The Icebox Cometh
Will the Internet of Things turn homes into a House of Cards? Our homes are being invaded...but not with critters that you'd call an exterminator for. Last summer I wrote Hackable Homes about the potential risks of smart homes, smart cars and vulnerabilities of just about any-'thing' connected to the internet. (I know, everyone loves a bragger) Many of the many2014 predictions included the internet of things as a breakthrough technology? (trend?) for the coming year. Just a couple weeks ago, famed security expert Bruce Schneier wrote about how the IoT (yes, it already has it's own 3 letter acronym) is wildly insecure and often unpatchable in this Wired article. And Google just bought Nest Labs, a home automation company that builds sensor-driven, WiFi enabled thermostats and smoke detectors. So when will the first refrigerator botnet launch? It already has. Last week, Internet security firm Proofpoint said the bad guys have already hijacked up to 100,000 devices in the Internet of Things and used them to launch malware attacks. The first cyber attack using the Internet of Things, particularly home appliance botnets. This attack included everything from routers to smart televisions to at least one refrigerator. Yes, The Icebox! As criminals have now uncovered, the IoT might be a whole lot easier to infiltrate than typical PCs, laptops or tablets. During the attack, there were a series of malicious emails sent in 100,000 lots about 3 times a day from December 23 through January 6. they found that over 25% of the volume was sent by things that were not conventional laptops, desktops or mobile devices. Instead, the emails were sent by everyday consumer gadgets such as compromised home-networking routers, connected multi-media centers, televisions and that one refrigerator. These devices were openly available primarily due to the fact that they still had default passwords in place. If people don't update their home router passwords or even update the software, how are they going to do it for the 50+ (give or take) appliances they have in their home? Heck, some people have difficulty setting the auto-brew start time for the coffee pot, can you imagine the conversations in the future? 'What's the toaster's password? I need to change the bagel setting!' Or 'Oh no! Overnight a hacker replaced my fine Kona blend with some decaf tea!' Come on. Play along! I know you got one you just want to blurt out! I understand this is where our society/technology/lives are going and I really like the ability to see home security cameras over the internet but part of me feels, is it really necessary to have my fridge, toaster, blender and toilet connected to the internet? Maybe the fridge alerts you when something buried in back is molding. I partially get the thermostats and smart energy things but I can currently program my thermostat for temperature adjustments without an internet connection. I push a few buttons and done. Plus I don't have to worry about someone firing up my furnace in the middle of July. We have multiple locks on our doors, alarm systems for our dwellings, security cameras for our perimeter, dogs under the roof and weapons ready yet none of that will matter if the digital locks for our 'things' are made of dumpling dough. Speaking of dumplings, the smart-steamer just texted me with a link to see the live feed of the dim sum cooking - from inside the pot! My mind just texted my tummy to get ready. ps Related: Proofpoint Uncovers Internet of Things (IoT) Cyberattack The Internet of Things Is Wildly Insecure — And Often Unpatchable For The First Time, Hackers Have Used A Refrigerator To Attack Businesses The Internet Of Things Has Been Hacked, And It's Turning Nasty Smart refrigerators and TVs hacked to send out spam, according to a new report Here's What It Looks Like When A 'Smart Toilet' Gets Hacked Bricks (Thru the Window) and Mortar (Rounds) Technorati Tags: IoT,internet of things,botnet,malware,household,silva,attacks Connect with Peter: Connect with F5:OK 2014, Now What
So I've been staring at this blinking cursor for the last 5 minutes wondering what story to tell. 'Once upon a time, there was a....' No that won't work. 'It was a dark and dreary night as our protagonist grudgingly dragged his feet toward the impending...' No, not that either. How about, 'The waves were big, mean and fast that day...the kind of day where Eddie would go.' Nah, too local boy. After a few weeks break and with so much going on within information technology, I sometimes find it difficult to zero in on something interesting with so many choices. So I decided to do a mini blog buffet....the best in town, I say! The big news this week seems to be the Consumer Electronics Show (CES). From connected and driverless cars to interactive kitchens to wearable technology to the massive ultra HD televisions to even toothbrushes, the internet of things is certainly posed to take over the world in 2014. There are, of course, risks with all these embedded systems. There was the Target breach right at the height of the holiday shopping season nailing 40 some million (now 70 million) credit and debit cards in the process. I had a browser tab The 10 Worst Data Breaches of 2013 saved since before the new year for an article but this most recent debacle will certainly make all of 2014's lists. I was in Target a couple days ago retuning something and the person in front of me was asked, 'Do you want cash or credited back on the card?' He dryly answered, 'Well, I got a letter from my bank this week saying they are replacing my card due to your breach, so I'll just take the cash.' Mine was an even exchange. There was the FireEye - Mandiant deal struck slightly before the ball dropped and announced after the 12th ding. Interesting blend of attack detection along with attack response. The timing seemed perfect in the wake of the Target news. There was the Snapchat breach, the Yahoo malware, the WoW attack and certainly all the 'national security' news. And finally, our very own John McAdam earned Puget Sound Business Journal Executive of the Year for 2013. I first met John when I joined F5 in 2004. We had less than 1000 employees at the time and our sales conference that year was at a local Seattle hotel. During one of the breaks, Ken Salchow took me over to introduce me to McAdam, who was sitting in a chair fiddling with his blackberry. Now you'd think that the first time meeting your CEO you'd be all proper, business-like...Sir. Not me. As Ken did the formalities, the first words out of my mouth were, 'What's your high score on brick breaker?' John's face lit up with a smile, a determination in his eye and without missing a beat, shoved his phone in my face and taunted, 'Can you beat that?' It was wonderful and crushing at the same time since his score trounced mine. This was well before internet on planes and playing brick breaker was a way to pass time in the air. For the next several months as we did our individual business travel, we would send each other our high score(s) wrapped in a bit of bragging. There was actually a few of us on the thread, all hoping to blast the others. Then one day, one of the competitors (who had been on an overseas flight if I remember correctly) sent a score that blew everyone away. That was it, game over. But I'll never forget how the CEO included a relatively new guy into a fun little group of folks trying to one up each other. I've been here ever since. Welcome to the Year of the Horse! ps Related: Top 10 products revealed at CES 2014 so far Customers paying the price after Target breach The 10 Worst Data Breaches of 2013 The Internet of Things and DNS Looking to 2014 Executive of Year: F5 Networks CEO John McAdam strikes the perfect balance Technorati Tags: 2014,breach,security,target,mcadam,f5,malware,ces,IoT,silva,attacks Connect with Peter: Connect with F5:
