As we connect everything from Barbie dolls to front-door locks and cars to the Internet, we’re creating more—and possibly more dangerous—potential ways for cyberattackers to wreak havoc.
Security researchers have reported on the ease with which you can break into a range of connected gadgets like baby monitors and cars. This past summer a piece in Wired showed how a software bug could be exploited to control a Jeep driving down the highway. (Jeep owner Chrysler quickly fixed the bug.)
Mika Ståhlberg, director of strategic threat research at the Finnish security company F-Secure, points out that while a hacked credit card may be a headache, a hacked smart lock could open your home to burglars.
A number of startups have started offering security for the Internet of things. In November, F-Secure announced a product called Sense that can monitor Internet-connected devices like smartphones, smart lights, and baby monitors. The device, which should be available in the spring, keeps an eye on network metadata—which includes information like where data is going or coming from, and how much is being sent overall—and blocks activity thought to be malicious. Atlanta-based Bastille, meanwhile, uses sensors to keep track of connected devices by measuring the electromagnetic signatures of different devices in an office. The sensors can track devices that use communication protocols like Wi-Fi and low-energy Bluetooth or work over cellular networks, and its software can tell where they are to within three meters. Bastille’s tactic of scanning a wide spectrum of radio frequencies suits Internet-connected gadgets since they are designed using many different protocols.
The potential range of attack targets is rising: Gartner, the market research firm, predicts that by 2020, almost 21 billion gadgets will be connected to the Internet, up from 4.9 billion today. “This is the World Wide Web of 1994, 1995. We know it’s going to be big,” says Phil Levis, an associate professor at Stanford who co-directs the university’s Secure Internet of Things Project. “It’s going to be a security train wreck, much as the Web was for 10 years or so until people figured it out.”
Levis isn’t convinced monitoring is the best approach, because behavior variations will only show up after a device has been compromised or an attack has occurred, he says. What really needs to happen, he says, is for device manufacturers to write secure software in the first place. The Internet is in some ways more secure now than two decades ago, because developers are more careful and clean up dangerous code. These lessons have yet to be picked up by many Internet-of-things developers, he says.
Here’s how a Twitter engineer says it will break in the coming weeks
One insider says the company’s current staffing isn’t able to sustain the platform.
Technology that lets us “speak” to our dead relatives has arrived. Are we ready?
Digital clones of the people we love could forever change how we grieve.
How to befriend a crow
I watched a bunch of crows on TikTok and now I'm trying to connect with some local birds.
Starlink signals can be reverse-engineered to work like GPS—whether SpaceX likes it or not
Elon said no thanks to using his mega-constellation for navigation. Researchers went ahead anyway.
Get the latest updates from
MIT Technology Review
Discover special offers, top stories, upcoming events, and more.