The Internet of Things is vulnerable
We need to create incentives to design networked devices for safety, and plan for when some things inevitably go wrong
Last month the FBI in the US issued an urgent warning: Everyone with home internet routers should reboot them to shed them of malware from “foreign cyberactors.” Putting aside the strangeness that for once power-cycling a device could perform an effective exorcism upon it, the episode reveals more than just the potential for disruption of internet access for people using equipment they never expect to have to physically manage. It also underscores how unprepared we are to manage downstream-networked devices and appliances — the ‘Internet of Things’ — that are vulnerable to attack.
A long-standing ethos of internet development lets anyone build and share new code and services, with consequences to be dealt with later. I call this the “procrastination principle,” and I don’t regret supporting it. But it’s hard to feel the same way about the Internet of Things. Worries about security for these devices have become widespread, and they fall roughly into two categories.
First, compromised networked things can endanger their users. In 2015, Chrysler recalled 1.4 million vehicles after researchers showed they could hack a Jeep and disable its brakes and transmission. Coffee makers and other appliances with heating elements could have safety features overridden, starting a fire. And an alert was issued on certain pacemakers last year after vulnerabilities were found that could allow attackers to gain unauthorised access and issue commands to the devices.
Second, hacking even a tiny subset of the 10 billion and counting networked things can produce threats larger than any one consumer. Individually these devices may be too small to care about; together they become too big to fail. Security systems in a city could be made to sound an alarm simultaneously. Light bulbs can be organised into bot armies, directed to harm any other internet-connected target. And worse than a single Jeep executing an unexpected sharp left turn is a whole fleet of them doing so.
Short of rejecting internet integration with appliances, dealing with this is not easy. As with home routers, we tend to keep appliances around for years, so vulnerabilities aren’t phased out quickly. In fact, many vendors might stop issuing firmware updates for physical objects even while they’re still widely in use — abandoning the public to problems lurking in embedded code. And otherwise-valuable “over the air” security updates could also be a gateway to a hack, especially for small vendors of cheap if useful objects like $5 (Dh18) drones.
Unusual solutions
The unusual problems of the Internet of Things call for unusual solutions. The first confronts the lifecycle problem. Companies making a critical mass of internet-enabled products should be required to post a “networked safety bond” to be cashed in if they abandon maintenance for a product, or fold entirely. Insurers can price bonds according to companies’ security practices. For internet-connected appliances, “reclamation” can entail work by non-profit foundations to maintain the code for abandoned products. Proceeds from redeemed bonds would go to these foundations to maintain the products, like the way the Mozilla Foundation has transformed the 1998 Netscape browser long after its originators left the scene.
A second intervention would require networked products modelled after analogue counterparts to work even without connectivity. A smart coffee maker shouldn’t be so clever that it can’t make coffee without internet access. Switchover to non-connectivity mode will not merely help prevent things from becoming useless when the internet goes down, or if the original vendor disappears or jacks up service prices. It can also provide a soft landing for appliances that reach the end of their supported life cycles while still beloved by owners.
Finally, networked devices made by different vendors need to be able to communicate with one another — the way that, say, Mac and PC users seamlessly exchange email. That prevents a household from becoming locked into a single vendor for all its appliances. It also prevents us from flocking to one or two vendors whose compromise could cause widespread consequences. While procrastination around security has been vital to the expansion of the internet, “later” doesn’t mean “never.” We can create incentives to design networked devices for both interoperability and safety, and to plan for remediation when some things inevitably go wrong. We can enjoy the best rather than worst of both worlds. ■ Jonathan Zittrain is an American professor of internet law and the George Bemis Professor of International Law at Harvard Law School