The coming smart-thing apocalypse

Journalist

Updated Thu, Oct 29, 2015, 4:00 PM·4 min read

Bad Password is a hacking and security column by Violet Blue. Every week she'll be exploring the trendy new cyberhysteria, the state of the infosec community and the ever-eroding thing that used to be called "privacy." Bad Password cuts through the greed, fearmongering and jargon with expertise, a friendly voice and a little levelheaded perspective.

Like some people I know familiar with the ins and outs of digital surveillance (and startle like housecats when an app makes a geolocation request) I don't own any "smart" home items. My 1913 flat is well-connected to the internet, and my living room is a hacker's honeycomb hideout of entertainment playthings, but I'm far too pleased with my paranoia to own something from the class of spyware and advertising honeypottery known as the Internet of Things.

I'm also fairly certain that if I did own, say, a "smart" refrigerator, I'd accidentally trip over a setting in Transmission and download tentacle porn to the fridge. Which would mutate with malware being served to the interstitial ad I had to sit through to when I wanted eggs or milk, and I'd be assimilated in short order. This is how the rise of the machines begins; mark my words.

But if headlines are a reliable barometer for Skynet hysteria (spoiler: They are) it's easy to believe it's time to stockpile supplies, homemade paper-making kits and possibly a sundial and an abacus. Just in case hackers and/or your gadgets rise up and extract vengeance. In this spirit, last July, news outlets shouted that you should patch your Chrysler vehicle before hackers kill you. Which ones are the hackers who will take over our coffeemakers and our Jeeps and kill us, exactly? Well, in this instance, that would be the hackers who co-orchestrated the Jeep-hacking publicity stunt. So, you know, look out for those guys.

It's still important that we hear the note of the truth buried in clickbait's siren song. Many of the Internet of Things hacks pulled from headlines and editorialized on highbrow shows like CSI: Cyber are based on real, reproducible exploits. Yes, a baby monitor can be hacked, but it's for very specific models and no one is going to hack it so they can sell your baby on the darknet (CSI: Cyber S01E01, "Kidnapping 2.0").

Seriously, it's not "the hackers" I worry about. (Yes, I have tape over every camera and microphone in the house, but who doesn't these days?) No, what I worry about with things like WiFi thermostats and smart versions of boilers, locks, lamps, microwaves, dishwashers, dryers, outlets and smoke detectors is their software. And, like all things with software in them, a dev somewhere probably meant to send it for a code audit, or eliminate the hard-coded password, or file a patch, or tell comms that customers urgently need to update the firmware on their smart toilet. But ultimately they were distracted by the chance to eat a dozen tacos for $2.

Web app security company Veracode wrote in The Myth of the Smart Home Power User, "The problems [these] researchers identified were the kinds of things we in the security industry were writing about 10 or 15 years ago: a lack of basic authentication requirements to access administrative interfaces, open ports that leave the devices discoverable to internet scans, no privilege separation for user accounts and hard-coded passwords."

I'm not joking about the toilet as an attack vector, either. Veracode added, "In one example: A brand of 'smart' toilet by a prominent Japanese firm has the same, hard-coded Bluetooth passcode, '0000,' which is (coincidentally) a common default sync passcode for many Bluetooth-enabled devices, creating the possibility of a whole new category of 'overflow' attacks."

Or, you could just end up without hot water for six weeks, like this guy.

Still, how realistic is it for malicious hackers to take over my toilet? What are the chances of the next Lizard Squad deciding to weaponize my lavatory for the lulz?

Pretty low on all fronts, I'd say. In reality, hackers have shit to do, and it usually involves money.

The most we have to worry about with smart devices is their stupidity. And, absent acts of malice (like Volkswagen's shady emissions practices), that living in a state of irrational, omnipresent fear of household appliances is the cost of a connected world.

[Image credit: Getty Images]

