This has been an interesting month, with news about hacking a variety of unusual things. People have hacked cars, light bulbs, toilets, baby monitors… the list goes on. It can be a little daunting to think of all the computerized things we have in our homes now, and how malicious individuals could affect those things. Think of all the things in your house that can access websites, things that can use Wi-Fi or Bluetooth, or interact with other devices. Today it’s nearly impossible to find things we use often that are totally computer-free; cars are a great example. But how much of the threat is hyperbole, and how much is valid?
I don’t think it takes a rocket scientist to see that the threat against a world full of cars is primarily academic. I don’t expect we will soon be seeing malware that messes with your brakes or jams your gas pedal any time soon. But why is it such a far-fetched idea? Simply put, the return on investment just isn’t there.
Consider that malware, as we currently know it, can be lumped into two groups: those that are financially motivated, and those that are politically motivated. Financially motivated malware steals your data or your CPU cycles for the benefit of the attacker. Politically motivated malware spies on journalists, activists, or other people of interest in order to predict (and potentially stop) their actions.
Until we can start using baby monitors and toilets to store credit card data and access social media accounts (I cannot stress enough how much I hope this never, ever becomes a reality), we can probably say the financial motivation will stay small. People are probably not going to hack into your Blu-ray player or light bulbs to send spam, or conduct DDoS attacks, in our lifetime.
With political motivation, things become less clear-cut. There could obviously be political motivation to track information from an activist’s car. Likewise, a network printer could be remarkably helpful for gathering important information. In this case, we need to analyze a little further. Sure, they could hack network-connected devices and gather useful information, but is it worth more than simply hacking a computer?
Simply put, no. For anyone that’s been watching the NSA scandal, there is a lot of data that can be gathered without ever hacking a computer – namely metadata. If it’s a government agency secretly gathering information, wiretaps and their digital equivalents can provide all the info they could possibly need. If it’s something more shadowy, then phishing, malware and direct attacks can still provide ample opportunity to breach a target.
There are plenty of available tool kits that can help hackers get into all but the most armored machines. There is simply no point in going to herculean efforts to hack into new types of devices, such as cars or toilets, when the old devices still provide ample opportunity.
That said, the basic message is still this: Don’t panic. If you’re a journalist or an activist, hopefully you’re taking sufficient measures to protect yourself. If you’re neither of those things, the odds of hackers causing problems with these alternate, computerized devices are quite small. It’s possible you could be subjected to annoying pranks, but the chance of genuine harm is significantly smaller.
The message from hackers tinkering with these devices is not really meant to spook consumers. It’s simply meant to remind makers of these new devices that security should not be an afterthought. It isn’t good publicity when someone uses your product to harass a toddler. If those vendors want to avoid these PR nightmares, they should take this into account before releasing new products.