Coming Soon to a Refrigerator Near You

by wjw on January 8, 2014

Bruce Schneier points out that the Internet of Things may well turn out to be the Botnet of Things.  Hackers have started to target routers and modems, which are, it turns out, easier to hack than home computers.  Routers use cheap, generic chips, and the manufacturers who make the actual router tend to use off-the-shelf software, maybe with a few proprietary tweaks.

The problem with this process is that no one entity has any incentive, expertise, or even ability to patch the software once it’s shipped. The chip manufacturer is busy shipping the next version of the chip, and the ODM is busy upgrading its product to work with this next chip. Maintaining the older chips and products just isn’t a priority.

And the software is old, even when the device is new. For example, one survey of common home routers found that the software components were four to five years older than the device. The minimum age of the Linux operating system was four years. The minimum age of the Samba file system software: six years. They may have had all the security patches applied, but most likely not. No one has that job . . . 

Even when a patch is possible, it’s rarely applied. Users usually have to manually download and install relevant patches. But since users never get alerted about security updates, and don’t have the expertise to manually administer these devices, it doesn’t happen. Sometimes the ISPs have the ability to remotely patch routers and modems, but this is also rare.

The result is hundreds of millions of devices that have been sitting on the Internet, unpatched and insecure, for the last five to ten years.

So as our refrigerators, cars, thermostats, home security systems, stoves, pets, televisions, game consoles, and entertainment systems are connected to the Internet, they (and we) become less secure.

My novel Deep State featured a variation on this threat.  Let’s hope it stays fiction.

{ 11 comments… read them below or add one }

TCWriter January 8, 2014 at 5:44 pm

Never mind the fact that machines have no judgement (how about a determined “smart” liquor cabinet that keeps ordering booze after the alcoholic owner has bottomed out and wants nothing to do with the stuff). If it’s smart, it can be hacked.

As you noted (and predicted in Deep State), routers represent a ginormous weak point. How could a pissed off hacker group (or a hacker state) not turn their opponents’ connection points into a network of zombies?

I’m keeping signal flags in storage just in case.

John Appel January 9, 2014 at 4:53 am

Back when I was a young cavalry scout in training, in a time when large-haired mall bunnies roamed the Earth, I was taught “What can be seen can be hit. What can be hit can be killed.”

Today I tell people “What is connected can be accessed. What can be accessed can be compromised.”

On the plus side, this means I should have no problem remaining gainfully employed as long as I can remain reasonably current technically.

DensityDuck January 9, 2014 at 6:54 am

But even so, it’s important that packets not include geolocation or personally-identifying information because something something privacy.

TRX January 11, 2014 at 12:59 pm

Of course, your router may be pwnzored by the manufacturer… remember Belkin, which was serving up random pages of paid ads, or Linksys, who were directing 404 returns to their own customers? That’s just the ones I remember offhand. That got caught and publicized…

Arno January 15, 2014 at 7:03 am

Dear wjw, in your fine novel Deep State you describe something I have been dreaming about for years: a MS-DOS based operating system to avoid the
vulnerability of WINDOWS. Is this just a gorgeous vision of future — or is there some hope it can be realized soon? I have a friend who is a professional programmer and system designer, and he tells me that all existing MS-DOS emulators are humbug: they simply don’t work. Tell me please your opinion!

Your’s Arno

wjw January 18, 2014 at 7:01 am

I confess I know nothing about MS-DOS emulators. In the novel I had people load actual MS-DOS. Maybe I should have used OS/2 instead, but I never used it myself.

Fortunately I’ve got some old machines in the garage that I could use if the High Zap ever gets deployed. If I can remember how to use them.

TRX January 18, 2014 at 4:19 pm

[ssssh!] Don’t let my computer hear you.

I’ve been running some of my old DOS software under various versions of Linux and Dosemu since 1995 or so…

Like Stuart Brand said back in the dawn age of personal computing, users get imprinted on the first software they learn. I’ve been using an editor called PC-Write since 1986, across DOS, OS/2, Windows (well I got paid to do it…) and Linux. Besides various other DOS software, I use Wine to run a late-1990s version of Paint Shop Pro, which I find much easier to use than Photoshop or Gimp for my simplistic needs.

wjw January 19, 2014 at 7:00 am

I used PC-Write myself for many a year, though I gave it up when I eventually moved to Windows. Quite a good program for its day.

Now I’ve moved to the Apple side of the Force, I haven’t really found a word processor that I really like. I just make do with what’s available, contenting myself with the reflection that whatever program I’m using is so much better than my IBM Model D typewriter.

Arno Ahonius January 22, 2014 at 5:48 am

I would like to suggest to everybody that GOOGLE DRIVE TEXT-EDITOR is well worth to adopt. Its best characteristic is that it monitors constantly your writing, and saves AUTOMATICALLY AND PERMANENTLY every
thing you add to your text.

Arno Ahonius January 26, 2014 at 12:06 pm

wjw wrote:
“Fortunately I’ve got some old machines in the garage that I could use if the High Zap ever gets deployed. If I can remember how to use them.”

Do not trust too much in years old machines, specially ones living in garages. I had a very good machine with two hard discs; the second one broke down first, number one worked about three years longer. After its crashing I considered having the thing repaired, but fortunately the old tube display kindly stopped working before I had spend more money in
the system already hopelessly old fashioned.

Arno Ahonius January 26, 2014 at 1:57 pm

PS “I could use if the High Zap ever gets deployed.” . . . What are you thinking of using as electricity?

Leave a Comment

Previous post:

Next post:

Contact Us | Terms of User | Trademarks | Privacy Statement

Copyright © 2010 WJW. All Rights Reserved.