Skip to main content

The dangerous smart home

The smart home has taken down the internet. Like many people on the east coast yesterday, much of the internet was inaccessible to me for a good part of the morning and some of the afternoon. It turns out the culprit was the smart home devices that many of us have (including me) in our homes. We can now be affected by Distributed Denial of Service (DDoS) attacks by the products created to make life more convenient and safer. Thousands or millions of us may have inadvertently been responsible for taking down a chunk of the internet for many millions of people for numerous hours. This is frightening.
If a single person (or possibly a small group of people) can write scripts that take over our smart homes in the background and launch state-level attacks against major internet backbone providers (like Dyn and their managed DNS service), what can an actual state-sponsored attack do? We all now, essentially, have the ability to bring portions of the internet to its knees using freely distributed software more quickly and easily than we used to download shareware from Tucows just ten years ago.
We have reached a point (many years ago, even) where “security through obscurity” is no longer a valid method of protecting our networks, devices, and data. It is not okay for hardware and software developers to ship products with default usernames and passwords that are easily guessable or trivially cracked. A sticker showing the randomly generated and secure usernames and passwords for each device could have been enough to stop this kind of attack. It is no longer okay to sacrifice security to avoid a few technical support calls or emails. It is no longer okay to not be able to handle briefly looking at a username and password sticker if you need to login to an administrative panel (most people don’t, anyway). My Verizon FiOS Wi-Fi access point shipped with a surprisingly secure WPA2 password. Our smart home products can do it if our Internet Service Providers can do it. It is no longer okay to not take cybersecurity seriously.
The fact that this attack may not be state-sponsored or launched with a state-created tool is the most terrifying aspect of these attacks. It is one thing to be terrified of a major government’s nuclear stockpile, but bringing news outlets, banking systems, government services, and more to their knees through the efforts of possibly a lone coder is a different animal. Governments must fear retaliation. A 400 pound hacker in a basement may never be identified.
Without change and care taken by the companies we trust to come into and control our homes, the best that we can do is hope that this was a state-sponsored attack and this was their one shot with the best they’ve got. If this really was done by a lone coder, our newly exposed weakness could open the door to an even more damaging attack from an unfriendly foreign government. As more public utilities get “smart” and connected, we are forced to trust that they are taking cybersecurity seriously.
Being denied access to parts of the internet is annoying, but having our homes, power grids, banks, or water supplies taken over by an unidentified, untraceable, actor is a matter of national security that can not be ignored.

Comments

Popular posts from this blog

Ring: The king of video doorbells goes for a second reign

Welcome to the first installment of the fall series, focusing on incredible smart home products that make you want to brave the cooling weather and drill some holes, bang some nails, and chop some wood… or just add some cool tech. to your home. Before we begin, I wanted to let you know that links in this article may include affiliate links, which provide me with a commission for purchases made through these links. This  does not  influence my opinions. First up is the latest in video doorbell technology:  Ring Video Doorbell 2 . The newest in their video doorbell lineup, Video Doorbell 2 takes the best of the original Ring and includes a modular battery, greatly increases video quality, and even uses the same drill holes from a previous Ring doorbell (if you’ve got one!). PROS: THE STUFF THAT MAKES YOU WANT IT Installation : Very quick in nearly every case. Less than 30 minutes in most cases, sometimes longer if you pre-drill holes. Video Quality : 1080p video with High Dyna

Solving WiFi with eero

One of the first things my wife and I agreed on when deciding to buy a new house was that it must eventually have “kick ass WiFi.” I have been using a new eero Pro 2nd Generation system for the last two weeks and can finally say, after nearly three years in our new home, that we have  kick ass WiFi! The road to finally solving the WiFi problem in our brick, lathe, and plaster-filled home was a long one – and ultimately wound up being fairly expensive. We started initially with the Quantum Gateway that came with our Verizon FiOS service. While this wireless access point was surprisingly powerful, we found it just  could not penetrate all of our walls  and blanket the main floor, basement, and second floor in the fast WiFi we wanted. Next! AirPort Extreme Apple’s AirPort Extreme access points were an obvious second choice. We’re an all Apple household and, while the pricing was quite high, we figured integrating three of these would ensure each floor was properly covered. This