As we connect everything from Barbie dolls to front-door locks and cars to the Internet, we’re creating more—and possibly more dangerous—potential ways for cyberattackers to wreak havoc.
Security researchers have reported on the ease with which you can break into a range of connected gadgets like baby monitors and cars. This past summer a piece in Wired showed how a software bug could be exploited to control a Jeep driving down the highway. (Jeep owner Chrysler quickly fixed the bug.)
Mika Ståhlberg, director of strategic threat research at the Finnish security company F-Secure, points out that while a hacked credit card may be a headache, a hacked smart lock could open your home to burglars.
A number of startups have started offering security for the Internet of things. In November, F-Secure announced a product called Sense that can monitor Internet-connected devices like smartphones, smart lights, and baby monitors. The device, which should be available in the spring, keeps an eye on network metadata—which includes information like where data is going or coming from, and how much is being sent overall—and blocks activity thought to be malicious. Atlanta-based Bastille, meanwhile, uses sensors to keep track of connected devices by measuring the electromagnetic signatures of different devices in an office. The sensors can track devices that use communication protocols like Wi-Fi and low-energy Bluetooth or work over cellular networks, and its software can tell where they are to within three meters. Bastille’s tactic of scanning a wide spectrum of radio frequencies suits Internet-connected gadgets since they are designed using many different protocols.
The potential range of attack targets is rising: Gartner, the market research firm, predicts that by 2020, almost 21 billion gadgets will be connected to the Internet, up from 4.9 billion today. “This is the World Wide Web of 1994, 1995. We know it’s going to be big,” says Phil Levis, an associate professor at Stanford who co-directs the university’s Secure Internet of Things Project. “It’s going to be a security train wreck, much as the Web was for 10 years or so until people figured it out.”
Levis isn’t convinced monitoring is the best approach, because behavior variations will only show up after a device has been compromised or an attack has occurred, he says. What really needs to happen, he says, is for device manufacturers to write secure software in the first place. The Internet is in some ways more secure now than two decades ago, because developers are more careful and clean up dangerous code. These lessons have yet to be picked up by many Internet-of-things developers, he says.
This new data poisoning tool lets artists fight back against generative AI
The tool, called Nightshade, messes up training data in ways that could cause serious damage to image-generating AI models.
The Biggest Questions: What is death?
New neuroscience is challenging our understanding of the dying process—bringing opportunities for the living.
Rogue superintelligence and merging with machines: Inside the mind of OpenAI’s chief scientist
An exclusive conversation with Ilya Sutskever on his fears for the future of AI and why they’ve made him change the focus of his life’s work.
How to fix the internet
If we want online discourse to improve, we need to move beyond the big platforms.
Get the latest updates from
MIT Technology Review
Discover special offers, top stories, upcoming events, and more.