30 July 2013
By Kevin Samson
Controlling your life
with the push of a button
From top to bottom, it appears that our modern internet-driven world filled with interconnected smart gadgets and modern computing applications is making us vulnerable to potentially life-changing hacks.
As was noted recently, not only are modern cars open to being hacked, but also boats, planes, and GPS-driven munitions and unmanned vehicles. (Source)
So, perhaps you think you'll ditch the modern car, get rid of the smartphone, limit travel and hunker down safe and cozy in your home. Well, unfortunately, if your house is filled with modern appliances and electronics, it could potentially open up a literal nightmare experience.
Smart Meters have arguably garnered the most concern in the housing market, as homeowners have begun voiving their concerns about documented health and privacy issues.
But what if you were awakened in the middle of the night by a phone call, and the person on the line told you they were taking full remote control over your home? Then proved it by turning your lights on and off, starting up the dishwasher, blasting your TV at full volume, and turning up the heat.
Then you hear your garage door opening.
This type of "haunting" scenario was the subject of Kashmir Hill's article writing for Forbes titled, "When 'Smart Homes' Get Hacked: I Haunted A Complete Stranger's House Via The Internet."
The evolution of the full-fledged Smart Home is receiving billions in investment, and many consumers are jumping in head first without thinking through some of the implications:
Googling a very simple phrase led me to a list of “smart homes” that had done something rather stupid. The homes all have an automation system from Insteon that allows remote control of their lights, hot tubs, fans, televisions, water pumps, garage doors, cameras, and other devices, so that their owners can turn these things on and off with a smartphone app or via the Web. The dumb thing? Their systems had been made crawl-able by search engines – meaning they show up in search results — and due to Insteon not requiring user names and passwords by default in a now-discontinued product, I was able to click on the links, giving me the ability to turn these people’s homes into haunted houses, energy-consumption nightmares, or even robbery targets. Opening a garage door could make a house ripe for actual physical intrusion.
The physical intrusion certainly could come from a common hacker bent on robbery, but more troubling is the open admission by the CIA that they will invade your home as well. It is all part and parcel of what is termed "The Internet of Things." And, increasingly, one does not necessarily have to buy into the concept of a "Smart Home" to become vulnerable.
In conjunction with a recent unveiling of a new low-powered computer chip by ARM, one of the world’s largest chip companies, the fact is virtually every piece of electronic equipment (including appliances) can be controlled via apps and Internet-based systems. It is for this reason that Petraeus stated that the CIA will be able to read these devices via the Internet and even radio waves outside of the home.
Petraeus further stated,
"‘Transformational’ is an overused word, but I do believe it properly applies to these technologies.
Particularly to their effect on clandestine tradecraft. Items of interest will be located, identified, monitored, and remotely controlled through technologies such as radio-frequency identification, sensor networks, tiny embedded servers, and energy harvesters – all connected to the next-generation internet using abundant, low-cost, and high-power computing." (Source)
Beyond controlling the devices themselves, there was a vast amount of personal information that was open to be accessed by Kashmir Hill in her "hauntings." Among the eight homes she was able to access, she reports the following:
Sensitive information was revealed – not just what appliances and devices people had, but their time zone (along with the closest major city to their home), IP addresses and even the name of a child; apparently, the parents wanted the ability to pull the plug on his television from afar. In at least three cases, there was enough information to link the homes on the Internet to their locations in the real world. The names for most of the systems were generic, but in one of those cases, it included a street address that I was able to track down to a house in Connecticut.
As we continue to see, there are gaping security holes in nearly every modern computing application. This has been confirmed beyond what might be construed as simple government fear-mongering. However, the best-funded intelligence networks on the planet and the highest-level tech corporations seem to be caught off guard. This is where we should be rightly skeptical; more likely is that these "flaws" will scare us enough to get us to accept the next wave of "security" features, which will likely tie us even closer to their surveillance grid.
The near future could easily head down the path to full dystopia where we are subjected to surveillance and control outside of our homes, as well as inside. Apparently, if you are into controlling the lives of others -- whether you are in the government or private sector -- the modern world is a very smart one indeed.