As part of Ars UNITE last week, Ars IT Editor Sean Gallagher outlined what many already know—the Internet of Things (IoT) is inevitable. However, this being Ars, he also documented that future’s dirty little secret. At the moment, companies seem to be overlooking the security of the Internet of Things in favor of its promise.
That revelation may not be new to Ars readers, who give a resounding “LOL, NO” to this movement. The past year includes dozens of IoT security horror stories from hacked baby monitors and eavesdropping laser printers to classics like commandeered smartlights or an army of remote-controlled routers. But the growing concern over IoT’s darkside caught the eye of NPR’s All Things Considered this week, and yesterday Gallagher joined host Robert Segal to tell him all about it.
We particularly felt some parental pride when Gallagher took the opportunity to chat IoT and turned it into a security lesson. Segal asked him if Ars readers are excited about the possibilities of IoT (again, “LOL, NO”), and Gallagher went on to explain how something as innocuous smartlights can be damning.
“If that light bulb is sharing the same Wi-Fi network as everything else in your home and you’ve given it essentially the Wi-Fi password to connect to your network, it can see everything on your network. So you could have your light bulb stealing everything that you print.
“The software that is on these devices, it’s based on an operating system, that’s a general-purpose operating system in many cases, and often it’s built and sent out as cheaply as possible with very little done to check the security of the underlying software. … The concern is that someone will be able to figure out a way to gain access to that and use these devices for malicious purposes.
“It’s already happened with Internet routers. There’s a group called the Lizard Squad that took over thousands of home routers and connected them to a website, which they let people use to conduct denial-of-service attacks against other websites. They were able to take down the Sony PlayStation gaming network and also attacked Microsoft’s Xbox network … using this site that was essentially remote-controlling thousands of zombie Internet routers. So you can imagine this applied to light bulbs and to dishwashers and to refrigerators as well.”
The whole segment is available on NPR.org or you can listen above.