Welcome to the Internet of (hackable) Things, where everything can be hacked

BLOG: Heidelberg Laureate Forum

Laureates of mathematics and computer science meet the next generation
Heidelberg Laureate Forum

If you haven’t been paying attention, everything around you is getting smarter. It’s not just phones or laptops — cars, appliances, even houses are becoming smarter. This is the so-called Internet of Things (IoT), where objects communicate with the environment and each other and you can control things with a smartphone app.

But as cool and useful as this may be, there’s a downside to it: smart things can also be hacked.

Image in public domain.

Io(h)T

The Internet of Things is sweeping the world. The principle is simple: make objects capable of sensing the environment and communicating (with humans and with each other), mostly through the internet. Making things smart can well and truly change the world, but it also brings in a deluge of potential risks, a 2017 arXiv study cautions on the risks of the Internet of hackable Things:

“The Internet of Things makes it possible to connect each everyday object to the Internet, making computing pervasive like never before. From a security and privacy perspective, this tsunami of connectivity represents a disaster, which makes each object remotely hackable,” the study authors write.

While society is starting to take notice of the risks associated with big data (just look at Facebook’s Cambridge Analytica scandal), the risk of hackable objects tends to fly under the radar. Let’s leave things like laptops and smartphones out for a moment — we all (hopefully) know the hacking and data risks that come with those — and look at IoT devices.

Perhaps the most famous IoT devices are digital assistants like Alexa, Google Home, or Siri. As of December 2019, roughly 1 in 4 US homes owned a sort of smart speaker, and the number continues to rise. In other parts of the world, adoption is slower, but it’s still growing. What do all these have in common? Well, in addition to making your life easier and increasing connectivity, they can all be hacked with a laser pointer.

The attack exploits a vulnerability in the devices’ microphones, which can react to light as if it were sound, as explained in this paper and showcased below.

Sure, it’s not the most straightforward hack, but it is a risk — and it’s not the only one. A recent Alexa hack (now fixed) could have exposed users’ voice history to attackers.

Keeping an eye on you

Another household item, security cameras, can also be attacked with relative ease. CNN managed to obtain access to a number of IoT cameras using a search engine for IoT devices. For Japan, this problem is so serious that the country launched a widescale initiative to hack its citizens just to see if it could be done and warn people.

Children can also be exposed to risks. In 2018, one hacker terrorized a family by hacking into their baby monitor camera and threatening to kidnap the baby. Meanwhile, in 2017, Germany banned an interactive doll ‘My Friend Cayla’ and asked parents to destroy existing units.

Cayla was a doll that used speech recognition technology and an Android or iOS mobile app to recognize the child’s speech and have a conversation. The problem is, Cayla could be hacked. The doll was so easily hackable that it became a sort of prank in the IoT world. By simply using Bluetooth to use it as a remote speaker and microphone, Cayla could become a hacker’s spying device.

Cayla is now a piece of Io(h)T history. Image credits: Rhys Jones.

Wearable devices like smartwatches also come with a set of problems of their own, even though they’re not the easiest things to hack. Researchers have shown that some smartwatches can be hacked to send notifications to their wearers (to take pills, for instance — a dementia sufferer might not recall that they had already taken their medication). To make matters even worse, many wearable devices work with Bluetooth technology, which comes with inherent security issues. Wireless networks aren’t much better either: many such networks can be cracked relatively simply. This is not just a hypothetical scenario, it’s already happening.

From toothbrushes to entire buildings

Medical devices like insulin pumps or pacemakers can also potentially be hacked. Two hackers unveiled a number of startling vulnerabilities in some insulin pumps, showing that a simple app could kill a person. In 2017, the US Food and Drug Administration confirmed that St. Jude Medical’s implantable cardiac devices could be easily hacked, and the list goes on.

When everything becomes smart, vulnerabilities also follow. Even toothbrushes now want to know where you are.

Sometimes, it’s not individual objects that get hacked, but industrial ones. In 2016, the residents of two apartment buildings in Lappeenranta, Finland found themselves without heat after hackers launched a DDoS attack against their buildings’ smart thermostats.

The approach is simple but effective: botnet malware scans for IoT devices that still use their default password and enslave them, using them for DDoS attacks. The practice is so common that IoT devices have become one of the driving forces between DDoS botnet attacks for some time.

