Why ‘Smart’ Objects May Be a Dumb Idea
By Zeynep Tufekci

A FRIDGE that puts milk on your shopping list when you run low. A safe that tallies the cash that is placed in it. A sniper rifle equipped with advanced computer technology for improved accuracy. A car that lets you stream music from the Internet.

All of these innovations sound great, until you learn the risks that this type of connectivity carries. Recently, two security researchers, sitting on a couch and armed only with laptops, remotely took over a Chrysler Jeep Cherokee speeding along the highway, shutting down its engine as an 18-wheeler truck rushed toward it. They did this all while a Wired reporter was driving the car. Their expertise would allow them to hack any Jeep as long as they knew the car’s I.P. address, its network address on the Internet. They turned the Jeep’s entertainment dashboard into a gateway to the car’s steering, brakes and transmission.

A hacked car is a high-profile example of what can go wrong with the coming Internet of Things — objects equipped with software and connected to digital networks. The selling point for these well-connected objects is added convenience and better safety. In reality, it is a fast-motion train wreck in privacy and security.

The early Internet was intended to connect people who already trusted one another, like academic researchers or military networks. It never had the robust security that today’s global network needs. As the Internet went from a few thousand users to more than three billion, attempts to strengthen security were stymied because of cost, shortsightedness and competing interests. Connecting everyday objects to this shaky, insecure base will create the Internet of Hacked Things. This is irresponsible and potentially catastrophic.

That smart safe? Hackers can empty it with a single USB stick while erasing all logs of its activity — the evidence of deposits and withdrawals — and of their crime. That high-tech rifle? Researchers managed to remotely manipulate its target selection without the shooter’s knowing.

Home builders and car manufacturers have shifted to a new business: the risky world of information technology. Most seem utterly out of their depth.

Although Chrysler quickly recalled 1.4 million Jeeps to patch this particular vulnerability, it took the company more than a year after the issue was first noted, and the recall occurred only after that spectacular publicity stunt on the highway and after it was requested by the National Highway Traffic Safety Administration. In announcing the software fix, the company said that no defect had been found. If two guys sitting on their couch turning off a speeding car’s engine from miles away doesn’t qualify, I’m not sure what counts as a defect in Chrysler’s world. And Chrysler is far from the only company compromised: from BMW to Tesla to General Motors, many automotive brands have been hacked, with surely more to come.

Dramatic hacks attract the most attention, but the software errors that allow them to occur are ubiquitous. While complex breaches can take real effort — the Jeep hacker duo spent two years researching — simple errors in the code can also cause significant failure. Adding software with millions of lines of code to objects greatly increases their potential for harm.

The Internet of Things is also a privacy nightmare. Databases that already have too much information about us will now be bursting with data on the places we’ve driven, the food we’ve purchased and more. Last week, at Def Con, the annual information security conference, researchers set up an Internet of Things village to show how they could hack everyday objects like baby monitors, thermostats and security cameras.

Connecting everyday objects introduces new risks if done at mass scale. Take that smart refrigerator. If a single fridge malfunctions, it’s a hassle. However, if the fridge’s computer is connected to its motor, a software bug or hack could “brick” millions of them all at once — turning them into plastic pantries with heavy doors.

Cars — two-ton metal objects designed to hurtle down highways — are already bracingly dangerous. The modern automobile is run by dozens of computers that most manufacturers connect using a system that is old and known to be insecure. Yet automakers often use that flimsy system to connect all of the car’s parts. That means once a hacker is in, she’s in everywhere — engine, steering, transmission and brakes, not just the entertainment system.

For years, security researchers have been warning about the dangers of coupling so many systems in cars. Alarmed researchers have published academic papers, hacked cars as demonstrations, and begged the industry to step up. So far, the industry response has been to nod politely and fix exposed flaws without fundamentally changing the way they operate.

In 1965, Ralph Nader published “Unsafe at Any Speed,” documenting car manufacturers’ resistance to spending money on safety features like seatbelts. After public debate and finally some legislation, manufacturers were forced to incorporate safety technologies.

