Robin Miller for Slashdot: This is Tom Henderson. You’ve seen him with us before and you’ll probably see him with us again. Today, we are talking about something he wrote about how a tea kettle -- yes, an internet of thingies thing – can be used to hack your network. So what’s up with that, Tom? Should we unplug everything?
Tom: Robin, it might be that case. Consider the fact of the iKettle. The iKettle comes with a wonderful module that you can take your cell phone off, one of these
Tom: ...and turn it on and turn it off. And it has a module inside of its base that has all of the security of an egg, and can be cracked as easily. You can drive by, you can break it open, watch all of the yolk and egg white just run all over the counter. Now you might have bought this because -- Hey! It is convenient—you need to have that wonderful cup of tea. Tea is my favorite. I drink quite a bit of tea every day now that I’ve quit coffee. I feel better for having done so, hey let me take a sip.
Slashdot: I have coffee for you; don’t worry.
Tom: Thank you. So here’s what ends up happening. Because you can crack this thing open like anything it takes no talent at all, although there is a really interesting video on Slashdot which is where I derived my blog from. Yes, you can come by, break open all of this, match all of the keys and passwords and hey! Suddenly you are on the same network. Well, let’s say that same network happens to be in the employee lounge of Mr. Large Organization.com.
Slashdot: Uh oh.
Tom: Suddenly we have a nexus and intro, a backdoor. That’s right. And we can target the rest of you, get rid of those as fast as you can because what can we do, we can read all your traffic. Oh, let’s see the person whose phone number we just go let’s go jump in there and see if they might have scripts with the encryption keys to AWS and all of your assets. Yum, better than tea, don’t you think?
Tom: Yeah, so there is this module and we don’t know if this same module has been somehow introduced into other “internet of thingies” products across the planet. What we do know is that there is a team of coders out there, who should be like the openings of every episode of that old famous TV show F Troop, lined up where we can snatch away every chevron, every epaulette, every sign of possible rank these coders had so that they can be demoted. Where is this stuff now? We don’t know.
Tom: Could it be in a pacemaker? Is that where that Wi-Fi code is? Can we dial up your heart with our cell phones and go, well, let’s see what kind of password we can find here folks.
Slashdot: I saw this on a TV drama show about heroic government employees who don’t know anything about computers, the kind who can guess a password watching the little lines of code go by on a screen, very artful trick. Anyway, they had a show where somebody had hacked baby monitors. Actually, that really happened too, in real life both.
Tom: It is still hacked Robin. You can still go out and use different strings to look at everything from burglar alarms all the way through to baby monitors that are now in the parents’ guest room, uh, let’s go watch some of that, hey guys, but what we also have here is a total disconnect. Imagine we let these devices come into the country to begin with, because we happened to have invented them we have insurance liability costs that are soaring through the roof because of different breaches that we have had, and now instead of doing things like testing every product to make sure that there is no ¼ inch hole that you can put a rod through and therefore, electrocute yourself. Underwriters laboratories.
Tom: C-S-A-T-U-V and the whole alphabet soup of insurance underwriting folks need to get on the ball, and they need to have a new section of their test regimens or stupid Wi-Fi modules. Why? Because they are going to become prevalent. Who knows what you can bring into an organization that has integral Wi-Fi, you can’t be cracked open like that same proverbial egg, thus exposing still another easy – pretty easy that.
Slashdot: And you know, what I 'veI been hearing? Separate stuff, not from the technology people, but from insurance people, I follow them too a little, car insurance. Really, I mean the insurance companies, they have some smart people working in the back running their big UNIX mainframes and stuff and some of those smart people came up to the front ofice where your executive work and said, you know, Mr. Boss, you see that thing where they hacked that Jeep Grand Cherokee and threw it in the mud? I saw that screen. Guy from the back, sir, says, well Mr. Boss it is real, they can do it to our insured parties.
Tom: Right. And so although these sorts of hacks hack today this being the end of October of 2015, and people will come back and they said, look at them burn, they were right, somebody hacked my car and now I am in heaven.
Slashdot: So we are back to the future and beyond. So we have no idea, we don’t even have Marty McFly’s vision forward over the edge.
Tom: We simply have lightning bolts at 88 miles per hour—that’s it. So we have all of these great automotive components which are trying to be okay because Congress in the United States tries to enact legislation thus possibly leaving the world, who knows these days, to make all of that code opaque so it can’t be hacked. So that you can’t get inside of it, you can’t correct, you don’t even know if it has been updated. How would you like to be going down the road, and suddenly you see on your console “update failed.” Jeez! What does that mean? Now we have all of these Wi-Fi devices that are out in the world. We have no idea what the quantity is because nobody is going to investigate this, at any level. We don’t know how many of those devices are out there, and how many of them can be hacked except that if we randomly find one, cool, well, let’s see what we can do.