Miami Herald (Sunday)

What you should do

-

computers – in the form of devices – connected to the internet,” said Matthew Green, an associate professor of computer science at Johns Hopkins University.

This interconne­ctivity is known as the Internet of Things, he said.

“These computers are all vulnerable,” Green said. “They all have software running on them and unfortunat­ely, not all of it was written by the best software developers. And to make matters worse, the software often doesn’t get updated.”

Both Schneier and Green pointed to the largest distribute­d denial-of-service attack, which happened in October 2016 and infected computers with malware, known as botnets, to bombard servers with traffic until they collapsed.

Hackers took down Twitter, Netflix, Reddit, CNN and many other websites around the world for almost an entire day, both Schneier and Green said.

What was the innocuous conduit for accomplish­ing this majorly disruptive feat?

Webcams, DVRs and home internet routers with weak passwords and poorly written software – much like the ones you and I have in our homes today.

The problem, Schneier said, is that, “You have no way of knowing if your device is affected by this (or any other) botnet and you kind of don’t care. And there is no way to patch it. It will be a member of that botnet until you throw it away, which could be a decade from now.”

He added, “Once computers start affecting the world in a direct and physical manner, there are real risks to life and property. And the market won’t resolve this.”

Think disabled cars, purposely interrupte­d pacemakers and the shutdown of electrical grids.

There are only two ways to fix the problem.

Customers must demand it, which, Schneier asserts, won’t happen because cus- tomers don’t really know what’s going on. Government­s also should pass laws ensuring that device manufactur­ers build and update their products to reduce software vulnerabil­ities, he said.

So, why is it that everything seemingly is moving toward becoming a part of the Internet of Things?

Because it’s cheaper to make appliances and other devices with smart technology than not, Schneier said.

“Today, the cheapest way to make a refrigerat­or (or any other appliance or electronic device) is to grab a general purpose CPU chip off the shelf and build all

A

A

A

A the functional­ity into the software,” he explained. “But that CPU chip comes with internet connectivi­ty, messaging services, video software, a microphone – whether the manufactur­er wants it or not.”

What can consumers do to protect against a hack?

“It’s really, really hard to know what software is running on smart devices like fridges, ovens, thermostat­s, doorbells and in smartphone apps (to name just a few),” Green noted. Schneier’s guidance? “Demand that the government regulate this,” he said.

?? JEFF SINER Charlotte Observer ?? The Iris system is on display in 2012 in Charlotte, N.C. The Iris was designed to connect every appliance in the home wirelessly and let consumers control it all over their phone. But that easy access also creates a security risk. Advice for consumers from Matthew Green, an associate professor of computer science at Johns Hopkins University, includes:If you are buying something on Amazon from an overseas company you’ve never heard of, there’s a good chance there is some sort of security vulnerabil­ity you should be worried about.If you connect a device to your Wi-Fi network, you should assume the device is a risk to the security of everything else on the network.You should look into whether a device has a software update mechanism and if it does, you should look at whether the software updates automatica­lly or manually.If you don’t need Internet-of-Things functional­ity and there is another option, take it.
JEFF SINER Charlotte Observer The Iris system is on display in 2012 in Charlotte, N.C. The Iris was designed to connect every appliance in the home wirelessly and let consumers control it all over their phone. But that easy access also creates a security risk. Advice for consumers from Matthew Green, an associate professor of computer science at Johns Hopkins University, includes:If you are buying something on Amazon from an overseas company you’ve never heard of, there’s a good chance there is some sort of security vulnerabil­ity you should be worried about.If you connect a device to your Wi-Fi network, you should assume the device is a risk to the security of everything else on the network.You should look into whether a device has a software update mechanism and if it does, you should look at whether the software updates automatica­lly or manually.If you don’t need Internet-of-Things functional­ity and there is another option, take it.

Newspapers in English

Newspapers from United States