August 11, 2015
Did Jeep hack throw a wrench into the Internet of Things?
The Internet of Things (IoT) is a wonderful place that exists sometime in the near future. Thermostats will independently change settings to maximize our comfort and reduce utility bill costs, while refrigerators will place orders for milk and eggs before we run out. But for all the good promised with this technological paradise, there are also risks, as evidenced by the report that hackers took complete control of a Jeep Cherokee from a remote position while the driver sat helplessly inside.
In the Jeep case, the passenger was a reporter for Wired, who worked with the two hackers to show vehicles could be hijacked remotely. The result was that FCA US LLC, recalled 1.4 million vehicles that were susceptible to the same type of attack. But, security experts warn that this was not a one-off situation and that a fully connected world holds perils that are not being adequately addressed by the manufacturers of smart devices. Simply put, if hackers can gain access to one device, they may be able to travel to others causing damage in their wake.
To be sure, the Jeep hack is not the first time that it was learned that outside parties up to no good could create mayhem. In June, it was reported that hackers could gain access to the camera and text messages on Samsung Galaxy phones. There have also been reports for years where hackers use "slaving" programs to take control of people’s computer cameras unawares.
![[Image: Jeep hack]](data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHZpZXdCb3g9IjAgMCAxIDEiIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIGRhdGEtdT0iJTJGcHVibGljJTJGaW1hZ2VzJTJGZGlzY3Vzc2lvbnMlMkYxODQ2NiUyRmplZXAtZGFzaC1zdGlsbC5qcGciIGRhdGEtdz0iMSIgZGF0YS1oPSIxIiBkYXRhLWJpcD0iIj48L3N2Zz4=)
"[With] any of these things in the Internet of Things, the considerations are the same," Rob Sadowski, director of technology solutions at RSA, a digital security company, told The Boston Globe. "How do I make sure I’m the ¬only one using this? How do I know there aren’t bad guys attacking it?"
- Hackers remotely kill a Jeep on the highway – with me in it – Wired
- After car hack, Internet of Things looks riskier – Beta Boston/The Boston Globe (tiered sub.)
- Why ‘Smart’ Objects Might Be a Dumb Idea – The New York Times (tiered sub.)
- Samsung Galaxy phone hack: SwiftKey vulnerability lets hackers easily take control of devices – The Independent
- ‘Tape Your Webcam’: Horrifying Malware Broadcasts You to the World – U.S. News & World Report
- Forget the Ashley Madison or Sony hacks – a crippling cyberattack is imminent in the US – The Guardian
BrainTrust
Paula Rosenblum
Co-founder, RSR Research
Cathy Hotka
Principal, Cathy Hotka & Associates
Recent Discussions
Discussion Questions
Will news of the Jeep hack slow the rush to the Internet of Things? What will the vulnerability of IoT devices mean for retailers stocking and selling them?
Poll
I think consumers already know, to tell you the truth. It’s “the industry” that has been plowing full-steam ahead with the notion of smart devices.
There may be some things that will slip in there, like smart thermostats, water shutoff valves and security systems (boy, that sounds like an oxymoron as I write it) … but overall, to expect consumers to buy them en masse is naive.
In any case, the retailers selling them would probably do well to put up disclaimers and warning signs on everything they sell: “We take no responsibility for hacks, etc., that come as a result of owning/using these products.” Somehow this feels less clear and intuitive when it comes to a refrigerator than it does for a computer. Lawsuits will follow.
My partner Nikki has long half-joked that she could see a massive attack that would force refrigerator doors shut until a $50 payment was made to an extortionist. It’s not as far fetched as it sounds.
The Internet of Things was always the Wild West when it came to security. The Jeep hack and recent Tesla hacks show that product developers have a long way to go to earn consumer trust. As long a consumers want them retailers will stock IoT items, but as the hacks receive greater attention in the news, expect consumers to become more wary of letting hackers into their lives, some to the point of endangering consumers’ physical well-being.
Today’s consumers don’t seem all that concerned with privacy or surrendering some controls (if it means some benefits as the saying goes). Despite the headlines on privacy there doesn’t seem to be a corresponding rush to the sidelines.
So as long as there are some real or perceived benefits or a coolness factor about connecting up devices to the internet, no doubt that trend will accelerate.
On the other hand, just wait until your car refuses to drive any further unless you start to pay attention to those Google Map directions. Three “recalculatings” and you’re out.
IoT is fine in select areas where security platforms exist and experts who leverage the technology understand hackers. SAP is big on IoT, but we have been around it and using it for years with our select solutions — especially in the SCM space.
Jeep, as many others have done or will do, was trying to ride the wave that the press world (the people with the least real life knowledge) were creating. People in the high-tech press are usually not involved in deployments or the real life of technology. They hunt for hype and find it and push it for trade show and circulation purposes.
Advice: If you have a IoT-driven home, disconnect it until you find out the real story behind your alarm system’s security and IoT links that hitch to your home internet or WAN. My alarm is driven by encrypted cellular with back up RF/FM signaling. Security must be secure. My garage doors use encrypted, random signaling that NEVER repeats the same sequence. Drives my wife nuts — but TRedd is secure.
