{"id":706,"date":"2018-01-19T22:24:00","date_gmt":"2018-01-20T03:24:00","guid":{"rendered":"http:\/\/schlaff.com\/wp\/?p=706"},"modified":"2020-12-16T09:34:16","modified_gmt":"2020-12-16T14:34:16","slug":"click-here-to-kill-everyone-a-security-experts-view-on-the-internet-of-things","status":"publish","type":"post","link":"https:\/\/schlaff.com\/wp\/click-here-to-kill-everyone-a-security-experts-view-on-the-internet-of-things\/","title":{"rendered":"Click Here to Kill Everyone. A Security Expert’s View on the Internet of Things."},"content":{"rendered":"

There are a lot of articles about Artificial intelligence and what it will mean to the world. People are asking questions like Where is Technology Taking The Economy?<\/a>\u00a0and Where Machines Could Replace Humans?<\/a>. One thing that’s clear is that computers have become an integral part of our life.<\/p>\n

Computers used to be ancillary items that would help us get things done. For example,\u00a0 a GPS system was just a better map. If the GPS failed, we could always go back to a map to find our way home. Today, we can’t live without computers. Take driving for instance. We don’t drive our cars anymore. When we turn the steering wheel or press a gas pedal we are actually sending a signal to the computer that that drives the car.<\/p>\n

Bruce Schneier, one of the world’s top security experts, just published an article about the dangers of this new environment called Click Here to Kill Everyone. With the Internet of Things, we\u2019re building a world-size robot. How are we going to control it?<\/a> He’s also released the book<\/a>.\u00a0<\/span><\/p>\n

\n
\n

Giant robot? What is Schneier talking about? He says: <\/span><\/p>\n<\/div>\n

Broadly speaking, the Internet of Things has three parts. There are the sensors that collect data about us and our environment: smart thermostats, street and highway sensors, and those ubiquitous smartphones with their motion sensors and GPS location receivers. Then there are the \u201csmarts\u201d that figure out what the data means and what to do about it. This includes all the computer processors on these devices and \u2014 increasingly \u2014 in the cloud, as well as the memory that stores all of this information. And finally, there are the actuators that affect our environment. The point of a smart thermostat isn\u2019t to record the temperature; it\u2019s to control the furnace and the air conditioner. Driverless cars collect data about the road and the environment to steer themselves safely to their destinations.<\/span><\/p>\n

You can think of the sensors as the eyes and ears of the internet. You can think of the actuators as the hands and feet of the internet. And you can think of the stuff in the middle as the brain. We are building an internet that senses, thinks, and acts.<\/span><\/p>\n

This is the classic definition of a robot. We\u2019re building a world-size robot, and we don\u2019t even realize it.<\/span><\/p>\n

This reliance on computers changes the way we should be thinking about computer security. Security has three components: confidentiality, availability and integrity. In the past, when people were thinking about security, they were most concerned about confidentiality (e.g., someone was reading their email, someone stealing their identity). But today there’s a far bigger problem in availability and integrity. Shutting down your car (availability) is a far bigger problem than someone knowing where you are all the time (confidentiality). And modifying your car (integrity) to prevent your brakes from working on the highway is the biggest problem of all.<\/p>\n

But even cars aren’t the biggest problem. It’s all these smaller things that we’re connecting to the Internet — the Internet of Things. Last year we saw some enterprising hackers marshal together millions of DVRs and webcams to attack the core infrastructure of the internet<\/a> and bring websites like Twitter, Amazon and Netflix down. Here’s the basic problem:<\/p>\n