Internet of Things: The web’s Achilles’ heel?
“When the internet apocalypse comes, your smart thermostat may be to blame,” said Jamie Condliffe in TechnologyReview.com. Huge swaths of the U.S. internet were crippled last Friday, after hackers seized control of hundreds of thousands of internet-connected devices to conduct a series of massive distributed denial of service (DDoS) attacks. The assailants hijacked household smart items like webcams, DVRs, and baby monitors and used them to attack Dyn, a New Hampshire–based domain name system host. With an army of enslaved gadgets overwhelming Dyn’s servers with bogus data requests, web users were blocked from reaching some of the most popular sites on the internet, including Twitter, Netflix, and Spotify. There have been unconfirmed claims of responsibility for the attacks from hacking collectives, but their motivation remains unclear. Of course, DDoS attacks are “nothing new,” but until now hackers have mostly used malware to take over computers. (See Briefing, page 11.) As the number of smart devices keeps growing, so does “the number of potential tools available to people looking to turn them into weapons.”
The lesson here: “Just because we can connect a toaster or a fridge to the internet doesn’t mean we should,” said Jacob Silverman in NewRepublic.com. The much-ballyhooed “Internet of Things” has made devastating cyberattacks much easier to pull off. Many smart-device manufacturers “have either not considered security or simply see it as an expensive inconvenience.” Devices often ship with widely used default passwords, such as “1234” or “password,” that can’t be changed. Mirai, the malware used in this particular attack, scours the web for such vulnerable devices, looking for 68 different default username/password combinations. “Making matters worse,” the source code for Mirai was published on the web last month, meaning it’s now “available to practically anyone.”
“Will all those new devices be mothballed in favor of security?” asked Adario Strange in Mashable.com. Don’t bet on it. Research firm Gartner estimates that 6.4 billion connected products will be in use worldwide this year, up 30 percent from 2015. That number is expected to increase to 20.8 billion by 2020. In other words, “the metaphorical robot butler has already left the factory, and people really, really like their robot butlers.” The dream of a connected future is rapidly turning into a “nightmare,” said Oliver Staley in Qz.com. In the years ahead, the machines that will be hacked might not be “relatively harmless gadgets” like cameras and baby monitors, “but potentially lethal tools like cars.” Silicon Valley moguls have largely waved off such concerns, but the warning signs can’t be ignored any longer. “Our crippling vulnerability to malicious attacks is a problem created by technology, and if [companies] can’t fix it, governments must.”
Innovation of the week
Your smartphone screen could soon be part of your car’s windshield, said Signe Brewster in TechnologyReview.com. Navdy is a futuristic, headsup display that allows drivers to get directions and notifications without taking their eyes off the road. The device, which connects to your smartphone, is affixed just above the steering wheel and projects a transparent display onto the windshield. Navdy can display maps and navigation; incoming calls and texts; and music, all of which drivers can scroll through using a small click wheel that attaches to the steering wheel. Notifications can be accepted or dismissed with a wave of the hand. Eventually, “the dream for heads-up displays is a device that can seem to place directions directly on the road in front of the driver.” Similar headsup displays are already “trickling into luxury cars,” but the $799 Navdy can be attached to any vehicle dashboard built after 1996.
Bytes: What’s new in tech
Your face is your password
A growing number of companies and government agencies are asking people to snap selfies in lieu of entering a password, said Trisha Thadani in The Wall Street Journal. Facial recognition software works by converting thousands of facial measurements into a unique ID code that can then be checked against a photo on file. MasterCard’s newly launched Identity Check Mobile app, for example, prompts customers to snap a self-portrait to verify online purchases, requiring them to blink “so no one can beat the system by substituting a printed photo.” The tax departments of Alabama and Georgia plan to similarly authenticate tax returns filed online. Some cybercrime experts, however, warn that current facial recognition technology isn’t yet inherently more secure than a password, especially as hackers become more sophisticated.
LinkedIn rethinks endorsements
LinkedIn is “trying to steer endorsements back to business,” said Ingrid Lunden in TechCrunch.com. Endorsements allow users of the professional social network to tag their contacts with one- or two-word descriptions of their professional skills. But the feature, introduced in 2012, has become overrun with spam and inside jokes, like endorsements for “punching” or “chewing gum.” Now, Linked In says it will use artificial intelligence to show endorsements that are most relevant to whoever is viewing a user’s profile. It will also feature better targeting, “so that when you would like a peer to verify your skill, LinkedIn will send that recommendation to a person who is more likely to fulfill it.”
Concerts put phones on lockdown
Entertainers are putting their fans’ smartphones in temporary jail, said Janet Morrissey in The New York Times. Performers like Alicia Keys, Dave Chappelle, and Guns N’ Roses have recently turned to a service called Yondr to ensure phone-free events. “Fans are required to place their cellphones into Yondr’s form-fitting lockable pouch when entering the show, and a disk mechanism unlocks it on the way out.” The fans keep their pouches, but it’s impossible to use the phones during the show. Some artists have embraced Yondr as a way to prevent their paid performances from being recorded and ending up on social media. Others like how it keeps fans focused on the show. “The technology has been used in 57 venues and 300 schools in 2016, up from five venues in 2015.”