Cars, of course, aren’t exempt from these risks. The expanding smart capability of cars are exciting, and the prospect of self-driving cars is just around the corner (bonus points for synchronized, smart traffic lights) — but this also comes with security problems. The 2015 hacking of a Jeep car is already famous, and it’s just the tip of the iceberg when it comes to smart cars.

Even something seemingly inconspicuous like agriculture is at risk from hacks. We’ve previously written that smart agriculture and IoT could help feed the world sustainably, but in order to do so, farmers would need to create and use lots of data, and most of the time, they don’t really control or secure that data. Realistically speaking, most farmers probably aren’t even aware of these risks, and experts warn that the risks do exist.

Don’t freak out, but pay attention

Smart cities are already here. Image credits: Laboratorio Linux.

It’s important to keep things in perspective. In most fields, hacks remain exceedingly rare, and potential vulnerabilities don’t eliminate the potential that IoT can bring. Smart things make our lives easier and nicer, they can save energy and resources — and they’re probably here to stay.

But from crockpots to vacuum cleaners, “things” can be attacked, and malicious actors are always on the lookout for ways to exploit technology. As consumers, the most important thing is to stay informed and be careful with the devices we bring into our homes. You may want to check if that cheap security camera has any form of protection against cyber-attacks or Google existing vulnerabilities on your devices. If you value privacy and security, buy accordingly.

Ultimately, this issue won’t go away anytime soon. As the above-mentioned 2017 study concludes:

“In order to tackle this issue, we need to address a new challenge in security: education.”

Avatar photo

Posted by

Andrei is a science communicator and a PhD candidate in geophysics. He is the co-founder of ZME Science, where he published over 2,000 articles. Andrei tries to blend two things he loves (science and good stories) to make the world a better place -- one article at a time.

4 comments

  1. Most hacks are not worth the effort. Unless the hacker uses an automated system that hacks many devices at once. Imagine a near future in which many people enhance their brains with a brain implant like Elon Musk’s Neuralink. A Neuralink hacker could use these people as soldiers who collectively do what he wants. Sure, that sounds like an idea from a dystopian movie – or a variation on 9/11.

  2. What do you mean with ‘smart’ devices? A human as smart as a typical IOT device would end up in the loony bin. Which leads to a second question: Who is responsible, if such devices go berserk? If people are hurt by devices linked to billions of other devices worldwide, where you never will be able ever to retrace the manifold interactions between this devices or between devices and human actors.

    You should stop to use the term ‘smart device’. Those devices are not smart, they are incredibly stupid. Smart devices could act responsibly. The IOT of today is a manure pile of junk and scrap. Extremely fertile, if it comes to grow weeds and vermin.

  3. The main reason why IOT devices have security problems is, that they are very cheap. That means there is no money for security. And you get security not for nothing.

    Additionally more security might render the IOT device less useful or even useless. Think of alexa etc. using a secure voice recognition. (not that I think alexa etc. are really useful) No one would play this them

  4. In 1943, thomas Watson, IBM’s board of directors said, “I believe there will be a need in the world for perhaps five computers.”

    In 1950 there were a few dozen computers worldwide and Howard Aiken wrote in Time magazine, “We’ll have to think up bigger problems if we want to keep them busy.”

    By 1953 there were 100 worldwide, then in 1959 with MOSFET and Silicon integrated Circuits and the programming languages FORTRAN (1957), COBOL (1959) and Algol (1960) computers began to proliferate in science, engineering and business and there were thousands of computers worldwide.

    In 1976, the first PC, the Apple I, came on the market. It was followed by the Apple II, of which more than 100 million have been sold.

    Since 1990, there have been hundreds of millions of computers worldwide.

    Then came the smartphone: 122 million in 2007, 1.5 billion in 2021.

    IPv4, the old Internet address format allowed only 4 billion devices worldwide. Then in 1998, IPv6 was introduced to support trillions of Internet addresses, enabling the Internet of Things.

    The Internet of Things could one day consist of as many “devices” as there are trees worldwide today – that is, 3 trillion.

    But what will follow the Internet of Things?
    Well, IoT will probably be replaced by Smart Dust, i.e. sensors and processors as small as grains of dust. Also hardly distinguishable from grains of sand. When Alice comes home in 2050 and shakes the dust off her coat and hair, she could scatter hundreds of Smart Dust particles on the floor of her room – Smart Dust particles that immediately get to work measuring everything possible.

Leave a Reply


E-Mail-Benachrichtigung bei weiteren Kommentaren.
-- Auch möglich: Abo ohne Kommentar. +