By Emma McClelland
We all read the headlines about the zombie refrigerator and its army of kitchen appliances, commandeered by criminals to spam us. News reports made the event sound like some kind of fridge-led Fantasia, highlighting our inability to secure and control the technology we create.
Supporters of the Internet of Things (IOT) criticised the media’s incomplete portrayal of smart technology, which apparently can do so much more than keep your milk cold! However, many readers were able to accept the dramatisation of the night of the living fridge because the questions it raised were so important; questions such as: what are the possible outcomes of connecting so many ‘things’ to the internet? Will it increase levels of cybercrime and terrorist risk? And do the people manufacturing these products have the security expertise to protect our privacy and personal information?
These questions are clearly weighing on people’s minds; results of Fortinet’s ‘IOT Connected Home Survey’ showed that, globally, 69 per cent of respondents were either extremely concerned or somewhat concerned about the risk that a connected appliance could lead to a data breach.
In layman’s terms, the Internet of Things refers to a new generation of smart objects that can transfer data over a network with very little human input. Universal Plug and Play (UP&P) technology describes the range of smart devices that can, in effect, communicate with one another, and that we’re able to manage remotely from mobile devices. One of the main places we’re seeing this is in the home. People can now control certain processes from their phone; adjusting their central heating whilst out of the house, for example.
The potential of the Internet of Things was best described by Dr John Barrett, in his TED talk; he describes the cloud as a “digital universe of information” which smart devices give us access to, whenever and wherever we want. When an object is given a unique identity, like websites with IP addresses, we can use a mobile device to connect to and communicate with that object using the cloud.
Barrett explains that by using micro-electromechanical systems technology (technology that combines computers with tiny mechanical devices, such as sensors embedded in semiconductor chips) we could, for example, turn a chair into a smart chair so it can tell us things about its environment. By using pressure sensors embedded within it, a chair could let you know whether there was anybody sitting in it, before you’re anywhere near it.
It’s a slightly frivolous example, but smart technology in our connected world has very real transformative potential. And very soon, there could be no limits to that potential.
Consider the growing e-health industry where smart technology helps people to monitor aspects of their wellbeing. You could have, for example, a web-linked cardiac monitor that allows those with heart problems to monitor its rhythms from their phone. Another use could be movement monitoring; if an elderly person fell in their home, an alert could be sent to the relevant medical professionals. However, there have been some serious teething problems with this new world of smart, helpful technology.
There have, for example, been multiple instances of baby monitor cameras being hacked. On one occasion, the cybercriminal responsible was able to see and shout at a ten month old baby. Even worse; in 2012, one of the researchers at internet security firm McAfee found a way to wirelessly attack insulin pumps as part of an ethical hack. Worryingly, if he had been acting maliciously, he would have been able to direct a pump to release its entire supply of insulin in one go.
Following the hack, Greg Brown, VP and CTO for Cloud and IOT at McAfee revealed that most smart devices aren’t being created by security companies. If manufacturers begin to involve security firms in the design of products, making sure that they are strong from the ground up, we should be reassured that they are likely to be robust enough to deliver peace of mind. But how do we know for sure that in the rush to get to market with new products, manufacturers aren’t compromising on security checks?
One of the most extreme visions of the connected future has already been brought to (virtual) life by gaming company Ubisoft, whose game Watchdogs hinges on the idea of a connected infrastructure. Its protagonist is a super-hacker with a criminal past and the ability to control and manipulate things from his smartphone. He can, for instance, hack the traffic lights to cause a pile up and trap his target. Thus, the city – connected and controlled by a central network of computers – becomes his weapon.
As a marketing ploy, the creators set up random members of the public in a phone repair shop, to discover exactly how they would react to these endless – but no doubt, potentially dangerous – opportunities, were they really to occur. The shop owner – played by an actor – made them believe that he had added a new app to their phone before demonstrating how it could be used to open cars, make an ATM spit out money and confuse the traffic lights, causing a crash. What’s interesting is the reaction of the unwitting participants after they realise it’s just a game. “It would be cool to live in a world like that,” exclaims one man.
Would it? Sure, the technology is exciting; it enables us to do and achieve what was previously impossible at the touch of a button. But does making it possible make it secure? And if we already struggle to keep our computers and smartphones safe from cybercriminals, are we really prepared to keep billions of other objects safe? With Gartner estimating that 26.5bn physical objects will be embedded with smart technology by 2020, it’s definitely worth considering the threats this phenomenon might pose. If Britain can adequately support its army of ethical hackers, hopefully there won’t be any need to start sleeping with one eye fixed on the kitchen fridge.