someone
... believe that this new reading thing will kill someone
Fucking DUH!
This stuff isn't something we have to imagine, books and movies have already shows tons of nefarious ways to use this idiotic "internet of things"
Not everything needs to be connected to everything else...
A lot of "smart" things can, are, and will be used to kill people, from smart cars to pacemakers. But the main vector will still be the dumb buyer.
To be fair though, both Canada and Switzerland have forced conscription. So all of their native able bodied gun owners have completely weapons handling training at the military level.
-Rick
"Most people in the U.S. wouldn't know they live in a tyrannical state if it walked up and grabbed their junk." - MyFirs
Perhaps engineers might actually come up with a different angle: How about "This Device is certified to NOT be connectable to the Internet of Things".
Simple. To the Point.
Certified Dumb Device.
Might be a thing to consider.
The Seduction
Imagine the world 10 or 20 tears into the future, when the IoT is becoming fully realized. Our homes and businesses have become a large network of every manner of "thing". Due to "network effects", the value of this technology and its ability to transform our lives has grown exponentially, way beyond what we could ever imagine. We are very bit as dependent on The Internet of Things as we were on the Internet of decades ago.
The Reality Today
The Internet, with all its wonders it has brought us, is out of our control. It appears there is no way to secure it. There is no end to hacks and vulnerabilities. Spam, viruses, malware, credit card breaches by the millions, military secrets stolen, loss of privacy on massive scale, DoS attacks, hacking into peoples web cams and microphones, entire systems p0wnd (Sony lately), billions upon billions of dollars in losses and damages. How can we go on like this? All the brilliant ideas of our best computer scientists to protect our computers and systems seem useless. The criminals are always one step ahead of us, no matter what we do.
If we could have predicted all the problems with the Internet as it is today, back when - would we have embraced it as we do now? It can only get worse with the IoT. Imagine when every day items start attacking you like some scene from a horror movie. It will become our worst nightmare.
We need to pause, step back, and look at the bigger picture.
Unfortunately, I have no answers. All I have are questions.
these newfangled horse less carriages stampeding down roads running people over. Now imagine a group of no good terrorist using those the run people over. So I say lest get back to horses and slow down a bit, step back, and look at the bigger picture.
by TheSpoom (715771) Uncaring Linux user here. I have nothing to add to this but please continue. *munches popcorn*
Anything you can name, will eventually be used to kill someone.
"To those who are overly cautious, everything is impossible. "
Where do you get this about Canada?
Canada had conscription .. briefly, during WW1 and again during WW2. Not since.
I had dialup Internet. Hell, when I didn't even have dialup Internet I called the dialup shell for my university's unix system, ran a SLIP emulator program called slirp, and invoked my SLIP client on my computer to establish a TCP/IP socket so I could use network-capable programs. It was only 14.4, and that was painful after having been in the pilot neighborhood for cablemodem before that, but it was better than nothing.
To actually get to the point though, embedded devices don't necessarily require much in the way of bandwidth, especially if the systems in the embedded device don't need constant communication to do their jobs. Simple instruction to run scripts or programming is enough if the device is capable of doing things outside of what should be normal operation, like in a diagnostic or service mode.
Do not look into laser with remaining eye.
Humans have killed people with all sort of technology. They are quite creative about the topic. They drowned people in their own bathtub or toilet. They burned down houses and even used pest invested dead people as weapon. Of course they will use any new technology also to do it. However, using model planes or helicopters to kill people is not new. Furthermore, they are not Internet of Things or IoT is any remote controlled vehicle implying the radio control is also some sort of Internet. In general IoT is a stupid term as is it Internet of Humans. Internet is just the combinations of networks to form a large one. When at all, it should be called Internet for Humans and Internet for Things.
We had the ability to have a secure Internet back in the 1990s. However, with the average corporate desktop copy of Windows initially having no security other than logging into the Netware server to show a share, security primarily moved to the network.
The problem with IoT is that we (as in general organizations) have a lot of experience in securing networks. However, all IoT devices are edge devices... and it doesn't take a CCIE to realize the problem with that, especially the fact that the tech to secure machines is far trailing the expertise in securing network fabric.
