No, your home won’t be hacked
The panic over web-connected household gadgets is overblown.
On Friday 21 October, an unprecedented cyber attack hit many important websites, including Twitter, eBay and the New York Times. Initially, user access to swathes of the web was disrupted on the East Coast of the US. But the trouble quickly spread across the US and then moved on to Europe. Soon, it became clear that, in plaguing web servers with unwanted traffic, hackers hadn’t only recruited conventional computer networks to spread their malicious software (malware), but were also using web-connected consumer goods. By the following weekend, panic had grown enough for The Times to report that ‘all connected devices’ – including home coffeemakers, baby monitors and security cameras – were now ‘potentially vulnerable’, and that this could make homes ‘at risk of surveillance, burglary and blackout’.
Fear of the internet is as old as the internet itself. From the moment it gained millions of users in the 1990s, the internet has sparked paranoia about lurid images, obsessive gaming and gambling, identity theft and many other online versions of dodgy human behaviour. Yet the idea that every home contains goods that can now be mobilised against its owners is a new one.
So what’s really the issue here? It’s true that, alongside a few ‘smart’ kettles and central-heating controllers, most new TVs are now connected to the internet. This is the result of a rather desperate attempt by manufacturers to make money by capturing data on consumer habits.
Meanwhile, hackers suggest that every consumer product is prone to attack, because they want manufacturers to hire more skilled, ‘white hat’ hackers to protect their products. At the same time, IT security companies, the IT press and the wider media inflate the dangers, hoping to sell more goods and services.
In this, they find a receptive audience among those who are apprehensive about technological advances. Indeed, the financial motives of manufacturers of internet-connected fridges, preening ethical hackers, IT security firms and the media pale into insignificance compared with the pervasive anxiety that has characterised capitalism for almost three decades.
What happened on 21 October wasn’t the disabling or evil redirection of consumer products. Hackers used both computer networks and consumer malware against a domain name system (DNS) provider called Dyn. Dyn is a relatively small company that turns human-readable web addresses into those that machines can use – internet protocol (IP) addresses. When it was overwhelmed with nasty code, the sites it served went down.
So, because malware was multiplied through consumer devices, experts rushed to tell us that the internet as we know it could collapse. But using these devices to spread malware is not the same as hijacking or disabling them. The word ‘hack’ covers a multitude of sins, meaning hysterical media reports can easily play on people’s fear and confusion. As The Times put it, security experts ‘expect the risks to increase in future as the technology proliferates, devices fall out of date and hackers become more skilled’.
Even the government’s repeatedly delayed £10.9 billion plan to roll out smart energy meters to 30million premises over the next four years hasn’t escaped the panic. The misplaced hope is that these meters will combat the dreaded threat of climate change. But, since 2012, the project has been met by fears that users could be made vulnerable to hackers, who could invade their privacy and cause power cuts.
We need a little perspective. As more household devices are connected to the internet they will no doubt receive IT security updates, as already happens with mobile phones. The spread of biometric security – for example, fingerprint or voice recognition – will also allow users to personalise access to products, making hacking harder.
For the moment, all that needs to happen is for consumer-product manufacturers to make better instructions, so that users know not to leave their devices on factory-issue ‘0000’ passwords. People don’t make that elementary error with PCs, and they are clever enough not to do it with TVs.
Is it tedious to go around your home entering passwords on toasters and the like? Yes. Is it the end of the internet as we know it? Hardly.
Picture by: Wikimedia Commons