It’s been a weird couple of weeks for the Internet of Things. As we connect everything to everything else, we inadvertently create a huge attack surface for hackers, and we’re starting to see the chinks in the armor.
Let’s say you fancy a fast car. Flavio Garcia, a University of Birmingham computer scientist, discovered the algorithim that verifies the ignition key for luxury cars like Porsches, Audis, Bentleys, and Lamborghinis. He was slapped with an injunction to ban him from disclosing his findings at the Usenix Security Symposium in order to prevent sophisticated criminal gangs from having the analytics tools for widespread car theft.
You might need Garcia’s algorithm to steal a car, but soon, with an entirely different algorithm, you may be able to crash one into a tree or disable its brakes from a distance. Or maybe it’s a fast boat you’re after. Mess with its GPS, and you can steer it where you want without the crew noticing.
But why go to all that trouble when you can just get bank machines to spit out money, as the late hacker Barnaby Jack had demonstrated? Then again, you could just bend someone’s house to your will, remotely, and extort money from them, as Kashmir Hill did for this Forbes piece.
If you’ve got good mind for code and a loose moral code, tomorrow’s world is your oyster.
When everything is linked, everything is hackable
Today, the Quantified Self is OCD-for-the-digerati. But there’s little question that an industrial Internet in which everything is connected is right around the corner. In an interview with Kara Swisher, General Electric CEO Jeff Immelt makes it clear that his company thinks this is where we’ll find the efficiencies of tomorrow. And a company like GE, with well over $100M in sales backlog, should know.
Here’s a funny (though admittedly impractical) example to prove just how hackable a connected world might be. Use a license plate as a way to inject arbitrary SQL code into a traffic camera’s software and delete the table of violators.
While it probably doesn’t work, it’s a great example of how everything is hackable at some point. And there’s a decent thread about how to hack traffic cameras using a variety of techniques on Stackexchange.
All this hacking is the dark side of a connected world. There is a fundamental tension between the efficiencies of ubiquitous computing (cars that drive themselves don’t get distracted, and might be much safer) and the risks of a connected world (the only unhackable machine is a disconnected machine.) We can’t disconnect a smart device from the world around it without crippling the very benefits we were after in the first place. But as these examples clearly demonstrate, even a slightly connected device has vulnerabilities.
Will we get in a driverless car or plane, or will we have to fall back to a low-tech world of sextant navigation and analog phones, Battlestar Galactica style? Have you updated your house’s antivirus lately? And as our mobile devices increasingly turn into prosthetic brains, can a neural attack—Neal Stephenson’s eponymous Snow Crash—be far off?
Technology often winds up kicking us in unexpected ways. We’ll be exploring some of these changes in the Connected World track at Strata New York + Hadoop world.
Meanwhile, if the unintended consequences of technology fascinate you as much as they do me, check out Edward Tenner’s Why Things Bite Back: Technology and the Revenge of Unintended Consequences. And if you want a quick fix of Tenner’s wry eye, here’s a recent TED talk in which he revisits some of these problems.