Hello, HAL. Do you read me?
"Win treats sysadmins better than users. Mac treats users better than sysadmins. Linux treats everyone like sysadmins."
No way in hell I'd give my fridge or my toaster access to my network, because I don't see any value in that.
You don't see any value in perfect toast?
..and this is what I've been saying, and will KEEP saying.
No lack of full manual controls.
No lack of an unimpeachable manual override of automated control.
Preferably, no wireless way to access the vehicles' systems at all.
All operators of 'autonomous' cars still required to be trained and certified for full manual control of the vehicle.
Anything else would be utter madness.
Are YOU using the TOOL, or is the TOOL using YOU? Think about it!
"Imagine a fleet of quad copters or drones equipped with explosives and controlled by terrorists."
Imagine a fleet of diamond mining slaves equipped with shovels and controlled by capitalists. :)
We could do this all day long. There are too many ways to kill people but only because people kill people.
The government which is strong enough to protect you from everything is strong enough to take everything from you.
[_] easy access to weapons (that can be used in murders)
[_] difficult access to weapons (that could be used to *deter* murders)
[_] people who make themselves potential targets
[_] too revealing clothes
[X] murderers
Linux is for people who don't mind RTFM.
that you can flush from your smartphone.
All fun and games until a hacker gets in and causes it to overflow.
I'd like to see the FDA (and its counterparts in other countries) require medical device manufacturers to make the source code for their products available under an OSI-approved open source license. Submission and review of the code would be a prerequisite for a device to be approved for sale and use in a particular country. If someone implants a device, e.g., a pacemaker, in me, I'd like to know exactly what it's doing. Does it call home and transmit my medical data to the vendor (or elsewhere)? Does that connection use up battery power that would require earlier surgery to replace it? Can the vendor (or a hacker) perform over-the-air updates to the code? It's not that I would plan to modify the source code or redistribute it, but it would allow non-vendor experts to review and certify the code, thus giving everyone greater confidence in the proper functioning and security of the device.
Similarly, Rashmi Knowles, chief security architect at RSA, imagines criminals hacking into medical devices, recently blogged about hackers using pacemakers to blackmail users, and asked: "Question is, when is the first murder?"
Shortly after you fuckers took a $10M bribe to weaken your security. It would be the icing on the cake if someone died because of that.
Canadians ;)
The way they described it was similar to how my German friends described it. After high school you have to do something; college, apprenticeship, peace corps/community service, or military. You can't just graduate and keep flipping burgers.
Every Canadian I know is either former Mounty or Army. There may be some nuance to it that I'm not aware of, or perhaps I am ill informed.
-Rick
"Most people in the U.S. wouldn't know they live in a tyrannical state if it walked up and grabbed their junk." - MyFirs
We already have fleets of drones equipped with explosives killing people. No terrorists required.
They mean used to kill someone on purpose, which is obvious. A more interesting question is, will the "Internet of things" kill someone deliberately or accidentally first? (Sadly it probably already has on both counts.)
From my observation, the Internet of Things is being sold to companies that want big data and lower costs obtained by monitoring end-users and their gear. Since the end-user is not the customer, it is not surprising that there is lots of very sloppy IoT code and gear out there. A few lawsuits will help this situation, but it is unfortunate that some people will have to suffer for that to happen.
There was one model of car in Europe that was completely drive-by-wire. Of course, when the computer on that glitched, it caused wrecks, and there was nothing the driver could do, as steering was physically disconnected from the wheel, same with brakes.
Try is - Infiniti Q50 - a friend had one as loaner for his FX30d and I got to take it for a spin. Fantastic car to drive, and insanely quick acceleration. The other nice thing was that when you hit a bump you got just enough feedback to tell you that you've hit a bump. You get the responsive steering without any annoying juddering (the roads where I am are horrific, and it feels like my run-flats are flat).
Not sure what car you're alluding to, or even if you're just making it up - which I guess you are - as I can find no mention of wrecks caused by a fly-by-wire car. Please, correct me if I'm wrong.
...or Get Smart episode? - You be the judge.
And did you exchange a walk on part in the war for a lead role in a cage? - Pink Floyd.
