When Appliances Attack…and Sometimes Kill

Nothing is more disconcerting than coming home to find your refrigerator attacking your smart TV over who should be first to use the router to send spam. Yes, refrigerators often contain spam, but not of the digital variety. The refrigerator in question was part of a botnet that was discovered early this year. It and it’s ne’er do well sidekicks, smart TVs and routers, had formed an alliance that sent over 750,000 malicious spam emails. As the old saying goes, if you can’t trust your refrigerator, who can you trust?

Smart TVs are another story. I’ve always been vaguely suspicious of any appliance that was more intelligent than I was. True, I can barely outwit my toaster, but that’s another matter. Before refrigerators started acting up, Smart TVs had already been busted. Hackers showed how the cameras in Samsung Smart TVs could be turned on and off and how other connections made through the TV, such as to Facebook, could be exploited. This leads to the ultimate question: While you’re watching TV, is your TV watching you?  For all I know, I’m the star of a reality program somewhere in Uzbekistan.

Over 10 years ago, when I got my state-of-the-art furnace, the person who installed it asked me if I wanted to connect it to the internet. I balked. I didn’t trust my furnace being online, despite the convenience it may have offered me. Although its interface is somewhat simple, the manual that came with it required several college courses to decipher. Now, I’m glad I didn’t put it online. As there is no API (Appliance Program Interface) with most of these devices, they are basically web apps that can and have been hacked. Nest is a company that produces some of the most popular thermostats, fire detectors, and motion detectors. These devices have been hacked and could be used to do a number of devious things. Why is it, then, that Google just purchased Nest for over 3 billion dollars? Some may say it would be a good way for them to see when people are home and build a schedule of their activities, thus, making it easier for Google to target them for various forms of advertising. (I didn’t say this, Google, it was some other guys, believe me.)

In the olden days, when remote controls were used to open garage doors, thieves would drive through a neighborhood pointing a popular remote at the garages they passed. If one suddenly opened, they knew that the owners hadn’t changed the code and it was easy pickings. It’s the same way with smart appliances. Most hacks are done by relying on the codes/usernames/passwords being the default ones. Most people don’t think about updating the passwords on their refrigerators. No, the hackers aren’t interested in making themselves a spam sandwich; they are more interested in using this as an access point to get into the more tasty stuff on your computer or smart phone. Dishwashers, clothes dryers and coffee makers are all possible access points. More and more appliances are coming online everyday. In short, they’ve got you surrounded.

Then there’s the paranormal stuff. Heather Schreck woke up at midnight and thought she heard a man’s voice coming from her baby’s room. The baby monitor was connected to her smart phone so she picked it up and looked at it. She could see the camera was looking around the room, but she wasn’t moving it. Suddenly, she heard a man’s voice screaming at her 10-month-old daughter, “Wake up, baby, Wake up, baby,” followed by other shouts to wake her up. Heather’s husband went to the room and saw the camera turn to look at him. As he approached, the voice began yelling obscenities at him until he unplugged the camera. Yes, the baby monitor had been hacked.

And it gets even worse, if that’s possible. In 2012, White Hat hacker Barnaby Jack showed how he could kill a diabetic person from 300 feet away by ordering an insulin pump to deliver fatal doses of insulin. Later, he proved that he could do the same by manipulating a pacemaker. In fact, hospitals and healthcare facilities are shockingly easy to hack. Here is what one researcher, Scott Erven, found when he checked out the security in one large Midwest healthcare chain.

“In a study spanning two years, Erven and his team found drug infusion pumps–for delivering morphine drips, chemotherapy and antibiotics–that can be remotely manipulated to change the dosage doled out to patients; Bluetooth-enabled defibrillators that can be manipulated to deliver random shocks to a patient’s heart or prevent a medically needed shock from occurring; X-rays that can be accessed by outsiders lurking on a hospital’s network; temperature settings on refrigerators storing blood and drugs that can be reset, causing spoilage; and digital medical records that can be altered to cause physicians to misdiagnose, prescribe the wrong drugs or administer unwarranted care.”

 When these appliances attack, they mean business.

Expect the situation to get worse before it gets better. The International Data Corporation estimates that by 2020, the the internet of things will be comprised of over 200 billion devices connected to the internet, which is roughly equal to 30 devices for every person on earth. That’s quite a lot of potential access points for hackers. Then there are the more apocalyptic device hacks. Professional hacker, Cesar Cerrudo, has already demonstrated the ability to control traffic signals in New York and Seattle; a good way to cause accidents, panic, and general chaos. Power grids and transportation systems have so far escaped the hackers’ wrath, but that could change at a moment’s notice.

So take a look around you. Is that printer quietly plotting your demise? It that coffee machine sending your personal information to a refrigerator in Omaha? Perhaps, they have already emptied your bank account and are planning a trip to the Bahamas. As is common in most security matters, the weakest link, when it comes to smart appliances, is the human one. It is also the hardest link to fix and in many cases simply needs to be worked around. As organizational consultant Warren G. Bennis observed, “The factory of the future will have only two employees, a man and a dog. The man will be there to feed the dog. The dog will be there to keep the man from touching the equipment.”

 

 

About Steve Mierzejewski

Marketing consultant for InZero Systems, developer of the next generation in hardware-separated security, WorkPlay Technology. I've worked in Poland, Japan, Korea, China, and Afghanistan. I'm a writer, technical editor, and an educator. I also do some work as a test developer for Michigan State University.
This entry was posted in Uncategorized and tagged , , , , . Bookmark the permalink.

One Response to When Appliances Attack…and Sometimes Kill

  1. Pingback: Are You Being Spied On? | Secure Your Workplace Network

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s