22 October, 2016
If you tried to use Twitter, Spotify, or any one of a few thousand websites yesterday, you weren’t able to connect. That’s because (long story short) a hacker used around 300,000 household appliances to flood an internet provider and take it offline. It turns out that household devices like the Egg Minder (an egg tray that sits in your fridge and reports your egg status via wi-fi) are, as you’d imagine, equipped with poorly-secured operating systems that were not properly vetted for security holes in the manner that your phone and computer are.
It’s been known for years that most wi-fi security cameras (above) have default logins/passwords, or in some cases, no security at all. But your wi-fi crockpot can also be used as a source of traffic in denial-of-service attacks, as well as your wi-fi scale, wi-fi thermostat, and your “smart” TV. Almost any appliance that has an embedded operating system and connects to the internet can be used to carry out these attacks, and almost all of them use an older OS with known security holes that can be exploited.
There’s something compelling about being able to control your house’s lights from your phone for many people, and I won’t begrudge consumers for buying things they think will make them happy. I will, however, begrudge companies who are going to literally destroy the entire fucking internet so they can sell a $160 box that drops dog treats out of a hole in the front when you press a button on your phone.