Ripe for exploitation
The network of smart devices known as the Internet of Things (IoT) has filled our world with internet connected gadgets that make our lives more convenient, but are also woefully hackable. Hacking is on the rise, and your smart thermostat and your smart refrigerator are just as, if not more, vulnerable than your smartphone.
Now that there have been a few big, high-profile hacking cases that have seriously disrupted major businesses, people are starting to take the threat seriously. The problem is, there are tons of unsecured IoT devices already out there in the world. “I’m not worried about the future, I’m worried about the past, because there are all these zillions of devices out there that are ripe for exploitation,” says Roland Dobbins of Arbor Networks, a security firm.
ISPs need to step up
Ideally, all IoT devices would be fully secure before hitting the shelves. Ideally, the law would require companies to comply with security standards. But in the meantime, what to do?
Lily Hay Newman at Wired.com suggests that ISPs step up to the challenge. ISPs could really help the mess the IoT has made by filtering and blocking certain patterns associated with malware. Some such filtering programs already exist, but the majority of ISPs opt out, because they are costly to install and maintain.
ISPs could also notify IoT device users if they suspect the device is transmitting “malicious traffic.” Right now, ISPs can already send a warning to users they suspect are illegally downloading or file sharing. Lastly, ISPs could cut off service to devices that are insecure, effectively quarantining the questionable device.
Informal Justice League
Several industry groups and government agencies have already released security compliance standards – but these are voluntary. Says Dobbins, “there are some enlightened ISPs who understand that doing the operational expenditure to proactively notify their customers actually in the long-term pans out economically and makes sense. But most of the others either don’t understand the issue or their view is that it’s not their problem.”
Some industry experts doubt that ISPs would be willing to shoulder the burden of helping prevent IoT hacks without being directed to do so by the law. The European Union is attempting to pass such laws. But until the U.S. follows suit, we’ll have to rely on the good will of ISPs to help the cause.