Take everything you own — your reading lamp, your toaster, the door of your home — and add wi-fi capability to each one, maybe add a few sensors as well. Imagine that instead of living in a world where you have to flip everything on and off, it’s all a coordinated network of gadgets and gizmos that can sense when you’ve used them last, and anticipate when you might want them again. Extend that concept of self-activating, self-aware electronics to the rest of the world, coordinating everything from drawbridges to street lights, and you have the Internet of Things. “We need to empower computers with their own means of gathering information, so they can see, hear and smell the world for themselves,” writes Kevin Ashton, who first coined the phrase in a 1999 presentation at Procter & Gamble.
For the moment, let’s put aside the question of whether we’ve all been unnecessarily burdened by the need to reach over and switch on our reading lamps, and let’s ignore the fact that for most manufacturers the Internet of Things is a great excuse to sell you every appliance all over again. Consider instead that yes, there are real upsides to this technology. For one thing, building wi-fi into something like, say, a pacemaker could mean that an ambulance is sent to your door before you even know you’re having a heart attack. (Massachusetts-based Infobionic has a device, the MoMe Kardia, that transmits a patient’s heartbeat patterns in real-time to a physician.) Maybe the door even unlocks itself and swings open when the paramedics arrive. (At least three wifi-enabled door locks retail for less than $200 at the moment.) Coordination can be awesome. But there’s a downside, too.
Even the companies that claim to know something about Internet security — credit card companies, email providers — get hacked all the time, by everyone from simple extortionists to nation states. Hackers breached as many as 3 billion Yahoo! accounts, including everyone who had an account as of August 2013. And Experian, one of the three major clearinghouses for Americans’ credit histories, lost as many as 143 million people’s accounts to hackers in 2017. And those are companies we rely on to protect our privacy. Companies that make things like blenders, doors, and traffic lights don’t exactly specialize in protecting their passwords.
Cesar Cerrudo, chief technology officer of security research firm IO Active labs, revealed in 2015 that he was able to walk the streets of Washington, DC, and find vulnerabilities in signals at several intersections. (In essence, he revealed, when cities install traffic lights and other pieces of major infrastructure, they often leave the out-of-the-box passwords to the devices in place, making them easy to guess.) “Every day, cities incorporate a new ‘smart’ technology, without any testing,” he told the New York Times. “What they don’t realize is that they are putting citizens and businesses at risk.”
In other words, if all of our stuff is going to start taking orders from the Internet, we need to make sure we know who is giving those orders.