Despite Its Promise, The Internet Of Things Remains Vulnerable | KERA News

Despite Its Promise, The Internet Of Things Remains Vulnerable

Dec 5, 2016
Originally published on December 5, 2016 6:27 pm

More and more of the things we use every day are being connected to the Internet.

The term for these Internet-enabled devices — like connected cars and home appliances — is the Internet of things. They promise to make life more convenient, but these devices are also vulnerable to hacking.

Security technologist Bruce Schneier told NPR's Audie Cornish that while hacking someone's emails or banking information can be embarrassing or costly, hacking the Internet of things could be dangerous.

"Unlike computers that only affect bits, the Internet of things affects objects," Schneier says. "My Internet thermostat turns my heat on and off, Internet-enabled car drives around, and these devices are vulnerable to hacking. And the fear is that they can be used, you know, to kill people."

Schneier says there is currently no government regulation around the Internet of things, and he fears it will take a disaster for that to change. There also isn't an organized effort by manufacturers to make these devices more secure.

"Right now, unfortunately, these devices are being sold by the millions, they're not secure, and bad things are going to happen," he says. "We saw that a month ago with the attacks against a name server that dropped reddit and Twitter and a bunch of other websites. That attack was caused by vulnerabilities in digital video recorders and webcams and lots of consumer Internet of things devices. And nothing has been done to fix those."

Despite these weaknesses, Schneier remains optimistic about the Internet of things.

"The Internet of things has enormous promise," Schneier says. "The Internet thermostat I bought gives me great control over my heat and air conditioning when I am away from home, and I save a lot of energy. It's good for the world. It's good for the environment. ...

"We make our trade-offs, and we take our chances," he continues. "These things are important, but by and large we're talking about the edges of what are really interesting and exciting technological devices."

Copyright 2017 NPR. To see more, visit http://www.npr.org/.

AUDIE CORNISH, HOST:

More and more of the things we use every day are getting connected to the internet. What that could mean for security on this week's All Tech Considered.

(SOUNDBITE OF MUSIC)

CORNISH: There's a term for these internet-enabled devices like connected cars and home appliances - the Internet of things. They promise to make life more convenient, but those devices are also vulnerable to hacking. I spoke about this with security technologist Bruce Schneier. He says that while hacking someone's emails or banking info can be embarrassing or costly, hacking the Internet of things could actually be dangerous.

BRUCE SCHNEIER: Unlike computers that only affect bits, the Internet of things affects objects. You know, my internet thermostat turns my heat on and off, internet-enabled car drives around. And these devices are vulnerable to hacking. And the fear is that they can be used, you know, to kill people.

CORNISH: What, if any, real efforts have you seen from, say, a government agency to try and get out ahead of this?

SCHNEIER: It's hard. Right now there's no regulation on the Internet of things, this internet of dangerous objects. I think that's going to change. My worry is that it'll take some disaster before it changes.

CORNISH: When it comes to the Internet of things, this is a business. What, if any, effort has the tech industry that is producing this technology had to say or what efforts have they made to try and make these items secure?

SCHNEIER: There's not a lot of work being done by the device manufacturers to make them secure. Right now unfortunately these devices are being sold by the millions. They're not secure and bad things are going to happen. We saw that a month ago with the attacks against a name server that dropped Reddit and Twitter and a bunch of other websites. That attack was caused by vulnerabilities in digital video recorders and webcams and lots of consumer-Internet-of-Things devices. And nothing has been done to fix those.

CORNISH: So what does this mean for the average person going forward? Is it your advice that maybe people hold off on embracing these things in their home?

SCHNEIER: You know, I can't give that advice. The Internet of things has enormous promise. I mean, the internet thermostat I bought gives me great control over my heat and air conditioning when I am away from home and I save a lot of energy. It's good for the world. It's good for the environment.

CORNISH: I'm stunned that you have one of these things actually, (laughter) given the way you were just talking.

SCHNEIER: But we all have to do this. We make our trade-offs and we take our chances. And these things are important. But by and large, we're talking about, you know, the edges of what are really interesting and exciting technological devices.

CORNISH: Well, Bruce Schneier, thank you so much for speaking with us.

SCHNEIER: Thank you.

CORNISH: That was security technologist Bruce Schneier. Transcript provided by NPR, Copyright NPR.