We're Surrounded by Billions of Internet-connected Devices. Can We Trust Them?
BY ADAM PIORE ON 10/24/19 AT 12:24 PM EDT - NEWSWEEK MAGAZINE
In 2009, just as consumers had begun to buy wifi-enabled thermostats and front-door cams and other early devices that now make up the "Internet of Things," computer scientist Ang Cui had gotten the idea to scan the Web for "trivially vulnerable" embedded devices.
By trivial, he meant those devices that still carried the usernames and passcodes programmed into them at the factory—obvious usernames like "name" and passcodes like "1234." Many of these codes were published in manuals available freely on the internet and easily scanned automatically with computer programs, so there was no need even to guess.
When he did his scan, Cui found more than one million vulnerable, publicly accessible devices in 144 countries. From this sample, he estimated that about 13 percent of all devices connected to the internet were essentially unlocked doors, waiting for a hacker to walk through. Even more alarming, four months later 96 percent of those devices had the same security holes.
Cui's warning was no less terrifying for its deadpan delivery: "Widely deployed and often misconfigured, embedded network devices constitute highly attractive targets for exploitation."
In the decade since, the number of vulnerable devices connected to the internet has increased sevenfold. The explosion comes from growing demand, fueled by hype, for smart devices. Manufacturers are now tripping over themselves to embed just about every ordinary object, it seems, with tiny computers that happily communicate wirelessly with the world around them. In this "smart" revolution, virtually any device with an on/off switch or up/down button can be controlled remotely with a cellphone or voice sensor. Do you want to turn up the heat, dim the lights and run the dryer without getting up off the sofa—simply by uttering your desire to an Amazon Echo? Do you want your toaster to send a message to the television when the bagel has popped? Do you want your oven to inform you that the casserole has cooked for the prescribed 20 minutes at 350 degrees and is now cooling in the kitchen at 200? The Internet of Things can make all such things happen. read full article