The IoT revolution is happening, whether we like it or not. And the reason is simple: Cost versus benefits. It's becoming very cheap to add Internet connectivity to appliances and things. When connectivity is cheap, the benefits don't have to be very large for vendors to adopt it.
In many cases, devices won't go online to benefit the consumer; rather, the benefit will be for the manufacturer. For example, home appliances can collect analytics about how and when they’re used, or about customers’ physical locations. Information like this is extremely valuable to vendors. This means that even the most mundane of machines, like toasters, will eventually go online – to collect data. Because data is the new oil.
That's not to say that the IoT won't offer consumer benefits – of course it will. Imagine the convenience of being able to fire up your coffee maker while you’re in bed or switch on your washing machine while you’re at work. Smart homes also offer improved safety – think of a security system that alerts you when it detects something suspicious. Energy efficiency is another benefit, one that translates to cost savings – take the example of a thermostat that optimizes performance based on your behaviours. And a host of other IoT innovations promise to boost our quality of life.
Do a Google image search for ‘smart home’ and you’re bombarded with visuals of sleek, polished living spaces in ultramodern white. But the problem with this whole picture, as attractive as it is, is that cyber security is too often missing from the design.
Cyber security, you see, is not a selling point for something like a washing machine. Selling points for washing machines are size, colour, price, load capacity, and wash programmes. Because security is not a selling point, appliance vendors can't invest a lot in it. This leads to insecure appliances. And we’ve already seen where that leads.
We’ve already seen several botnets targeting IoT, the biggest of them being the Mirai botnet. There were more than 100,000 hacked systems in the original Mirai attack network, and none of them were computers – they were all IoT devices. In other words, they were all appliances from our homes.
The existence of the Mirai botnet was possible because of the use of default login credentials on those devices.