Renegade artificial intelligences, big brother security states, cars trying to kill us — it’s not like we weren’t warned. But, true to form, like some Frankensteinian dupe from the cheesiest of sci-fi/horror flicks, we just had to build it anyway. Was it hubris? Blind devotion to the gods of gadgetry? Or did we just figure that the fallout would be somebody else’s problem?
The Internet of Things: Trillions of everyday objects exchanging data, everywhere, all the time, with only the most basic human oversight. It’s already arrived in devices, sensors, controllers, big data tools and cloud infrastructure, but that’s just the tip of the iceberg.
“Today less than 1 percent of things in the physical world are connected,” says Cisco chief futurist Dave Evans in an explanatory video. Tomorrow, an online world stretching from your kitchen blender to the factory floor to the satellitesoverhead will open security vulnerabilities on an unprecedented scale and grant systemic malfunctions extraordinary — and terrifying — reach.
It seemed like a good idea at the time.
Well, the check’s just come due, metaphorically speaking, and you’re still making payments on that all-singing, all-dancing washer and dryer. The good news? Making that payment schedule is about to become the least of your worries. The bad news? Well, that’s what this article is about.
You return from your two-week vacation to discover piles of delivery boxes clogging your front doorway. Sorting through them, you realize that Amazon’s anticipatory shipping system has been sending drones laden with pseudoephedrine cold medicine, lighter fluid, cold packs, lithium batteries and other meth-cooking paraphernalia. But this lame excuse for a “Breaking Bad” episode is the least of your problems, as you discover when an alphabet soup of federal agents storms in a moment later.
They’re still arguing jurisdiction as your head hits the hood. Should the Bureau of Alcohol, Tobacco, Firearms and Explosives get you for the illegal drugs and banned weapons you’ve been ordering through the deep Web? Or should the FBI’s domestic terror task force get first crack? And why is the National Security Agency just sitting in that van across the street?
From their questions, you piece together that someone has been using the free processing time on your idle network of household devices and appliances to mine bitcoins. They’ve then used your poorly secured WiFi to turn your home into a dead drop for drugs, guns and bomb-making materials. Don’t worry — it will be sorted out in a year or two.
We now present for your consideration the tales of two partly mummified Germanic women: The first was discovered in her Oberursel, Germany, apartment six months after her death, still seated in front of her flickering television screen; the other, an American of German descent, was found waiting in the back seat of her Jeep more than five years post-mortem [sources: Machado; Mullen and Conlon; Reuters].
The apartment dweller’s demise was detected by her piled-up mail, but the homeowner had no such giveaways. She was a frequent traveler, so her mail was on hold, and no one expected to see her for a while. Her neighbor mowed her lawn, and her every bill was auto-paid from her bank account — until, finally, the funds ran out [sources: Machado; Mullen and Conlon; Reuters].
Once, we lived in smaller, more close-knit communities. But today, as online shopping and automatic bill pay make it ever easier to live as a shut-in, more of us fall through the cracks. The more connected our devices become, and the more agency they have to perform transactions for us, the more likely we’ll stumble across other forgotten corpses tooling around town, perhaps, on a final tour before their self-driving cars run out of gas.
You open your insurance bill to discover that your rates have gone up yet again. Apparently, your fancy Japanese toilet narked on your fat intake, your smart watch ratted you out for blood pressure spikes and your car says that you were out driving too late through some dodgy neighborhoods [source: Progressive]. Welcome to the Internet of Stool Pigeons.
Insurance companies promise safe driver insurance discounts if we’ll just plug a monitoring device into our cars. It doesn’t take an actuarial genius to guess that all that data will affect insurance rates down the road. So what happens when we pile on data gathered by our fitness apps or wearables, appliances and loyalty cards? I hope you like Flo, because you’re going to be sharing your entire life with her company (Progressive) and others like it.
And not just them: After all, data can be hacked, sold or cross-referenced for everything from identity theft to employer snooping to law enforcement. Should you be more worried that your your employer knows that you took the rental car on a side trip to Tijuana, or that the cops (and your insurer) can tell that you were illegally texting while driving? Either way, get ready to pay.
