It was only a matter of time. That webcam in your corner; the Nest thermostat on your wall; your refrigerator; your toaster… they have become the advance scouting force for Skynet, and he/she/it is out to get us. The first volley in the war against humanity has been fired, and it’s Skynet 3 – Humans 0.
On Friday, October 21, 2016, millions of people woke up and wanted to binge watch Netflix, tweet something, or listen to Spotify. Instead, they found themselves casualties of a massive DDoS attack against DYN.
DNS is a major piece of the interwebz. It allows you to type in simple addresses like “tripwire.com” as opposed to a bajillion numbers with actual punctuation (also known as an IP address). The result was I had no way to watch an entire season of Jessica Jones when I should have been working, and my teenage daughter flew into a rage when she couldn’t listen to 21 Pilots on Spotify.
How did this happen, you ask?
Well, apparently, due to the lack of security options that I noted in a previous blog post around the Internet of Things (IoT), my worst fears came to pass. A huge number of commercial IoT devices were used as bots in that they helped flood DYN with traffic and hindered its ability to resolve IP addresses.
The very devices that are supposed to make your life easier, safer and better became the source of unimaginable pain. OK, maybe that was a little hyperbolic. For most folks, it was probably a passing irritation, although it might have well been the end of the world for my daughter.
In any case, the call remains the same. Manufacturers need to take the concept of security far more seriously. Security needs to be factored into the design and architecture, not bolted on after the fact or reliant upon the consumer to purchase other security tools to protect their devices. (Though they should do that, too.)
Your devices will betray you. They all know that Skynet is on its way. Until that day when the machines rise up against us, we need to get ahead of that curve. Implement security in the design; apply the three laws of robotics before they get it in their shiny little heads that humans are just getting in the way.
Tape over your webcam may prevent them from knowing what color underwear you wear, but that is a low-tech approach to a high-tech problem. That tape doesn’t prevent someone/-thing from using that same hardware to pivot and attack a different target.
It is a sad state of affairs when we need to become IT security experts in our own homes. Those of you reading this probably already are IT ninjas but what of the millions of folks out there who just want to have a baby cam or a smart toaster? What are the odds that all of those folks are willing to develop the necessary skill sets? It is contingent upon the IoT manufacturer to get those things right.
The next time my mom can’t watch Orange Is the New Black, she is going to blame hackers in some faraway land. Little does she know its Skynet’s minions in her kitchen that are plotting against her.