No Nest in my house and all video cams are hardwired. Dare you to try and get in! Just added the new sensitive touchscreens to all windows. Touch the screens and you are busted — they also retail fingerprints very well due to fine mesh material.
There may be advantages in being dumb enough technology-wise that you can’t figure out how to use IoT devices, so you are never an early adopter!
There was a story on the news about this last night, with hackers from Def Con showing how to open the correspondent’s car doors using $32 worth of computer parts. That’s scary, but the idea of someone taking control of your car while you’re on the Beltway is really horrifying.
Data security remains the Wild West. Proceed at your own risk.
Hackers, ethical and otherwise, will continue to affect the marketplace, however the IoT is a freight train that will not slow down for anything. Business and consumers demand too much to slow it down.
The ability to remotely take over automobiles has been around for a while but this latest stunt managed to get us to pay attention. What might be a surprise is that 60 to 70 percent of all auto recalls are because of a software glitch. And we ain’t seen nothing yet! IoT, cloud storage and BYOD have exacerbated the problem by several orders of magnitude. The evil “They” can get to you through anything.
What to do with your IoT inventory should be the least of your concerns.
There are many areas where cyber security is pathetic to the point of being useless. Among them: seniors facilities, social agencies, schools and retail. If our federal government is porous, what makes us think we’re not?
I’m probably repeating this too often in RetailWire, but — “It’s the software Stupid!” As this paper attests, until you have fault-free software you are at risk. Some in the IT establishment insist that the Holy Grail of fault-free isn’t attainable. Don’t listen to them, it is now a reality.
This morning I submitted a piece to The Scientist in response to an article encouraging researchers to get involved in developing software source code in order to deal with Big Data. I noted the research that indicates that for every 100,000 lines of code there are about 750 faults, 250 of which very capable of producing computational errors or shutting your system down entirely. In your modern luxury car there can be as high as 100 million lines of code. You do the math. It takes only 18 million to fly a Dream Liner!
Companies producing IoT, smart homes or any software-based products will soon not be able to hide behind those disclaimers we all mindlessly agree to. Some companies have already been successfully sued because their lousy software caused a financial or physical problem.
The point here is: do something about your software quality. Best investment you’ll ever make. Worry about your inventory later.
Defective and even dangerous safety recall issues are now an established norm for the automotive industry. The public is happy, for the most part, to wait for a post card or to be informed at the service station or at trade in time of impending or necessary repairs. This same phenomenon is now owned throughout the electronics industry. And with the shorter product lifespans the effects are exponentially reduced. Are consumers less concerned for their lives and livelihood, as in credit and savings, than they are for appearances as in having the best and most modern utilities? Of course they are, and how sick is that?
Will it slow down the rush to fun, but hardly essential applications like self-ordering refrigerators ? Probably not and I don’t really care, because no one is going to hijack a kitchen appliance.
But what about a ship? Or an airliner? THAT concerns me (as I imagine it does everyone), but what to do about it? And we hoped HAL was a one off….
If anything, this story has in my opinion accelerated the rush to the Internet of Things.
The fact that this was headline news certainly increased awareness among consumers of the self-driving car. And it would be hard to argue the news weakened the resolve of auto makers to address security vulnerabilities. To the contrary, I expect it elevated investment levels among auto makers to address the security concerns raised.
In the end, I have no doubt the industry will address security issues sufficiently so that consumers will gladly purchase cars that are, on balance, safer than those that leave safety completely in the hands of the human behind the wheel.
Personally, I can’t wait for the day I can hop in my car, set the destination, grab a nap and arrive ready-to-go.
More Discussions
How Timely Is the Planned Lowe’s Website Renovation Focusing on Personalization?
Is Lowe’s being timely with its website reno, and is it right to be placed as…Should Costco Be Opening Members-Only Gas Stations?
Is this the right move for the warehouse club?As Boomers ‘Age Out of Peak Purchasing,’ How Can National Brands Retain Interest With Gen Z?
According to a recent First Insight study titled “Is Gen Z Still Choosing Your Brand,” while…
I think consumers already know, to tell you the truth. It’s “the industry” that has been plowing full-steam ahead with the notion of smart devices.
There may be some things that will slip in there, like smart thermostats, water shutoff valves and security systems (boy, that sounds like an oxymoron as I write it) … but overall, to expect consumers to buy them en masse is naive.
In any case, the retailers selling them would probably do well to put up disclaimers and warning signs on everything they sell: “We take no responsibility for hacks, etc., that come as a result of owning/using these products.” Somehow this feels less clear and intuitive when it comes to a refrigerator than it does for a computer. Lawsuits will follow.
My partner Nikki has long half-joked that she could see a massive attack that would force refrigerator doors shut until a $50 payment was made to an extortionist. It’s not as far fetched as it sounds.
