My brother can’t function in the morning until he has a cup of coffee. So I use his daily routine as an example.
Picture my brother stumbling down to the kitchen one morning only to find his internet-enabled coffee maker won’t work. There’s a message on his iPhone: “We have taken control of your coffee pot and unless you pay $5, you won’t have your coffee.” This actually hasn’t happened. At least, not yet.
I have been talking about the security threats to common household items connected to the internet – that is, the Internet of Things (IoT) – for several years now, and unfortunately, every other dire warning has come true so far. Upper management has to take greater notice of risks exposed both in the products they produce and the products that they use and take action to mitigate those risks. Recent events underscore this need.
Two years ago an internet-enabled refrigerator was commandeered and began sending pornographic spam while making ice cubes. Baby monitors have been turned into eavesdropping devices and there are concerns about the security of medical devices, such as computerized insulin pumps. In October, thousands of security cameras were hacked to create a massive Distributed Denial of Service (DDoS) against Dyn, a provider of critical Domain Name System (DNS) services to companies like Twitter, AirBnB, etc. Then there is the recent disclosure of CIA tools for hacking IoT devices, such as Samsung SmartTVs, to turn them into listening devices. These are only a few examples highlighting the threats.
Threats to IoT can be divided into two categories. First, devices are taken over to do something they are not intended to do, like a security camera that becomes part of a botnet attack. But also devices can be commandeered to do exactly what they are intended to do but in a devious way. Think of directing a self-driving car to drive off a bridge. Consider the cyber attack on Iran’s nuclear enrichment centrifuges to make them rapidly speed up and then suddenly slow down (imagine pushing down hard on the accelerator, and then the brake in your car), which eventually seriously damaged them. That flummoxed operators who had never planned a response to prevent something like that because why would you do that in the first place?
Read the full post at Forbes.
Stuart Madnick is the John Norris Maguire (1960) Professor of Information Technology, a Professor of Information Technology and Engineering Systems, and the Co-Director of the PROFIT Program at the MIT Sloan School of Management.