No company wants to be the first to bear the costs of updating the insecure computer systems that run most cars. We need federal safety regulations to push automakers to move, as a whole industry. Last month, a bill with privacy and cybersecurity standards for cars was introduced in the Senate. That’s good, but it’s only a start. We need a new understanding of car safety, and of the safety of any object running software or connecting to the Internet.

It may be hard to fix security on the digital Internet, but the Internet of Things should not be built on this faulty foundation. Responding to digital threats by patching only exposed vulnerabilities is giving just aspirin to a very ill patient.

It isn’t hopeless. We can make programs more reliable and databases more secure. Critical functions on Internet-connected objects should be isolated and external audits mandated to catch problems early. But this will require an initial investment to forestall future problems — the exact opposite of the current corporate impulse. It also may be that not everything needs to be networked, and that the trade-off in vulnerability isn’t worth it. Maybe cars are unsafe at any I.P.

物聯網 危機重重？

塔費克奇(Zeynep Tufekci)是美國北卡羅來納大學的學者，她長期關心網路世界的議題。最近她在紐約時報發表一篇名為「物聯網時代可能危機重重（Why ‘Smart’ Objects May Be a Dumb Idea）」的評論，直指物聯網可能帶來的種種危機，目前已經被全球500多萬個網站轉貼或引用。

在這篇文章裡，塔費克奇提出了一個引起廣大回響的論點。她指出，資訊安全問題在物聯網時代可能引發更大的危機。

過去的電腦病毒和駭客所造成的傷害都是在電腦系統裡，頂多造成電腦的當機或崩潰。但是在物聯網時代，資訊安全問題卻可能傷害人身甚至公共安全。

2015年7月，美國兩位駭客Valasek和Miller進行了一場公開的實驗來攻擊物聯網。他們坐在家裡的沙發上，利用筆記型電腦透過3G網路連線侵入了一輛正在高速公路上的Jeep Cherokee休旅車的資訊娛樂系統，進而接管了整部車的電腦系統，做了一場劫持汽車的表演。

這個實驗的目的在說明未來物聯網時代可能會對生命造成多大的危險。這一次的實驗也導致140萬輛汽車被召回調整行車電腦系統。

除了汽車，駭客們也對物聯網時代的資訊安全劇情做了一些不同的想像，比如：

1、加油站的儲油槽如果被人動手腳是件相當危險的事，由於汽油的揮發性很高，如果油量表因為遭到篡改而導致油氣外洩，那麼只要遇到一點點的火花，就足以引發一片火海。駭客有能力從遠端竄改油量表，許多石油公司的油槽監控系統就與網際網路相通。

2、入侵客機的娛樂系統取得升降控制權，美國就有駭客聲稱可以利用手提電腦侵入客機裡的娛樂系統，進一步控制飛機升降。

3、入侵太空站，美國駭客在2012聲稱已成功入侵美國太空總署的控制中心電腦，並從中改變了 NASA 太空站的恆溫設定，從而改變太空站溫度。

各種對於物聯網安全的討論裡，各界專家都不約而同的聚焦在一個議題上。大家普遍認為，要讓物聯網的安全得到最基本的保障，最重要的工作是儘速建立各項系統標準。

目前物聯網的各種系統不像Windows及Mac一樣擁有平台標準，這也讓安全專家無法領先駭客來開發防禦方案。但是對駭客來說，要針對物聯網設備入侵的話，只要花時間調查目標的控制器結構（更甚者可從中輕易的發現漏洞），那麼入侵的難度其實不大。

當整個世界都在關注物聯網的發展，物聯網的安全問題顯然更值得關心，這個議題不解決，再強大的科技只會帶來更大的災難。就像汽車工業在不斷提升引擎性能的同時，也得同步去發展更先進的剎車系統。

原文參照：
http://www.nytimes.com/2015/08/11/opinion/zeynep-tufekci-why-smart-objects-may-be-a-dumb-idea.html

2015-10-05．經濟日報．A18．經營管理．吳仁麟