(Photo by Flickr user Shawn Clover, used under a Creative Commons license)
The Internet of Things (IoT) has traveled outside the home to businesses and cities as a whole. What does this mean for the consumer or citizen using a business or a city service, where security might be a concern? Let’s go through what could very soon be a typical day for someone out on the town —and the problems lax security could pose.
Bob starts his day with shopping. He ducks into a cafe for a bite of breakfast. The barista apologizes, as the sous vide machine — a water bath meant to stay at predetermined cooking temperature —was hacked via the control app on the chef’s phone. Instead of the temperature the chef set, all the food items are now slightly undercooked. Bob, not one to let a slightly undercooked morsel go to waste, happily buys a cheese-and-bacon snack.
In 2015, half of all cyber attacks were on small businesses. Small and medium businesses often don’t have the resources of larger corporations, which translates to less security. An open WiFi network could lead to hacks. Spear phishing, or specifically targeting the business in an attempt to gain access to login credentials, could lead to credit card information leaks. According to a 2016 report, 65 percent of all spear phishing attacks were on small businesses. And it’s not just a national problem, with 90 percent of cyber attacks in the U.K. targeting small to medium businesses, and the Australian government estimating cyber crime’s impact to be about $17 billion annually.
Bob eats his breakfast on the way to the subway, to visit another part of the city. He tosses his trash into a fancy-looking trash can, only to see multiple garbage trucks idling nearby, halting traffic as the drivers yell at each other. They had all been summoned by their on-board computer to make a pickup, and now everything has slowed to a crawl.
Philadelphia is one of many urban areas currently investing in IoT technology, as is D.C. Their first successful experiment: trash cans. Although not cheap (at $4,000 each), projected net savings in Philadelphia is about $1 million each year. When sensors detect the can is full, a chain-driven compactor, powered by a 12-volt battery connected to a solar panel, compacts the trash. When the can is nearly full of compacted trash, it sends a message to a collection service, which in turn sends a truck to collect the garbage. The number of weekly garbage shifts has dramatically decreased, from 17 down to just 5. This saves in labor, fuel for the trucks and maintenance of both the trucks and the cans. However, as they are connected to the internet, it may not be long before someone hacks the cans and starts sending signals that each can needs a pickup. Or, the opposite — overriding the signal and causing trash to overflow, causing a nuisance to pedestrians. Overriding the compactor to turn off or on could lead to even more sinister, criminal deeds.
Bob, ready to go home, heads back to the subway. Except all the ticket machines have been hacked and aren’t giving out tickets. Finally, free rides are given, as all ticket machines remain locked down.
This exact scenario happened to the San Francisco Municipal (Muni) system in November, affecting trains and buses. Muni was prepared, however, and pulled from backups (had they been unable to, there are professional services that can perform high-level server data recovery, even after a client is hacked). It took two days to restore the machines, hacked by a program that rewrites an unsecured boot sector after targeting network drives as an access point. Muni did not pay the demanded ransom, though hospitals have paid in the past to regain access to patient files.
While IoT is exciting, and there are clever ways for cities and businesses to use the technology, there needs to be a focus on security. With proper security protocols observed, we are one step closer to making our cities more efficient through technology.