To keep an eye on his child via his smartphone, Marc Gilbert installed Internet-connected video baby monitors in his home in Houston.
One evening, Gilbert heard a stranger’s voice bellowing obscenities from the monitor. He disconnected the device after realizing that it had been hacked.
“I’m a pretty technical guy, and I thought I knew how all this stuff should be hooked up,” said Gilbert, who has written several letters to his congressman and other elected officials, trying to bring the security issue to their attention.
For decades, hackers have used the Internet to break into network routers, personal computers and advanced industrial devices.
But now, a whole new generation of often-mundane household devices is being connected to the Internet – and hackers are having a field day.
Thanks to smaller, cheaper processors, speedier wireless connections and the explosion of smartphones and tablets, it’s becoming easier and more affordable to digitally link just about any object – sports equipment, watches, light bulbs, washing machines, thermostats.
If you can think of it, someone has probably stuck a sensor on it and connected it to the Internet.
Like a PC, the devices have operating systems and processors. And when they are connected to the Internet, hackers can break in and seize control.
Manufacturers and consumers haven’t taken the same security precautions as they would with a PC, however, enabling hackers to turn seemingly innocuous gadgets into drones that can be used to spread malicious spam or launch a massive cyberattack – disrupting services or shutting down entire networks.
Even more frightening for many security experts is the prospect that the hackers could cause physical harm to people by shutting off thermostats, cars or even medical devices.
Such fears led doctors to turn off the wireless functionality of a heart implant in former Vice President Dick Cheney, out of concern that someone might hack it and attempt to kill him.
“It’s the Wild West out there again,” said Tommy Stiansen, co-founder of Norse Corp., a San Mateo, Calif., cybersecurity firm whose threat-detection team has discovered a wide range of devices being hacked. “The number of devices that have been compromised is staggering.”
Such attacks are expected to multiply with the proliferation of Internet-connected devices. By 2050, analysts project, there will be 50 billion Internet-connected devices, or five such gadgets for every man, woman and child on the planet.
Consumers for the most part are helpless because they usually have no idea their gadgets have been commandeered.
A home wireless router can be configured to provide some rudimentary protections, but most users typically turn on the firewall or anti-virus software on their PCs, thinking that would be enough. And as such, the wireless router becomes an unlocked door of sorts for hackers to gain access to the household devices.
Proofpoint Inc., a Sunnyvale, Calif., cybersecurity company, tracked a global attack this year that sent 750,000 malicious emails from more than 100,000 gadgets – including home Wi-Fi routers, TVs, DVRs and even a refrigerator.
“How do you update the software on your refrigerator?” Proofpoint Chief Executive Gary Steele said. “I don’t even know how you do that.”
When Gilbert, a technician for an oil company, discovered that his baby monitor had been hacked, he ripped out the entire home network and rebuilt it from scratch.
His wife, he said, taped over webcams installed in their laptops and PCs. And he was particularly disturbed to learn there was even a search engine devoted to helping hackers find Internet-connected devices, sometimes including the passwords to gain access to them.