The Internet of Things was always the Wild West when it came to security. The Jeep hack and recent Tesla hacks show that product developers have a long way to go to earn consumer trust. As long a consumers want them retailers will stock IoT items, but as the hacks receive greater attention in the news, expect consumers to become more wary of letting hackers into their lives, some to the point of endangering consumers’ physical well-being.
Today’s consumers don’t seem all that concerned with privacy or surrendering some controls (if it means some benefits as the saying goes). Despite the headlines on privacy there doesn’t seem to be a corresponding rush to the sidelines.
So as long as there are some real or perceived benefits or a coolness factor about connecting up devices to the internet, no doubt that trend will accelerate.
On the other hand, just wait until your car refuses to drive any further unless you start to pay attention to those Google Map directions. Three “recalculatings” and you’re out.
IoT is fine in select areas where security platforms exist and experts who leverage the technology understand hackers. SAP is big on IoT, but we have been around it and using it for years with our select solutions — especially in the SCM space.
Jeep, as many others have done or will do, was trying to ride the wave that the press world (the people with the least real life knowledge) were creating. People in the high-tech press are usually not involved in deployments or the real life of technology. They hunt for hype and find it and push it for trade show and circulation purposes.
Advice: If you have a IoT-driven home, disconnect it until you find out the real story behind your alarm system’s security and IoT links that hitch to your home internet or WAN. My alarm is driven by encrypted cellular with back up RF/FM signaling. Security must be secure. My garage doors use encrypted, random signaling that NEVER repeats the same sequence. Drives my wife nuts — but TRedd is secure.
No Nest in my house and all video cams are hardwired. Dare you to try and get in! Just added the new sensitive touchscreens to all windows. Touch the screens and you are busted — they also retail fingerprints very well due to fine mesh material.
There may be advantages in being dumb enough technology-wise that you can’t figure out how to use IoT devices, so you are never an early adopter!
There was a story on the news about this last night, with hackers from Def Con showing how to open the correspondent’s car doors using $32 worth of computer parts. That’s scary, but the idea of someone taking control of your car while you’re on the Beltway is really horrifying.
Data security remains the Wild West. Proceed at your own risk.
Hackers, ethical and otherwise, will continue to affect the marketplace, however the IoT is a freight train that will not slow down for anything. Business and consumers demand too much to slow it down.
The ability to remotely take over automobiles has been around for a while but this latest stunt managed to get us to pay attention. What might be a surprise is that 60 to 70 percent of all auto recalls are because of a software glitch. And we ain’t seen nothing yet! IoT, cloud storage and BYOD have exacerbated the problem by several orders of magnitude. The evil “They” can get to you through anything.
What to do with your IoT inventory should be the least of your concerns.
There are many areas where cyber security is pathetic to the point of being useless. Among them: seniors facilities, social agencies, schools and retail. If our federal government is porous, what makes us think we’re not?
I’m probably repeating this too often in RetailWire, but — “It’s the software Stupid!” As this paper attests, until you have fault-free software you are at risk. Some in the IT establishment insist that the Holy Grail of fault-free isn’t attainable. Don’t listen to them, it is now a reality.
This morning I submitted a piece to The Scientist in response to an article encouraging researchers to get involved in developing software source code in order to deal with Big Data. I noted the research that indicates that for every 100,000 lines of code there are about 750 faults, 250 of which very capable of producing computational errors or shutting your system down entirely. In your modern luxury car there can be as high as 100 million lines of code. You do the math. It takes only 18 million to fly a Dream Liner!
Companies producing IoT, smart homes or any software-based products will soon not be able to hide behind those disclaimers we all mindlessly agree to. Some companies have already been successfully sued because their lousy software caused a financial or physical problem.
The point here is: do something about your software quality. Best investment you’ll ever make. Worry about your inventory later.
Defective and even dangerous safety recall issues are now an established norm for the automotive industry. The public is happy, for the most part, to wait for a post card or to be informed at the service station or at trade in time of impending or necessary repairs. This same phenomenon is now owned throughout the electronics industry. And with the shorter product lifespans the effects are exponentially reduced. Are consumers less concerned for their lives and livelihood, as in credit and savings, than they are for appearances as in having the best and most modern utilities? Of course they are, and how sick is that?
Will it slow down the rush to fun, but hardly essential applications like self-ordering refrigerators ? Probably not and I don’t really care, because no one is going to hijack a kitchen appliance.
But what about a ship? Or an airliner? THAT concerns me (as I imagine it does everyone), but what to do about it? And we hoped HAL was a one off….
If anything, this story has in my opinion accelerated the rush to the Internet of Things.
The fact that this was headline news certainly increased awareness among consumers of the self-driving car. And it would be hard to argue the news weakened the resolve of auto makers to address security vulnerabilities. To the contrary, I expect it elevated investment levels among auto makers to address the security concerns raised.
In the end, I have no doubt the industry will address security issues sufficiently so that consumers will gladly purchase cars that are, on balance, safer than those that leave safety completely in the hands of the human behind the wheel.
Personally, I can’t wait for the day I can hop in my car, set the destination, grab a nap and arrive ready-to-go.