There was a Doctor Who novel, I think this one, The Murder Game by Steve Lyons, where there was an "Assassination program"... a sophisticated malware package that just required to be configured with the victim's name, and it would search out means to physically kill them via computer-controlled objects.
I'm no expert, but even today it sounds almost possible. You need: (1) a way of tying victims to physical objects and locations (DMV records, toy purchases, planning permission applications, ... ), (2) hacks for physical objects (cars, street lights, Mindstorm Legos, home automation systems, ...),
(3) a worm/virus base to spread the code to computer systems physically near the objects.
If that sounds like an implausible engineering effort, remember that malware packages are incrementally improved on and made more powerful over time... it would start out with some simple and unlikely-to-succeed algorithms, and evolve into something with a huge array of killing options.
(Maybe at that point people would start taking privacy seriously.)
Famous last words of Admiral Yamamoto?
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Since it means jack shit where you are on the internet, the very last place I'd be if I wanted to kill you with an appliance attached to the internet is anywhere near you.
Now please excuse me, I have to catch a plane to Malaysia.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
I pity the fool who gets to bite it, but apparently it is a necessity that people can die from something before anything remotely resembling safety and security gets implemented.
Then again, why should I pity someone who has no idea what he is doing but feels the pressing urge to do it anyway?
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
You can strap little bombs to thousands of birds, you know, flocks of 'em, and they have the detonators in their beaks. Then put breadcrumbs on the target/victim...
Or how about a big bomb with a big magnet on it so that it sticks to the bottom of a car or truck, then send in a special-ops stealth trained parrot to sneak in and detonate it?
Or radioactive flamingo dirty bombs?
It's only a matter of time before someone comes up with a dastardly plan like this. We have to stop them now! Air traffic control and passports for birds, immediately. Stop the avian terrorist threat!!!
Or someone who hacks into a connected insulin pump and changes the settings in a lethal way.
for the lulz!
Nice snarky comment, but not helpful.
What you seem to forget is that the current trend in development (buzzworded 'Internet of Things") is about to make the infrastructure that is open to unauthorised access a million times more pervasive, and the real-world impact of such unauthorised access a thousand times more severe. As in people getting killed.
This article is one of the first (more or less mainstream) articles where the danger is recognised, named, and presented in a way even Joe Sixpack can wrap his grey matter round.
Please bear in mind that whether *you* realise something is dangerous doesn't matter one way or another because you have zero impact on the trend. You don't matter (and neither do I or any other geek for that matter).
It's only when mainstream media get hold of the idea, the public learns from them, and politicians start worrying because it's what their voters worry about that you'll see any potential for serious adjustment.
So, if you think about it for a few minutes, you ought to be glad that this article is written and you'll see how unhelpful your comment really is.
The net and computers are simply tools. In fact they are very powerful and world changing tools. And the funny thing is that good things almost always take a life here and there. How many people have perished from a table saw accident? And even as something as innocent as a play or a sonnet will tend to leave a body count. I'd bet money that arguments by Shakespeare experts have led to violence now and then over the meaning of a phrase in some work of Shakespeare. And the Bible and the Koran both have a body count in their wake as well. To think that the net, computers and data mining will not do someone, somewhere, a lot of harm would be the thoughts of a fool.
Interesting. I looked and couldn't find any reference to it at all. It certainly doesn't seem that military service is compulsory, but I didn't find any reference to civil service either. It's possible I just didn't look long enough or hard enough I suppose.
This.
Because America doesn't already have the highest per-capita rate of firearms ownership and the highest per-capita rate of homicides by firearm in the world.
Oh, wait...
Oh look, a moron who makes up statistics because "I hate guns".
Oh, look, a moron who can't use Google.
Il n'y a pas de Planet B.
Sure some of the example seem more like the near future. But everyone knows that some indirect lethal actions have occurred.
Some hospital under DDoS certainly with telemedicine probably lost a patient, two or even three.
Fortunately for hospitals, they can chalk it up to the patients fault or some other innocuous occurrence with indirect, who really can point the finger?
The fickle finger of fate!
http://www.aisnota.com/slashdot/ Welcome to Logic and the Future