Analysis |

Rise of the Toasters: One Is Harmless, a Million Are a Cyber Army

Think about Alfred Hitchcock's 'The Birds.' One crow doesn’t look especially scary, but thousands of crows attacking a specific target — that’s the stuff of horror movies.

Yuval Dror
Send in e-mailSend in e-mail
A Hello Kitty toaster sits on display during the 2011 International Consumer Electronics Show (CES) in Las Vegas, Nevada, U.S., on Saturday, Jan. 8, 2011.
A Hello Kitty toaster. Looks harmless, doesn't it? But when connected to the internet, it could be used by hackers.Credit: Bloomberg
Yuval Dror

The Internet of Things has been considered one of the hottest and most secure high-tech trends in recent years. According to the research firm BI Intelligence, by 2020 some 24 billion “things” in the world will be connected to the internet, and consumers, organizations and companies will spend $6 trillion to buy them. These “things” can be appliances like your refrigerator, sprinkler system, security camera, lights, tea kettle, washing machine — in short, everything.

All these appliances, considered dumb until some time ago (after all, it’s just a teapot), become smart by connecting to the internet. They can be turned on and off remotely, give statistical reports and communicate with other appliances to create an orchestra of digital servants that will do anything to enhance your surroundings.

But banal as all this sounds, we seem to have forgotten that when we build an army of slaves to serve us, there will always be some way to use them against us. That, it seems, is what happened when hackers shut down access to many internet sites on the East Coast of the U.S. last week.

The problem with the “things” that communicate online is that the companies that manufacture them don’t invest in considerable efforts to make them secure. “Who will want to hack a toaster?” they ask themselves. The truth is that hacking one toaster is really not the goal. But what about half a million toasters? For hackers, only one thing about a toaster is relevant: Since it can send information or requests over the internet, it can be taken hacked to send its requests to a pre-assigned destination.

And so, one toaster secretly joins another, until you gradually have networks of zombies (called “botnets”). They consist of appliances that do their daily tasks perfectly, but the moment the order is given, they become a disciplined digital army that shoots off requests at a rate of 1,000 gigabytes a second, generating a traffic volume that is greater than all the internet traffic at the disposal of some small countries.

Hitchcock's The Birds

Think about Alfred Hitchcock’s “The Birds.” One crow doesn’t look especially scary, but thousands of crows attacking a specific target — that’s the stuff of horror movies. No wonder that innocent technology goes completely haywire in so many science fiction movies. In the case of last week's outages, the technology was innocent but it didn't go out of control; it was hijacked to create an efficient attack.

In a world where so many actions are based on digital communication online, the ability to crash websites, services and even the internet “address book,” the domain name system that connects our browsers to the websites we want visit, is a destructive one.

Elements operating on the internet black market are training such zombie webs. They have seen to it that the digital soldiers are co-opted by means of malware and now they have an army of hundreds of thousands of mercenaries consisting of teapots, cameras and converters at their disposal. This all sounds amusing, but when we think about the economic, social and security implications, things look much more serious.

Attacks could render voters unable to cast their ballots on Election Day, block stock exchange services and e-commerce sites or prevent the delivery of electricity and water. These service outages could last from a few hours to a few days, leading to enormous economic damage and even loss of lives.

There is no doubt that manufacturers of smart "things" must be pressured to better secure these devices. But what about the billions of objects that are already in our homes and offices? Now where did I put my grandmother’s old teapot that whistled when the water boiled? Suddenly it doesn’t seem so dumb anymore.

An employee demonstrates a Smart Home fridge at a John Lewis department store in London, April 8, 2016.
An employee demonstrates a Smart Home fridge at a John Lewis department store in London, April 8, 2016.Credit: Chris Ratcliffe, Bloomberg

Comments