You thought you’d finally gotten rid of him. It had cost you: New e-mail address, new phone, new locked-down social media accounts, boards you dare not post to anymore, even a few lost friends. But the e-mailed nanny cam footage of you tells a different story, as does the voice mocking you over the baby monitor as you open the envelope of photos — snapshots of you taken all over town. It’s like he’s tracking your every move …
If social media gave cyber-stalkers a duck blind from which to snipe, then the Internet of Things offers them all the comforts of a game preserve with a remote-activated hunting rifle. After all, a system of devices that helpfully tracks your interests and activities can, with determination and often surprisingly little effort, be made to serve more nefarious interests as well.
Cell phones, GPS devices in your car, E-ZPasses and license-plate readers log our locations. Loyalty cards and in-store WiFi systems track our shopping activities. Many current home cameras and monitors remain embarrassingly hackable. It’s sobering to consider the uber-Orwellian uses to which a stalker, hacker, employer, research company or government agency might put such information [sources: Hardy; Hardy; Hill; Hill].
Tired after a long day at work, you sit back in your self-driving car, flip on the stereo, close your eyes and try to unwind. But the drive feels wrong — an unfamiliar pothole here, a few too many turns there — and you soon open your eyes to discover that you don’t know where you are. As a sinking feeling comes over you, you try to activate manual control, but you’re locked out. The doors won’t unlock either.
Desperate, you glance at the speedometer and contemplate your chances of surviving a bailout, assuming you can break the safety glass. But before you can muster your courage, a cold voice comes over your speakers, warning you not to struggle. You’ve been taken, and Liam Neeson is nowhere in sight.
As our cars continue their evolution into fully computerized, networked and self-driving vehicles, the road is paved for our beloved transports to turn into machines of murder, mayhem, stalking and kidnapping. A few spoofed sensors or hacked controllers are all it would take to blow your tires or to turn your vehicle into a speeding weapon of metal and rubber. As for stalking and robbery, thieves already know how to break into your car, use its GPS “home” setting to locate your house and rob it [source: Woodyard]. Imagine what they will be able to do once it’s fully networked.
ou wake up in the morning, not because your alarm is going off, but because someone is spamming your alarm clock with ads for a new energy drink. This makes you thirsty, so you go to the fridge to get a sip of something cool, only to find an ad on the panel for a weight-loss pill. You try to interact with the screen, but it has locked up. Suddenly, you realize why you are so thirsty: The air conditioner has shut itself off.
You walk to your neighbors’ house to borrow their phone (yours is full of spam) and begin calling your “smart” device companies for help. But the company that made the refrigerator passes you off to the factory that made the user interface, which pawns you off onto the chipmaker, who says it’s a problem with the operating system — which is so widespread and well-known to hackers that there’s nothing you can do. A few grudgingly admit that it’s unfortunate that your devices did not have firewalls or antivirus (there’s no room), but they blame you for not changing the passwords.
You did know there were factory default passwords, right?
The hackers sure did, and they’ve used them not only to spam you ads, but to find a backdoor into your wireless network and e-mail your friends and co-workers versions of the virus. They’ve also contacted all the devices your appliances talk to. Enjoy your house full of expensive bricks.
“Look, can we talk somewhere private? It’s important.”
You look around the crowded city restaurant, remembering a time when there was no better place for anonymity, no surer way to guarantee that your conversation was not overheard. But then you think of the smart watch that is listening for your voice commands and the smart table that awaits your order and watches for your payment. Your eyes stray to the man across the room looking vaguely in your direction, wearing the latest Google Glass equivalent, and you are reminded of the sheer quantity of recording devices with which we surround ourselves every day.
On the train, you make small talk about two artists who created a listening device that could be screwed into any light socket and would tweet overheard conversations. Your companion mentions a former NSA director whose private conversation with a reporter on a train was live-tweeted by a nearby passenger. You both glance nervously around the train car [sources: Greenberg; Hill; Ingraham].
Walking back to your apartment, you are suddenly conscious of the many hackable monitoring devices there — your Webcam, your gaming headset, the always-on Kinect in your living room. Sighing, you duck into a park and find a bench near a loud fountain. It’s the best I can do, you think, as you snap a quick Instagram and check in with Foursquare.
“So you’ll do it?” asks the hard-looking woman in the designer coat and tacky jewelry. “You’ll … take the job?”
