Slashdot Mirror
Security Experts Believe the Internet of Things Will Be Used To Kill Someone
dcblogs writes: Imagine a fleet of quad copters or drones equipped with explosives and controlled by terrorists. Or someone who hacks into a connected insulin pump and changes the settings in a lethal way. Or maybe the hacker who accesses a building's furnace and thermostat controls and runs the furnace full bore until a fire is started. Those may all sound like plot material for a James Bond movie, but there are security experts who now believe, as does Jeff Williams, CTO of Contrast Security, that "the Internet of Things will kill someone". Today, there is a new "rush to connect things" and "it is leading to very sloppy engineering from a security perspective," said Williams. Similarly, Rashmi Knowles, chief security architect at RSA, imagines criminals hacking into medical devices, recently blogged about hackers using pacemakers to blackmail users, and asked: "Question is, when is the first murder?"
This event has already occurred, it just wasnt called Internet of Things. IN short, this is pure click-bait.
Good-bye
... they should return their "security expert" certification.
Given how lazy and incompetent most device makers are about security, as soon as you have a bunch of marketing guys going "yarg, teh interweb of things" you just know there's going to be terrible outcomes.
They're not interested in designing something which is good, or safe, or well engineered. They're interested in being first to market, and what to put on the power point slides. Which means they'll take shortcuts, or ignore security entirely.
So, I'm sorry, but I'm betting a chunk of people on Slashdot have been saying this would happen for years -- I know I have, and I've seen lots of other people say so.
I have always thought the IoT was both a stupid idea, and one which would eventually kill someone.
No way in hell I'd give my fridge or my toaster access to my network, because I don't see any value in that.
This is the pipe dream of marketing people, and futurists who claim this will somehow improve our lives. But without a lot more proof these companies know what they're doing, you can't trust them.
Hell, the people who make things which are supposed to be connected to the interweb can't get security right. The people who make your fridge? Not bloody likely.
Don't want your smart TV, don't want your smart toaster.
Lost at C:>. Found at C.
This.
Because America doesn't already have the highest per-capita rate of firearms ownership and the highest per-capita rate of homicides by firearm in the world.
Oh, wait...
Il n'y a pas de Planet B.
Seems the US is in the mid range here:
http://en.wikipedia.org/wiki/L...
Although I suppose the worst offenders are in the third world.
Mod me down, my New Earth Global Warmingist friends!
Here the US is like 180th:
http://en.wikipedia.org/wiki/L...
Mod me down, my New Earth Global Warmingist friends!
One day rock be used to kill someone. Og think mankind is the real monster.
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
They did accept a $10 million bribe from the NSA to gimp their own security.
Does that mean that a dial-up connection would result in a slow, painful death?
Political correctness is really just herd psychology pushed by insecure people who desperately seek social conformity.
One day rock be pet. Ug be rich.
Get free satoshi (Bitcoin) and Dogecoins
http://www.salon.com/2013/08/21/report_michael_hastings_feared_his_car_had_been_tampered_with/
Fucking DUH!
This stuff isn't something we have to imagine, books and movies have already shows tons of nefarious ways to use this idiotic "internet of things"
Not everything needs to be connected to everything else...
Perhaps engineers might actually come up with a different angle: How about "This Device is certified to NOT be connectable to the Internet of Things".
Simple. To the Point.
Certified Dumb Device.
Might be a thing to consider.
The Seduction
Imagine the world 10 or 20 tears into the future, when the IoT is becoming fully realized. Our homes and businesses have become a large network of every manner of "thing". Due to "network effects", the value of this technology and its ability to transform our lives has grown exponentially, way beyond what we could ever imagine. We are very bit as dependent on The Internet of Things as we were on the Internet of decades ago.
The Reality Today
The Internet, with all its wonders it has brought us, is out of our control. It appears there is no way to secure it. There is no end to hacks and vulnerabilities. Spam, viruses, malware, credit card breaches by the millions, military secrets stolen, loss of privacy on massive scale, DoS attacks, hacking into peoples web cams and microphones, entire systems p0wnd (Sony lately), billions upon billions of dollars in losses and damages. How can we go on like this? All the brilliant ideas of our best computer scientists to protect our computers and systems seem useless. The criminals are always one step ahead of us, no matter what we do.
