category

Help, my car has been attacked by ransomware


The smart key lock on the front door wants money too. The thermostat is stuck at 90, cranking out heat. Burglars learn to hack into surveillance video cameras to determine when occupants aren’t home, then rob the houses.

Gosh, isn’t the Internet of Things wonderful? I’ll rephrase that. Yes the IoT will be wonderful and useful once it has iron security baked into it. Right now, it’s not even close. There are no standards for IoT security. Many IoT devices now cannot be patched or updated when vulnerabilities are found. Some, insanely, have default passwords that cannot be changed. Plz hack me, they scream.

If your computer has a modern OS and is patched on a regular basis, you are well protected from ransomware attacks. This is not at all true for IoT devices, which of course are connected to a home network. Malware on IoT devices can travel throughout the network.

Security has to be baked into the entire system. One reason Win 10 is so secure is because it was designed with security as a primary concern. Your handy-dandy internet-enabled thermostat probably has little or no security.

But it is a system that’s going to fail in the “Internet of things”: everyday devices like smart speakers, household appliances, toys, lighting systems, even cars, that are connected to the web. Many of the embedded networked systems in these devices that will pervade our lives don’t have engineering teams on hand to write patches and may well last far longer than the companies that are supposed to keep the software safe from criminals. Some of them don’t even have the ability to be patched.

Fast forward five to 10 years, and the world is going to be filled with literally tens of billions of devices that hackers can attack. We’re going to see ransomware against our cars. Our digital video recorders and web cameras will be taken over by botnets. The data that these devices collect about us will be stolen and used to commit fraud. And we’re not going to be able to secure these devices.

Like every other instance of product safety, this problem will never be solved without considerable government involvement.

No amount of regulation can force companies to maintain old products, and it certainly can’t prevent companies from going out of business. The future will contain billions of orphaned devices connected to the web that simply have no engineers able to patch them.

Comments are closed.