Once upon a time your home was your safe place. The locale you could count on to allow you to decompress, relax, maybe sucka brewski and catch up on Game of Thrones. It’s the place where you, and your family, can sit, talk, and compare notes on the day gone by. Homes are, by hopeful definition, happy places. I truly hope yours is. But, as time has gone on, people have added more and more gadgets in their homes. To make life easier, more fun, more secure, or some combination thereof. You can talk to your gadget and it will do your bidding. You can monitor your gadget at your office or on the road to see who is knocking on your door in your absence. You can program music, set times on your lights, and all sorts of nifty things that make you feel as though you’re in charge. I’m sorry to inform you you couldn’t be more wrong if you tried.
Your devices, cool though they may be, are basically designed to let in thieves who want to steal your stuff.
No, I’m not kidding.
I’ll give you an example. Garage door openers. They’re cool, aren’t they? Especially when the weather’s shitty. Just push the little button, up goes the door, and you’re inside safe and dry. In the old days that was all that needed to be considered. Now garage door openers are connected to your home security system, have their own app so you can open, or close, the door from any location, and can provide data on the energy usage in the garage so you can adjust temperatures and so on accordingly.
All great features. But each uses wi-fi to communicate. And, unless you have set up a distinct network for each, which no one seems to do because it’s a hassle and requires unique passwords for each device, you’re home is open to anyone with a laptop and some basic software.
All of this has a name. It’s called the Internet of Things or IoT for short.If you click that link you will find an excellent article by Margaret Rouse explaining how to do the stuff you firmly believe you’ll never have to do. I was going to quote it but I’ve learned that fear is a better motivator than calm advice so, instead, I’m going to tell you how a glorified goldfish bowl brought down a heavily guarded casino.
Yes, this is true. And, yes, it can happen to you.
Oscar Williams-Grut, over at Business Insider, has the whole story.
Nicole Eagan, the CEO of Darktrace, told the WSJ CEO Council Conference in London on Thursday: “There’s a lot of internet-of-things devices, everything from thermostats, refrigeration systems, HVAC systems, to people who bring in their Alexa devices into the offices. There’s just a lot of IoT. It expands the attack surface, and most of this isn’t covered by traditional defenses.”
Eagan gave one memorable anecdote about a case Darktrace worked on in which a casino was hacked via a thermometer in an aquarium in the lobby.
“The attackers used that to get a foothold in the network,” she said. “They then found the high-roller database and then pulled that back across the network, out the thermostat, and up to the cloud.”
Robert Hannigan, who ran the British government’s digital-spying agency, Government Communications Headquarters, from 2014 to 2017, appeared alongside Eagan on the panel and agreed that hackers’ targeting of internet-of-things devices was a growing problem for companies.
“With the internet of things producing thousands of new devices shoved onto the internet over the next few years, that’s going to be an increasing problem,” Hannigan said. “I saw a bank that had been hacked through its CCTV cameras, because these devices are bought purely on cost.”
He called for regulation to mandate safety standards.
“It’s probably one area where there’ll likely need to be regulation for minimum security standards, because the market isn’t going to correct itself,” he said. “The problem is these devices still work — the fish tank or the CCTV camera still work.”
See? That’s the thing. If your stuff works you don’t think about it. The garage door opens, the fish are still alive, your central air unit adjusts your personal climate regularly and correctly, and so on. When you ask Alexa to play three hours of polka classics it doesn’t let you down.
But, and this is important, hackers no longer need to render a device useless to steal your stuff. in fact, the longer it stays active the more they can steal.
“But what can they get from me? My garage door doesn’t know any of my personal info.”
I hear that a lot.
And, you’re correct insofar as it goes. But I bet dollars to donuts you also have an app from your bank on your phone. And, if you’re like many people these days, you also have all your contacts, your schedule, and even more personal information.
If they get into your garage door app they have access to all of that. They will have bypassed your incredible password (usually either password or 123456) and have complete access to everything you carry with you. Given a little more time they’ll also have access to everything on your home computers, which hold the main programs, every time you fire up your computer to check the latest updates on Daenerys Targaryen.
You could easily wake up one morning and find your bank account drained, your friends getting wonderful updates from you telling them about the joys of Viagra, and your family signed up for a variety of expensive things you neither want nor need.
The latter will be items or tickets they will try to get refunded to a clean credit card. It’s easier to do than you might think.
Now you’re broke, turgid, and heartbroken.
And here’s the really shitty part. Unless you have state-of-the-art insurance there’s almost nothing you can do about it. You can stop the bleeding, of course, but getting anything back is nigh on impossible. By the time you discover it your money, and all your info, is in a different country.
And that’s the least of it. They now have your identity, financial history, and personal references. There will be a new you living it up in Moscow by nightfall.
As of this writing over 60% of businesses have no IoT protection. Worse, once in your system they can use it as a starting point to infiltrate your neighbors and anyone else they can cadge a signal from. One such attack shut down electric grids in Europe and America to the tune of $110 MIL.
All that from your garage door opener.