Vint Cerf: The Headline I Fear Is '100,000 Fridges Hack Bank of America'
But it's the only way we'll learn.
When the ILOVEYOU worm struck on May 4, 2000, it thrust the reality of computer vulnerabilities into the public consciousness in a very big way.
Sure, computer worms had spread before, but some estimates pegged this particular worm as causing billions of dollars in damage. Entire government departments were crippled. The nature of its spread was unprecedented in scale.
What had once been merely a plot line for Hollywood movies had now become very, very real.
But ILOVEYOU's impact was no coincidence. Computers, once merely a tool for business, were now everywhere—most importantly, in the home. More and more people were going online for the first time. A critical mass of computer ownership and connectivity had been reached, enabling this worm, more than others, to truly, dangerously spread.
And as some are beginning to realize, we're at that point again, now. People are now buying refrigerators, washing machines, baby monitors, buttons, clocks and thermostats that can all connect to the internet. Smartphone-connected products that once read like a parody—your cupboard doors, your showerhead, your toilet, your curtains and blinds—are all inevitably going to end up online.
Soon, these devices will reach a critical mass, and a hack or an attack will happen on such a scale that only then will everyone realize the cost. It won't be until—as Vint Cerf, one of the co-creators of the internet, explained in a recent Motherboard interview—headlines read "100,000 refrigerators attack Bank of America" that we'll start to take note."It's not a silly headline, because the computers we use today to build into appliances may actually turn out to be pretty powerful machines," Cerf explained. "It's hard to get a dumb computer these days, or an inadequate one, and so they could be running operating systems like Linux or Chrome or Android, and you could outfit them with malware that allows that refrigerator, not only to do all the thing it's supposed to do, but send out spam or launch denial of service attacks."
That's not to say the cost of having so many potential targets outweighs the benefits of having devices that track, automate, and control every aspect of our lives, and people are certainly thinking about the threats that such a potential world holds. But the perspective that security professionals have isn't yet shared by that of the mainstream.
Some will try to blame the users: that it will be our fault for welcoming these devices into our homes. But is the onus really on us? We're being promised a new generation of devices that, on the surface, operate the same as they did before: lights that still illuminate, and cars that still drive. Is it fair that we understand the implications of how they've been re-wired to function and interconnect underneath?
Put another way, someone purchasing their fifth car has probably never stopped to consider the possibility of a hacker attacking it. Why would they start to consider those possibilities now? We're already so bad at keeping the software on our phones and computers up to date, that the chances we'll be proactive about updating our cars, fridges and lightbulbs seems relatively slim—and Cerf fears that it may not even be as easy to update in the first place.
"Some of the devices could be used for 10 or 20 or thirty years, and so figuring out, what's the path to make sure that they are protected is a big issue and needs attention," Cerf said.
More likely, it's going to take a big, catastrophic hack on a grand, connected scale before that shift begins to happen, and before people begin to even consider that such a vulnerabilities even exist.
Like the wake-up call of the ILOVEYOU worm, it might be the only way we'll learn.