Click to learn more about author Mathias Golombek.
The Internet of Things (IoT) is booming. First featured in the infamous Gartner Hype cycle in 2011, the trend has inspired eight years of ever-more use cases for connecting our physical and digital worlds. Factories are connecting their workers, robotics, and products. Cities are connecting their citizens, transport, and infrastructure. Athletes are connecting their bodies, phones, and performance stats. And the race to be the leader in the IoT space has got Cisco, IBM, and Intel watching their backs for wide-eyed innovators coming up the rear.
The potential for IoT is staggering. How effective health care would be if doctors could track patients remotely, catch red flags earlier, and attend to more people. Imagine the effects on hunger, if we could better track the life of food, and the way we transport it around the world. Consider the reduction of stress, if you controlled your household at the click of a button, and worried less about being cost-, energy-, and time-efficient.
But in our push to connect the planet, and be the fastest, the cheapest, and the most fashionable, corners have been cut and shorter routes favored.
Do you remember the Dyn cyberattack in October 2016? If not, maybe you’ll remember the day when Twitter, Netflix, Amazon, BBC, GitHub, CNN, PayPal, Reddit, Starbucks, and Spotify, to name but a few, simultaneously and repeatedly crashed. It was the largest DDoS, or Distributed Denial of Service, attack in history, disrupting the internet the world over. For many people, the attack truly showcased how fragile our online world can be.
What was most worrying about this attack, in particular, was the realization that without the IoT boom, the attack wouldn’t have happened.
IoT devices such as connected baby monitors, smart TVs, and internet-enabled CCTV cameras were connected digitally to create a cyber weapon called the Mirai botnet. The way the hackers infiltrated these technologies was very simple. Mirai scanned the internet for IoT devices that were protected by factory default passwords – not the passwords unique to your device, printed on the side or found in the instruction manual. They were the passwords associated with the small pieces of hardware making up the product on the inside, passwords that tend to be exactly the same across thousands of components, all shipped off to end up in devices all over the world.
Essentially, because the manufacturers didn’t make the effort to alternate the passwords across their product, hackers had an open door to millions of IoT devices.
And Mirai is still at large. The code for the cyber weapon is online and easy to access. The IoT component passwords are simple to find on the dark net, meaning attacks like the Dyn attack are only going to continue, and grow in complexity.
It’s not the end of the internet, however – with advances in weapons, there are advances in defense. But what this particular case proves is what happens when we put speed to market, fashion, and profit above all else. IoT isn’t the only Gartner trend to spark pressure on companies to their eventual detriment: Remember Google Glass?
The difference with IoT, though, is that this is more than just a tech trend. Connecting the world by harnessing the shedloads of critical data is a mammoth but world-changing task. The planet will be in a better place as a result of positive advances in IoT – from the health and welfare sectors to the energy and manufacturing industries.
An estimated $5 trillion is going to be spent on IoT before 2021, by companies and organizations looking to fulfill potential and increase bottom lines. This is great news for futuristic ways of living, but unless each dollar is paired with another dedicated to security, the advances will be all for naught. The new U.S. Senate proposal, holding vendors to account, is a step in the right direction.
We must now all accept that IoT has an Achilles heel, and hackers have pretty good marksmanship.
If tech is going to change the world, we need to be aware that the culture of MVPs and startup agility has its limits. Security in tech should be one of the first considerations, not a post-investment afterthought. Everyone who is building must also accept the responsibility of the potential of their creation – both the good and the bad.
Making the world a better place doesn’t just mean augmenting it – protection is just as worthy a cause. We must champion those building sensibly and thoughtfully, as well as those who are fast and profitable.
IoT can change the world – so let’s ensure that change is overwhelmingly in our favor.