The smartest bulb in the house


A few weeks ago, there was a fairly massive internet outage, mostly affecting users on the east coast of the United States. The cause was a standard malicious hack called a DDoS attack. It was aimed at a large DNS provider, Dyn. (What We Know About Friday’s Massive East Coast Internet Outage: Wired, 10.21.16)

This was different from the run-of-the-mill DDoS attack in that it appears to be the first time that this technique “… relied on hundreds of thousands of internet-connected devices.” (Hackers Used New Weapons to Disrupt Major Websites Across U.S.: NY Times, 10.21.16)

So this means that now vulnerability for massive cyber mischief is not limited to every personal computer on the planet that can be infected by malware. It also includes all of those small, internet-enabled devices that we are peppering the planet with in order to have smarter homes and even smarter cities. (A New Era of Internet Attacks Powered by Everyday Devices: NY Times, 10.22.16)

And, of course, now the standard locking of the barn door after the cows have escaped begins, and the product recalls commence. (Chinese IoT firm recalls 4.3 million connected cameras after giant botnet attack: Wired UK, 10.25.16)

Once again, no surprise, but it turns out that most of these Internet of Things (IoT) devices are not designed with the higher levels of security that are embedded in modern computers that connect to the internet. I’m not entirely sure that I want my house or my car to become so smart. (Hackers Remotely Kill a Jeep on the Highway – With Me in It: Wired, 07.21.15)

And this week, more news about this attack revealed that one of the vulnerabilities was in the ZigBee radio protocol that is embedded in many current IoT devices. (Why Light Bulbs May Be the Next Hacker Target: NY Times, 11.03.16).

In our physical computing classes in HCDE, we often use inexpensive XBee radios, based on the ZigBee standard, for prototyping wireless interactive systems. We’re not designing real products for the market with them, but we should be aware of the inherent security risks in any smart devices.