The New Wild West
This article was originally written for and published at N-O-D-E on August 3rd, 2015. It has been posted here for safe keeping.
THE NEW WILD WEST
A few years ago, I was fortunate enough to work professionally with low energy RF devices under a fairly large corporation. We concerned ourselves with wireless mesh networking and were responsible for tying together smart devices, like light bulbs or door locks installed in your home, into an information-driven digital conglomerate. You know those commercials you see on TV where the father remotely unlocks the door for his child or the businesswoman checks to make sure she left the patio light on? That was us. At the touch of a button on your tablet, miles away, you can open the garage door or flip on the air conditioner. These are products that are designed to make life easier.
In research and development, we view things differently than the stressed-out, on-the-go homeowner might. We don’t necessarily think about what the user might want to buy, but ask the question, “when we roll these things out, how will people try to exploit and break them?” In the confines of a tall, mirror-glass office building, my packet sniffer lights up like a Christmas tree. Devices communicate in short bursts through the airwaves, chirping to one another for all to hear. Anyone with the curiosity and some inexpensive hardware can pick up this kind of traffic. Anyone can see what is traveling over the air. Anyone can intervene.
Things weren’t so different a few decades ago. Back in the ‘70s we saw the rise of the phone phreak. Explorers of the telephone system, these pioneers figured out how to expertly maneuver through the lines, routing their own calls and inching further into the realm of technological discovery. We saw innovators like John Draper and even Steve Wozniak & Steve Jobs peeking into the phone system to see how it ticks and what secrets they could unlock. It wasn’t long before people started connecting their personal microcomputers to the phone line, lovingly pre-installed in their houses for voice communication, and explored computerized telephone switches, VAXen, and other obscure machines — not to mention systems controlled by third parties outside the grasp of good old Ma Bell.
This was the wild west, flooded by console cowboys out to make names for themselves. The systems out there were profoundly unprotected. And why not? Only people who knew about these machines were supposed to be accessing them, no use wasting time to think about keeping things secure. Many machines were simply out there for the taking, with nobody even contemplating how bored teenagers or hobbyist engineers might stumble across them and randomly throw commands over the wire. If you had a computer, a modem, and some time on your hands, you could track down and access these mysterious systems. Entire communities were built around sharing information to get into computers that weren’t your own, and more of these unsecured systems popped up every week. It seemed like the possibilities were endless for the types of machines you would be able to connect to and explore.
Today, many will argue that we focus much more on security. We know that there are those who are going to probe our systems and see what’s open, so we put up countermeasures: concrete walls that we think and hope can keep these minds out. But what about newer technologies? How do we handle the cutting edge? The Internet of Things is still a relatively new concept to most people — an infant in the long-running area of computing. We have hundreds if not thousands of networked devices that we blindly incorporate into our own technological ecosystems. We keep these devices in our homes and on our loved ones. There are bound to be vulnerabilities, insecurities, cracks in the armor.
Maybe you don’t like the idea of outlets that know what is plugged into them or refrigerators that know when they’re out of food. Maybe you’re a technological hold-out, a neo-luddite, a cautious person who needs to observe and understand before trusting absolutely. This may feel like the ultimate exercise of security and self-preservation, but how much is happening outside of your control?
When the concept of ubiquitous computing was first developed by Mark Weiser at Xerox PARC in the late ‘80s, few knew just how prominent these concepts would be in 25 years. Ubiquitous computing pioneered the general idea of “computing everywhere” through the possibility of small networked devices distributed through day-to-day life. If you have a cellular telephone, GPS, smart watch, or RFID-tagged badge to get into the office, you’re living in a world where ubiquitous computing thrives.
We’ve seen a shift from the centralized systems like mainframes and minicomputers to these smaller decentralized personal devices. We now have machines, traditional personal computers and smart-phones included, that can act independent of a centralized monolithic engine. These devices are only getting smaller, more inexpensive, and more available to the public. We see hobby applications for moisture sensors and home automation systems using off-the-shelf hardware like Arduinos and Raspberry Pis. The technology we play with is becoming more independant and increasingly able when it comes to autonomous communication. Little intervention is needed from an operator, if any is needed at all.
For all of the benefits we see from ubiquitous computing, there are negatives. While having a lot of information at our fingertips and an intuitive process to carry out tasks is inviting, the intrusive nature of the technology can leave many slow to adopt. As technology becomes more ubiquitous, it may also become more pervasive. We like the idea of a smart card to get us on the metro, but don’t take so kindly to knowing we are tracked and filed with every swipe. Our habits have become public record. In the current landscape of the “open data” movement, everything from our cell phone usage to parking ticket history can become one entry in a pool of data that anyone can access. We are monitored whether we realize it or not.
We have entered uncharted territory. As more devices make their way to market, the more possibilities there are for people to explore and exploit them. Sure, some vendors take security into consideration, but nobody ever thinks their system is vulnerable until it is broken. Consider common attacks we see today and how they might ultimately evolve to infect other platforms. How interesting would it be if we saw a DDoS attack that originated from malware found on smart dishwashers? We have these devices that we never consider to be a potential threat to us, but they are just as vulnerable as any other entity on the web.
Consider the hobbyists out there working on drones, or even military applications. Can you imagine a drone flying around, delivering malware to other drones? Maybe the future of botnets is an actual network of infected flying robots. It is likely only a matter of time before we have a portfolio of exploits which can hijack these machines and overthrow control.
Many attacks taken on computer systems in the present day can trace their roots back over decades. We see a lot of the same concepts growing and evolving, changing with the times to be more efficient antagonists. We could eventually see throwbacks to the days of more destructive viruses appear on our modern devices. Instead of popping “arf arf, gotcha!” on the screen and erasing your hard drive, what if we witnessed a Stuxnet-esque exploit that penetrates your washing machine and shrinks your clothes by turning the water temperature up?
I summon images from the first volume of the dystopian Transmetropolitan. Our protagonist Spider Jerusalem returns to his apartment only to find that his household appliance is on drugs. What does this say about our own future? Consider Amazon’s Echo or even Apple’s Siri. Is it only a matter of time before we see modifications and hacks that can cause these machine to feel? Will our computers hallucinate and spout junk? Maybe my coffee maker will only brew half a pot before it decides to no longer be subservient in my morning ritual. This could be a far-off concept, but as we incorporate more smart devices into our lives, we may one day find ourselves incorporated into theirs.
Just as we saw 30 years ago, there is now an explosion of new devices ready to be accessed and analyzed by a ragtag generation of tinkerers and experimenters. If you know where to look, there is fruit ripe for the picking. We’ve come around again to a point where the cowboys make their names, walls are broken down, and information is shared openly between those who are willing to find it. I don’t know what the future holds for us as our lives become more intertwined with technology, but I can only expect that people will continue to innovate and explore the systems that compose the world around them.
And with any hope, they’ll leave my coffee maker alone.
BY MIKE DANK (@FAMICOMAN)