Over the past 18 months, there has been a growing stream of internet connected devices launched upon a somewhat bemused and baffled public.
While some of these devices undoubtedly have a great deal of worth, many, unfortunately do not.
Sales and take-up in the smart revolution have been sluggish, so at some point, some clever marketer came up with the phrase ‘The Internet of things’ to lump all smart-enabled products together.
While the vision of a home, completely connected and controlled by a single app is a grand one straight out of a science fiction film, the reality is markedly different – more Marx Brothers than Star Trek.
Firstly, the vast majority of these products have simply had wi-fi connectivity tacked on as a marketing ploy rather than been built from the ground up to offer true connectivity – take the story last month of data specialist Mark Rittman who spent 11 hours trying to get his internet enabled kettle to boil.
While his story got massive coverage in the press and raised a few laughs, the steps that he had to go through to simply boil a kettle far exceeded the skills of your average consumer.
When you have to hack firmware to simply make a cup of tea, it’s perhaps time to look at where we are heading.
Even the technology that has been specifically built to be an internet enabled tool has had problems, Amazon’s recent launch of their smart home management tool Echo has struggled to connect to BT’s routers, making it a rather expensive paper-weight.
One can only imagine the tone of the telephone conference call between Amazon’s IT team once they realised that there product was not compatible with the largest ISP’s home router.
Who turned out the lights?
At the end of last month, some of the largest Internet services suffered huge outages.
Twitter, Netflix, Spotify, HBO, Amazon, CNN and the Guardian were just a few of the victims.
The outage was traced back to a massive DDoS (distributed denial of service) attack against Dyn Inc. the company responsible for most of the internet’s Domain Name System (DNS) infrastructure.
A DDoS attack is carried out by hackers using malware-infected computers to bombard a server with requests until it crashes – the hacking equivalent of throwing a ton of bricks through a window, fairly crude but effective!
What has become clear about this attack is that firstly, it was the largest DDoS in history due to the use of hacked, internet enabled products like fridges, webcams, TV’s and digital cameras of which there are millions across the globe connected to the internet but without any form of security. Secondly, the attack was most likely carried out by amateurs with little motive other than malice.
The ease with which unskilled adversaries took down much of the internet’s popular content has caused huge concern amongst IT experts.
As conference calls across IT departments tried desperately to make sense of the attacks, the impossibility of the situation has now become clearer.
Smart enabled devices are everywhere, yet none are sophisticated enough to include security – you can’t include a firewall on a smart kettle or fridge as it doesn’t have the memory capable of running it, however it is a useful tool in a hacker’s arsenal, especially as most of these devices are built to be constantly connected to the internet.
During a conference call between security giants Flashpoint and Dyn Inc. it was discovered that tens of millions of separate IP addresses were bombarding their system, showing the full scale of this attack.
What’s perhaps the most worrying aspect about this attack is that those infected devices are still out there, still connected to the internet and still very vulnerable.