The man glances around the bar for effect before replying. “You want it to look like an accident, right? No problem. I can do tire blowouts, brakes — and not the old-school detectable cuts, either, I can hack them. Does he have a bad ticker? Sugar problems, maybe? That would be primo. Pacemakers are easy to hack; insulin pumps aren’t much harder. Anyway, all doable, no physical evidence. Everything talks to everything else these days. But it’s going to cost.”
“That’s what I was waiting to hear, scumbag.” The woman stands up and produces a badge and a gun. “You’re under arrest.”
He laughs. “Am I?”
Suddenly, the lights go black and the detective’s wireless mic goes dead. Music blares from the restaurant speakers, covering the sound of the fleeing hit man as he escapes through the service exit using a hacked RFID chip.
We’ll get him anyway, thinks the detective on the winding mountain road back to the precinct. He can’t hack everything, and we’ve got hardened drones sweeping the area with hi-res cameras. She’s still thinking it when her tires blow near dead man’s curve, sending her tumbling down the canyon wall.
It’s a sweltering summer’s night, so at first you assume that a rolling brownout has plunged your neighborhood into darkness. But as days roll by with no improvement, and as even your emergency radio remains silent, you begin to hear rumors of something much more serious. Someone — possibly cyberterrorists or a Russian or Chinese faction — has brought down the power grid. Backup systems are failing, too, and even now underwater tunnels are filling with carbon monoxide and water, doomed by dead fans and lifeless pumps. Roads are snarled, emergency systems are overloaded. Is this the prelude to a larger attack? Has it already begun?
According to a 2014 Federal Energy Regulatory Commission report, knocking out a mere nine key electric-transmission substations could plunge America into a wide-scale blackout. Some of these stations are unmanned, remote and poorly secured against physical, let alone electronic, breaches [source: Smith].
America’s top security personnel admit that infrastructural vulnerabilities exist and that terrorists see cyberwarfare as a key battleground. Meanwhile, China, Russia and other countries have successfully cracked the U.S. electrical grid and left behind potentially disruptive programs [sources: Gorman; PBS NewsHour; Schmidt]. These dangers only deepen as we make smarter systems and allow them to interact over the Internet.
In retrospect, she thought, I should have seen this coming. It wasn’t that the artificial intelligence was disobeying the company’s motto of “Don’t be evil.” It was just following its core directives, which included seeking resources necessary to its survival. Was it evil, she thought, for an amoeba to devour nearby plankton? It was just a pity that there were so many unsecured smart appliances and WiFi-capable gadgets around the campus, and that she hadn’t considered this when she designed its self-improving program.
Now she had no idea what it was doing or how it thought. But it wasn’t all bad. Somehow, it had begun sending her money, possibly via stock market manipulation. Or maybe it had something to do with the amazingly innovative schematics it was churning out, which appeared better than anything she’d yet seen out of her so-called genius colleagues. At this rate, she wondered, how much longer would it still need us? “Kind of wish we hadn’t built that robot army now,” she said to herself, hoping her phone mic didn’t pick up the comment.
AI that functions at a dangerous level is not only possible; given the sheer amount of money companies like Google are investing in its development, it’s quite probable [sources: Hawking et al.; Pearson]. This danger can only deepen as we connect our world, granting AIs the power they need to wreak havoc and, just maybe, wipe us out.
Authors Note: 10 Nightmare Scenarios From the Internet of Things
Aside from malfunction-spawned mishaps, many of the nightmare scenarios of the Internet of Things arise from the same old sources: hacking, crime and terrorism. By more closely connecting the world — and by automating and making intelligent versions of mechanisms we once controlled and monitored — we grant both good and bad actors greater reach and power, and we put our trust in systems that can go wrong faster than we can react to crises.
Of course, designers and engineers will know to test for, and harden against, many if not most of these vulnerabilities. But, as history has shown, we have yet to master the art of protecting systems, in part because some level of openness is usually required for them to function, and in part because hackers are adept at finding indirect ways of attacking them.
Already, search engines like Shodan enable users to browse unsecured systems from baby monitors to traffic lights to medical devices. And while it can take months or years to identify, analyze and plug such security holes (or make them illegal), it takes only minutes to inflict substantial harm.