At this week's RSA Conference in San Francisco, the world's leading cyber minds aren't just focusing on international super-hackers and possible future attacks on the electric grid. Do you know what else they're worrying about?
With the explosion of "Internet of Things" products, devices, appliances and machinery (Gartner predicts 4.9 million "connected things" this year), everything from Amazon's cute little "Dash" buttons to "smart" toilets, self-diagnosing refrigerators and self-driving cars, there is growing concern that this rush of technological sophistication and convenience could also have dire consequences for personal security.
After all, security often appears to be the last thing manufacturers think about when rushing these tricked-out products to market. In many cases, they lack safeguards to prevent even basic attacks. Take for instance, the baby monitor hacks in Washington, Texas and Minnesota, or the keyless door lock break-ins at Arizona hotels, the key fob car hacks across the U.S. and a variety of other threats demonstrated at hacker conferences, from Barnaby Jack's insulin pump attack to Charlie Miller's hijack of a car's steering and breaking systems.
Of course, many of the most talked about (i.e., hyped) threats are the least likely to affect the average person, but they do raise some serious questions. In the race to win over our living rooms, are businesses leaving the front door open?
Here are six threats people will have to contend with as the home becomes more connected:
- Account Hijacking - Forget about pacemaker cyber attacks and remotely hijacked smart toilets. The most likely scenario for consumers, as their homes become inundated with Internet of Things appliances, is the account takeover. After all, for many of these fancy new Internet-connected devices, you'll likely have to register for support or software updates. That means having a special GE or Bosch or whatever account. Account hijacks will primarily occur in two ways: data breaches at the corporate level that compromise a person's account details (name, login/password, credit card, etc.) and targeted attacks on the person's private email.
- Worse Phishing Attacks - All of these accounts will also make you more susceptible to phishing emails, which will use fake customer support or warranty expiration notices to trick you into downloading malware. The primary goals will likely be the same as they are today: steal banking credentials, identity information or install remote backdoors on your home network.
- Malware in the Home - For every new device that is connected to the web, expect a virus, worm or Trojan to target it. There are a number of reasons why criminals will want to infect your appliances with malware, but the main ones are: to rope your appliances into a "botnet" that can be sold or rented on the black market or steal information stored by the device, if such exists -- such as account details or credit card numbers. Additionally, if your appliances are infected by a botnet, it could lead to Internet service providers blacklisting your home's IP address, which means you could have trouble sending emails or using certain online services. If all of this sounds far-fetched, consider this: last year researchers discovered what is believed to be the first refrigerator botnet; and a top security firm recently released antivirus for the entire home.
- Appliance and Device Malfunctioning - There's also a strong chance that at some point malware that infects your home will cause an appliance to malfunction. This may or may not be the goal of the malware, but either way it could happen. For example, when appliances are infected by botnets, they could slow down the normal performance of the appliance's operating system. Will a coffee maker suddenly explode because of a virus? Probably not, but is it possible that a malicious hacker could cause a refrigerator to stop cooling to spoil food or raise the temperature on a thermostat or water heater? Each of these attacks would be complicated to perform and there's no real motive except harassment, but they could be possible.
- Harassment - Speaking of harassment, that is another risk that consumers will have to face. This is most likely to be done by teenagers, neighbors and amateurs, so the attacks will be limited and rely heavily upon free hacking tools available on the web. Therefore, don't worry about the neighborhood teen hijacking your car, but eavesdropping on webcams and microphones embedded in networked devices could be a risk.
- Cyber Extortion and Cyber Ransom - Cybercriminals are increasingly using cyber extortion and ransomware to make money off of consumers and small businesses, and this is likely to continue as we move further into the Internet of Things. Today, cyber extortion is typically done through denial-of-service attacks or stolen data, and "ransomware" is a type of computer malware that locks up important files until the victim pays a ransom, typically between $200-500. It won't be as easy to perform these attacks on other devices, unless they have access to email -- such as a smart TV for instance. Therefore, these attacks may be limited, but expect them to happen.