Buyer Beware: The Not-So-Smart Internet of Things

If there were ever a buzzword to capture the zeitgeist of the early teens of the 21st century, it would be the ubiquitous, now-hokey marketing qualifier: “smart.” Smartphones. Smart TVs. Smart cars. Smart crockpots! We are in the era of the so-called Internet of Things, a vast network of interconnected “smart” objects — from simple kitchen appliances that can inexplicably access the web, to lightbulbs to our very own computers, our stores of sensitive personal data. Though we bask in this metal-and-plastic boom of hyperconnectivity, we willfully ignore the cybersecurity risks inherent to augmenting our homes with things outfitted with, collectively, millions of lines of code. That translates to millions of unchecked opportunities for security breaches.

Black Friday kicked off the annual shopping blitz, when working middle-class Americans, stuffed with stuffing and pent up Christmas cash (or credit) trample over each other in ritualistic fervor to nab the latest gadgets: flat screens with native internet browsers, toasters with smartphone compatibility. The Consumer Technology Association forecasts that 170 million smart gadgets will be purchased and gifted this holiday season. That’s 170 million more perforations in the fragile network of cheaply-made commercial trappings.

Indeed, the smart home ecosystem occupies the Wild West of the digital era: There exists zero official regulations concerning the standard of security software that equips its constitutive parts. Beyond being potential points for breaches of personal information, cyber-modified appliances can be totally bricked, or made useless. Let’s say a million Americans purchase a fridge that tracks exactly what groceries need restocking, autonomously and without human intervention. If this fridge’s computer is connected to its motor, a million of the same fridges could potentially be bricked by ambitious black hat hackers, and consumer data could be made publicly available. It’s a low-stakes loss, but this hypothetical breach hints at a nefarious trend. Historically, cybersecurity risks have reached beyond the innocent trappings of domestic life to the hinterlands of life-threatening danger.

Just last summer, Wired reported that a couple of hackers hijacked a 2014 Chrysler Jeep Cherokee through its entertainment system while it barreled down a freeway at 70 mph. The attack targeted the vehicle’s steering, transmission and brakes systems, triggering the National Highway Traffic Safety Administration to pressure Fiat Chrysler to issue a recall of over 1.4 million vehicles, whose owners received a USB drive with a software patch to remedy the glaring security oversight. In the same article, Wired reporter Andy Greenberg describes a security vulnerability in Tesla’s Model S, which potentially allows hackers to remotely turn the $100,000 vehicle’s engine off.

More recently, this past October, a band of hackers commanded an army of interconnected webcams and security cameras (and at least one refrigerator) to execute a massive distributed denial-of-service (DDoS) cyberattack on Dyn, an internet domain name service provider whose clients include the likes of Twitter, Netflix and Reddit. A DDoS cyberattack unleashes a siege of falsified web traffic to overwhelm a given website’s servers, causing a temporary system-wide shutdown. Oracle recently acquired Dyn for an undisclosed amount, suggesting a widespread, headstrong increase in cloud-based, hyperconnected and integrated Internet of Things.

The Internet’s architects never imagined that their network would expand beyond a few thousand trusted occupants — most of whom were military personnel or high academicians, bound by contract to benign use. Contrary to their pragmatic vision, the contemporary Internet is a beast three billion users strong, according to a 2016 report from the International Telecommunications Union. And in recent years, the massive influx of low-security machines only adds to the increasing numbers of botnets — drone machines unwillingly enlisted by hackers to do their bidding, whether it be through DDoS attacks or life-threatening functional glitches.

According to a recent estimate from a think tank called the Center for Strategic and International Studies, cybercrime and cyber espionage stand to cost the industry about $445 billion dollars.

But some hope still hangs over the horizon. The Broadband Internet Technical Advisory Group, a coalition of corporate technologists from Google, AT&T, Mozilla and Cisco, among others, released a report laying out some foundational security standards for the budding Internet of Things. Among these recommendations are enforced software updates for any and all connected gadgets, from toasters to laptops, and the establishment of an industry cybersecurity committee that would approve devices according to their adherence to security guidelines.

If we’re going to keep consuming electronics, let’s be smart about it; at least, smarter than the shiny tech we buy and entrust to our networks. Tech literacy is the latest, budding path of conscious consumerism. Think twice before setting up that flat screen, before some wily nerd makes a malware zombie out of it.

Jared Alokozai is a fifth-year literary journalism major. He can be reached at jalokoza@uci.edu.