Woudhuysen

No, your home won’t be hacked

First published in spiked, 31 October 2016
Associated Categories Featured,IT Tags: ,
WiFi kettle

The panic about every household gadget being hit by computer hackers is overdone

On Friday 21 October an unprecedented cyber-attack hit many important websites, including Twitter, eBay and the New York Times. Initially, user access to swathes of the Web was disrupted on the east coast of the US, but the trouble quickly spread across the US and then moved on to Europe. Soon, it became clear that, in plaguing the web servers that host popular sites with unwanted traffic, hackers hadn’t just recruited conventional computer networks to spread their malicious software (‘malware’), but also Web-connected consumer goods. By the following weekend, panic had grown enough for The Times to report that ‘all connected devices’ – including home coffeemakers, baby monitors and security cameras – were now ‘potentially vulnerable’, and that this could make homes ‘at risk of surveillance, burglary and blackout’.

Fear of the Internet is as old as its uncritical admirers. From the moment it gained millions of users in the 1990s, the Internet has been accompanied by paranoia about lurid images, obsessive gaming and gambling, identity theft and many other online versions of dodgy human behaviour. Yet the idea that every home contains goods that can now be mobilised against its owners is new.

So what’s really the issue?

It’s true that not just a few ‘smart’ kettles and central heating controllers, but most new home TV equipment is now connected to the Internet. Manufacturers ensure that this is the case in a rather desperate effort to make money by capturing patterns of use among consumers. Meanwhile, two other forms of financial desperation have worked so as to magnify the reputed size of The Threat To Us All.

First, in narcissistic style, hackers who have long and gleefully publicised their hack of a personal medical device or a Jeep, now like to suggest that every consumer product is prone to attack. They want manufacturers to hire more skilled, ‘white hat’ (ethical) hackers to protect their products, or to pay those same hackers ‘bug bounty’ – one-off fees to rid them of the software flaws that ‘black hat’ (unethical) hackers exploit.

Second, IT security companies, the IT press and the general media inflate the dangers, hoping to sell more goods and services.

In this, they meet a ready audience among the middle and upper classes, who, since the end of the Cold War dismantled old certainties about the world, have suffered from a ridiculously exaggerated apprehension of the future. Indeed, the financial motives of manufacturers of Internet-connected fridges, preening ethical hackers, IT security firms and the media pale into insignificance compared with the pervasive anxiety that has characterised capitalism for almost three decades. Already the year 2016 has emerged as the one in which neuroses about IT, an ascendant China and a manipulative, recalcitrant Russia have coalesced into hysteria about ‘cyber-war’.

Anyway, what happened on 21 October wasn’t the disabling or evil redirection of consumer products. What happened is that black hat hackers used both computer networks and consumer malware against a Domain Name System provider called Dyn. Dyn is a relatively small company, among quite a few, that turns human-readable Web addresses into those that machines can use – Internet protocol addresses. When it was overwhelmed with nasty code, the sites it served went down.

So: because malware was multiplied through consumer devices, experts rush to tell us that the Internet as we know it could collapse. They conflate the recruitment of these devices in an anti-social cause with their disabling or hijacking. The word ‘hack’ covers a multitude of sins, itself adding to society’s fear and confusion. Moreover, it’s explicitly linked to scares about tomorrow. As The Times put it, security experts ‘expect the risks to increase in future as the technology proliferates, devices fall out of date and hackers become more skilled’. And whenever British officialdom’s fraudulent, chaotic and repeatedly delayed £10.9bn programme of smart energy meters is finally applied, over four years to 30 million premises, remember this: the misplaced hope that these meters will combat the dread threat of climate change has been accompanied, since 2012, by fear – not just around their radiation’s impact on people’s health, but also around them opening people up to hacker invasions of privacy, and hacker-originated power cuts, too.

Let’s sober up. Hacking home computers, a longstanding practice, will likely stay more rewarding than hacking home appliances – and even there the rewards are nothing like sending ‘ransomware’ to large firms.

In the very future that we’re told is so awful, consumer devices will get IT security updates, as already happens with the operating systems and/or applications on mobile phones. The spread of biometric security – for example, fingerprint or voice recognition – will also allow users to personalise access to products, making hacking harder.

For the present, all that needs to happen is that manufacturers of consumer products need to make better instructions, so that users know not to leave their devices on factory-issue 0000 passwords, as is often the case now. People don’t make that elementary error with PCs; they’re clever enough not to do that with TVs.

Tedious, to go round your home entering passwords on toasters and the like? Yes. The end of the Internet as we know it? Hardly.

Share Button

0 comments

Comments are closed.