Engadget
Huawei has been secretly funding research in America after being blacklisted
Huawei has been secretly funding research in America after being blacklisted. The company has been funneling money through a Washington-based foundation and a research competition at universities.
12m ago
Engadget
Amazon CEO's anti-union comments broke federal laws, labor judge rules
A NLRB judge ruled this week that Amazon CEO Andy Jassy broke federal labor laws by suggesting employees would be less empowered and better off without unions.
1h ago
Engadget
You can finally use passkeys to sign into your Microsoft account
Microsoft is celebrating World Password Day by helping to kill them. The company has finally launched consumer passkey support for Microsoft accounts, nearly two years after Apple and Google.
3h ago
Engadget
Peloton’s pandemic-era fairy tale is officially over
Peloton is struggling, as it is laying off 15 percent of its workforce. The CEO is also stepping down.
3h ago
Engadget
The best noise-canceling earbuds for 2024
Active noise cancellation is a big feature on most wireless earbuds now. These are the best noise-canceling earbuds you can get today.
4h ago
Engadget
Over 200 militia groups and users are using Facebook to organize nationwide, new report states
Extremist militia groups are using Facebook to spread conspiracy theories and organize.
5h ago
Engadget
Apple discounts MLS Season Pass to $69 for the rest of the season
Apple is now selling the pass, which typically costs $99, for $69 for the remainder of the 2024 season
5h ago
Engadget
Bose's SoundLink Max is its largest portable Bluetooth speaker with 20-hour battery life
Bose's largest portable Bluetooth speaker is built for the outdoors.
6h ago
Engadget
Audible is testing book recommendations based on your Prime Video habits
Audible is launching a new recommendation category based on your Prime Video data.
6h ago
Engadget
The best smart home gadgets for your first apartment
The Engadget staff has reviewed many smart home devices and these are the ones we think will work great in a new apartment or for anyone just getting acquainted with having a connected home.
7h ago
Engadget
Google says its secure entry passkeys have been used a billion times
As part of World Password Day, Google is hyping up its achievements in that area and sharing updates on its latest efforts to bolster security
7h ago
Engadget
The Morning After: Microsoft’s OpenAI partnership was born from Google AI envy
The biggest news stories this morning: TikTok might be trying to circumvent Apple’s in-app purchase rules, Batman: Arkham Shadow is the first big exclusive VR game for the Quest 3, Rabbit denies claims its R1 virtual assistant is a glorified Android app.
7h ago
Engadget
Crunchyroll announces first price hike since Funimation purchase
Crunchyroll, like many other streaming services recently, is raising its subscription prices
8h ago
Engadget
Olivia Rodrigo, Drake and other Universal artists return to TikTok
TikTok and Universal Music Group have signed a deal that will allow Taylor Swift, Olivia Rodrigo, The Weeknd and other artists to return to the platform.
9h ago
Engadget
The best budget wireless earbuds for 2024
Here are the best budget wireless earbuds you can get right now, each of which comes in at $100 or less.
6 months ago
Engadget
T-Mobile finally owns Ryan Reynolds-backed Mint Mobile
Over a year after announcing it would acquire Mint Mobile for up to $1.35 billion, T-Mobile has closed the deal.
10h ago
Engadget
Anthropic now has a Claude chatbot app for iOS
Anthropic has released a Claude mobile app for iOS that any user can download for free.
11h ago
Engadget
Take-Two is shutting down the studios behind Rollerdrome and Kerbal Space Program 2
This one's a bummer.
18h ago
Engadget
Snapchat will finally let you edit your chats
Snapchat will finally join most of its messaging app peers and allow users to edit their chats.
20h ago
Engadget
A researcher is suing Meta for the right to ‘turn off’ Facebook’s news feed
The Knight First Amendment Institute at Columbia University is suing Meta on behalf of a researcher who wants to release a browser extension that would allow people to “effectively turn off” their algorithmic feeds.
21h ago

The coming smart-thing apocalypse

Latest Stories

Huawei has been secretly funding research in America after being blacklisted

Amazon CEO's anti-union comments broke federal laws, labor judge rules

You can finally use passkeys to sign into your Microsoft account

Peloton’s pandemic-era fairy tale is officially over

The best noise-canceling earbuds for 2024

Over 200 militia groups and users are using Facebook to organize nationwide, new report states

Apple discounts MLS Season Pass to $69 for the rest of the season

Bose's SoundLink Max is its largest portable Bluetooth speaker with 20-hour battery life

Audible is testing book recommendations based on your Prime Video habits

The best smart home gadgets for your first apartment

Google says its secure entry passkeys have been used a billion times

The Morning After: Microsoft’s OpenAI partnership was born from Google AI envy

Crunchyroll announces first price hike since Funimation purchase

Olivia Rodrigo, Drake and other Universal artists return to TikTok

The best budget wireless earbuds for 2024

T-Mobile finally owns Ryan Reynolds-backed Mint Mobile

Anthropic now has a Claude chatbot app for iOS

Take-Two is shutting down the studios behind Rollerdrome and Kerbal Space Program 2

Snapchat will finally let you edit your chats

A researcher is suing Meta for the right to ‘turn off’ Facebook’s news feed

About

Sections

Contribute

Buying Guides