It turns out our toasters really are trying to kill us.
The image of rogue toasters can be traced to a paper three computer security analysts wrote back in 1996. They described a fictional terrorist attack involving hacks into an air traffic control system, the use of a simple website and a Trojan horse virus that eventually wipes out computer databases and other interconnected things across a wide swath of the United States.
| || |
They titled the piece, “Can you trust your toaster?”
That was five years before 9/11, which was a decidedly less high-tech attack, and nearly 19 years to the day before last week’s cyber attack on the East coast, which makes the paper suddenly relevant.
Now it turns out a toaster isn’t your only worry. Your baby monitor could be gleefully wiping out your credit cards while letting you know when junior is awake. Your TiVo could be a sleeper cell all its own, attacking important websites while recording the game.
The question, asked countless times since humans first acquired computers, is what the government, private businesses or both are doing about it. And can they please get on with it before my self-driving car locks the doors and sends me off a cliff?
This isn’t a trivial concern. With much of the world now online (a panhandler complained to me last week that no one carries cash any more and he needs to get a card reader), we are but a virus or two away from the Stone Age and a barter economy.
And did I mention the government already has put states on alert for potential attacks on next month’s election?
Last week’s attack put the dangers of the Information Age in a new and startling light. We don’t just have to be on the lookout for Nigerian royalty trying to get our bank account numbers. The very things around us, on our bookshelves and nightstands, secretly could be working as slaves for some distant master bent on destroying the civilized world as we know it.
On Oct. 21, someone used the malware program Mirai to commandeer thousands of Internet-connected devices and order them to flood a New Hampshire company called Dyn with so many fake requests it soon could not keep up. Because Dyn acts as a sort of switchboard for many websites, the attack soon made it difficult to access popular sites, including Netflix, Amazon, Twitter and PayPal.
As author and cyber expert Fred Kaplan explained on slate.com, a lot of the devices around us contain computer processors that are constantly up and running, even if they have little to do to keep themselves occupied all day. These are protected by password, but the passwords, set by the manufacturers, tend to be obvious, which makes the job of a malware program such as Mirai easy.
The processors on all your devices make up what is now called the Internet of Things, and they have the potential to make the future a lot less utopian than we had hoped.
As Kaplan notes, this strategy could be used to attack power grids, banking and transportation systems, to name only a few critical interconnected bits of our infrastructure.
Blogger and cyber security expert Bruce Schneier has speculated that “someone is learning how to take down the Internet.” The most recent attack might have been a test designed the learn more about our vulnerabilities.
And we have plenty of those. Kaplan argues the world ought to have been concerned about building security into interconnected computer systems when they first were developed 50 years ago. There is plenty of evidence that experts were issuing warnings about it even then.
But we can’t go back in time. What we can do is demand better security today. We can, for starters, insist that manufacturers let us reset the passwords on our seemingly docile things.
We can ask the next president to make Internet security a major initiative — one that involves the best minds of the computer industry and law enforcement.
Unless we get serious about protecting our things, we all could be toast.