When I read this story on CNBC about a hacker attempting (and thankfully failing) to verbally abuse a toddler through a hacked baby monitor, it did make me think that this was one of the oddest things I’ve heard about someone hacking.
Of course, when it comes to the world of the bizarre, it doesn’t quite rise to the level of the toilet hacking that could: “remotely open and close the toilet lid as well as activate the bidet, ‘causing discomfort or distress to (the) user.’”
On the other hand, hacking a baby monitor seems a lot more creepy – and frankly rather disturbing.
But, is it the kind of thing we’ll need to get used to?
I love the concept of the “Internet of Things” or “Internet of Everything”, depending on whose coined phrase you go by. We’re standing on the brink of a massive change in the way we think about information technology. The days of going to an actual machine to somehow connect to the internet will sound positively antediluvian to our grandchildren; for them, there will never be a point when they aren’t connected to the internet.
Everything around them will be connected – always-on, sharing data continually and responding to their actions. From consumer appliances to vehicles and the medical devices that keep us alive, the things we touch will be online, communicating, and quite possibly therefore, open to attack. Having a refrigerator that talks to TVs and connects to the local grocery store is somewhat down the road, but if it can be connected and data is gathered from it, then chances are – it will be. This particular brave new world is one in which we better get the security planning right.
The depth to which an attacker can reach into our world and cause problems is still relatively shallow. They can steal credit card data, mess with credit scores, and shut down some favorite websites (for a time). However, the very disconnectedness of the way we live, sometimes online, sometimes not, means that it’s harder to really cause damage.
That’s changing.
Once the articles of clothing I wear are connected to the internet (seemingly starting with glasses, thanks to the likes of Google) then the attack surface of my life becomes enormous. Vast.
Terrifyingly so.
When there’s nothing left offline, the pressure to get security right becomes so much greater. As does the challenge of figuring out what all this stuff is, what it really *should* be doing, and who’s behind it all.
Ultimately, this devolves to a massive identity and authentication challenge. Understanding the “who” of every device on the planet and then deciding what that thing should be allowed to do will require some serious thinking and equally, some serious cooperation between industry bodies, including governments, and manufacturers. As of now, the concept of “identity” is a patchwork quilt of standards, vendor-specific tools and repositories, and emerging authorities such as those in the social media world. If we’re going to safely and usefully tie everything together in one vast Internet of Things, then we better figure out how to securely manage it all too. It’s a huge problem, and not one that, I suspect, any single manufacturer can solve.
To live comfortably in privacy and unafraid of the sound of the baby monitor, we must solve it.