A New Type of SHTF Disaster: IoT

Some possible disasters are easy to understand and imagine, such as: hurricanes, earthquakes, power outages, etc. Other disasters are less readily apparent. I’ve posted previously on how an extended nationwide internet outage would collapse the economy and empty grocery store shelves. Yes, if the internet goes down, people will starve.

Now I’m going to describe another strange problem, based on IoT — the Internet of Things. This term, IoT, refers to ordinary non-computer objects that become computerized and connected to the internet: smart light bulbs, cameras, DVRs, fitness bands (e.g. fitbit), smart watches, cars, door locks, and who knows what else. Name a product and there is a company somewhere trying to computerize it and connect it to the internet.

Recently, there was a widespread internet outage caused by a DDoS, distributed denial of service, attack. In this hack, a malicious software program is implanted, unusually in computers, and then those computers are used by that malware to rapidly and repeatedly request pages from a particular website, until the number of requests overwhelms the server and shuts down the site.

But in the recent outage, the attack target was a company, Dyn, which does domain name registration. Taking down Dyn servers had the effect of shutting down many websites, causing the massive outage. How was this accomplished? Not in the usual way. Not with computers, but with the Internet of Things. In particular, DVRs and web cams were infected with malware, and used to unleash the DDoS attack. Why? because the IoT is much less secure than computers. A personal computer has an operating system with built-in security, which is updated to fix security bugs. And the computer may have anti-virus or anti-malware software as well. But the IoT is much less well protected.

And we will soon reach the point where the IoT outnumbers personal computers. That means that DDoS attacks will become more common.

But another problem with the IoT is malware that directly takes control of these Things. Security expert Bruce Schneier describes a Self-Propagating Smart Light Bulb Worm. A popular smart light bulb, that is (for no good reason that I can discern) connected to the internet and to other such light bulbs, is vulnerable to hackers:

“Within the next few years, billions of IoT devices will densely populate our cities. In this paper we describe a new type of threat in which adjacent IoT devices will infect each other with a worm that will spread explosively over large areas….”

“In particular, we developed and verified such an infection using the popular Philips Hue smart lamps as a platform. The worm spreads by jumping directly from one lamp to its neighbors…. The attack can start by plugging in a single infected bulb anywhere in the city, and then catastrophically spread everywhere within minutes, enabling the attacker to turn all the city lights on or off, permanently brick them, or exploit them in a massive DDOS attack.”

Hackers could potentially gain control over light bulbs. That doesn’t seem so bad. Until you realize that these bulbs can be used to crash the internet, and that control over other IoT devices could be more devastating.

Soon all new cars will be internet connected. There have already been stories on the Jeep Uconnect system, that could be hacked to give hackers control over the vehicle: steering, brakes, everything needed to crash cars. Imagine a self-driving car, hacked so that a criminal or terrorist could control the vehicle. OK, now imagine a fleet of said cars, hacked all at once and controlled together. Bloody Hell. Why must everything be connected to the internet?! Why isn’t security better on whatever is connected? This is going to be a serious problem in the not-so-distant future.

Preppers! There are some new possible disasters taking shape in our society. Don’t ignore these new types of threats. Keep apprised of these new developments.

– Thoreau

One Response to A New Type of SHTF Disaster: IoT

  1. Wow, I never thought of this. An additional think about IoT items is they are used to the degree computers are. On your computer, you open up many browser tabs, while running 5 programs. Sometimes you notice something is wrong because of all this activity. If your thermostat is still working right, you might ever think to look for a bug.

    Perhaps we need a group like Underwriter Laboratories to certify these devices are secure and to have regular updates on them.