If we could have predicted all the problems with the Internet as it is today, back when - would we have embraced it as we do now? It can only get worse with the IoT. Imagine when every day items start attacking you like some scene from a horror movie. It will become our worst nightmare.
We need to pause, step back, and look at the bigger picture.
Unfortunately, I have no answers. All I have are questions.
Name one? Bonus points if the maker's business model doesn't revolve around selling your personal habits and data for profit.
Canada had conscription .. briefly, during WW1 and again during WW2. Not since.
No way in hell I'd give my fridge or my toaster access to my network, because I don't see any value in that.
You don't see any value in perfect toast?
..and this is what I've been saying, and will KEEP saying.
No lack of full manual controls.
No lack of an unimpeachable manual override of automated control.
Preferably, no wireless way to access the vehicles' systems at all.
All operators of 'autonomous' cars still required to be trained and certified for full manual control of the vehicle.
Anything else would be utter madness.
Are YOU using the TOOL, or is the TOOL using YOU? Think about it!
[_] easy access to weapons (that can be used in murders)
[_] difficult access to weapons (that could be used to *deter* murders)
[_] people who make themselves potential targets
[_] too revealing clothes
[X] murderers
Linux is for people who don't mind RTFM.
Similarly, Rashmi Knowles, chief security architect at RSA, imagines criminals hacking into medical devices, recently blogged about hackers using pacemakers to blackmail users, and asked: "Question is, when is the first murder?"
Shortly after you fuckers took a $10M bribe to weaken your security. It would be the icing on the cake if someone died because of that.
How about we just not do it?
I don't need my microwave, toaster, coffeemaker, fridge, stove, connected to the Internet.
Nor my TV, lighting, or sound system.
Nor my toilet.
The smarter things get, the dumber we get. How many of us, if we loose our smartphones, won't remember the phone numbers of the people we should call to give them our new number? If this keeps on, eventually we'll need an app just to call 9-1-1.
Simpler is often better and cheaper, and when something goes wrong, easier to fix.
"Transparent" is a shit show that trades on every stereotype going. A man in drag is NOT a transsexual.
There was a Doctor Who novel, I think this one, The Murder Game by Steve Lyons, where there was an "Assassination program"... a sophisticated malware package that just required to be configured with the victim's name, and it would search out means to physically kill them via computer-controlled objects.
I'm no expert, but even today it sounds almost possible. You need: (1) a way of tying victims to physical objects and locations (DMV records, toy purchases, planning permission applications, ... ), (2) hacks for physical objects (cars, street lights, Mindstorm Legos, home automation systems, ...),
(3) a worm/virus base to spread the code to computer systems physically near the objects.
If that sounds like an implausible engineering effort, remember that malware packages are incrementally improved on and made more powerful over time... it would start out with some simple and unlikely-to-succeed algorithms, and evolve into something with a huge array of killing options.
(Maybe at that point people would start taking privacy seriously.)
1. Buy a new phone.
2. Get a new sim with your current number on it.
3. Restore last backup to new phone.
4. Profit!
I know all the important numbers I usually call since Siri's name recognition isn't really reliable enough to use. I usually just dial by saying "dial 555-7654"
At college in '93 someone in the computer science building connected the Coke machine to the net. You could telnet in and get the current temp with an ascii art representation of how many cans were loaded in each slot. Totally useless, but totally awesome. I had it programmed into TinyFugue so I could check and see if the Dr Pepper slot was full at 3 AM just by hitting F8 when I was mudding in the lab on Muddog. And now I feel old.
While I don't NEED my stove to be internet aware and firmware upgradeable, it would be cool if it could be polled to check the burner status or if it sent me an alert if it had been on for longer than is sane so I don't burn my house down. The market can dictate what is and isn't useful. I doubt you'll see too many connected blenders. I guess we'll see!