It’s that most magical time of year… no, not Christmas, that’s all over now until next December. No, I mean CES, the annual Consumer Electronics Show in Las Vegas. Where better than Vegas for a million ridiculous dreams to enjoy brief moments of fame, only to fade soon after?
It used to be that the worst thing that could come out of CES was a drawer full of obsolete gadgets. These days, things can get a bit more serious. Pretty much every gadget on display is now wifi-enabled and internet-connected - yes, even the pillows and hairbrushes.
The reason this proliferation of connectivity is a problem is the "blinking twelves" factor, that I have written about before:
Back in the last century, digital clocks with seven-segment displays became ubiquitous, including as part of other items of home electronics such as VCRs. When first plugged in, these would blink "12:00" until the time was set by the user.
Technically-minded people soon noticed that when they visited less technical friends or relatives, all the appliances in the house would still be blinking "12:00" instead of the correct time. The "blinking twelves" rapidly became short-hand for "civilians" not being able to – or not caring to – keep up with the demands of ubiquitous technology.
The problem that we are facing is that computing has begun to spread beyond the desktop. Even the most technophobic now carry a phone that is "smart" to a greater or lesser degree, and many people treat these devices much like their old VCRs, installing them once and then forgetting about them. However, all of these devices are running 24/7, connected to the public Internet, with little to no management or updates.
Now we are starting to see the impact of that situation. Earlier this year, one of the biggest botnets in history was created from hacked smart CCTV cameras and took down big chunks of the Internet.
1995: Every object in your home has a clock & it is blinking 12:00— mcc (@mcclure111) January 17, 2016
2025: Every object in your home has a IP address & the password is Admin
That’s just crude weight-of-numbers stuff, though; the situation will get even more… interesting as people figure out how to use all of the data gathered by those Things - and not just the owners of the devices, either. As people introduce always-on internet-connected microphones into their homes, it’s legitimate for police to wonder what evidence those microphones may have overheard. It is no longer totally paranoid to wonder what the eventual impact will be:
Remember that quaint old phrase "in the privacy of your own home". I wonder how often we will be using it in 20 years' time.
What can we do?
Previous scares have shown that there is little point in the digerati getting all excited about these sorts of things. People have enough going on with their lives; it takes laws to force drivers to take care of basic maintenance of their cars, and we are talking about multi-tonne hunks of metal capable of speeds in excess of 100mph. Forget about getting them to update firmware on every single device in their home, several times a year.
Calls for legislation of IoT are in my opinion misguided; previous attempts to apply static legal frameworks to the dynamic environment of the Internet have tended to be ineffective at best, and to backfire at worst.
Ultimately, what will save us is that same blinking twelves nature of consumers. There is a situation right now in San Francisco, where the local public transport system’s display units that should show the time until the next bus or train are giving wildly inaccurate times:
To blame is a glitch that's rendered as many as 40 percent of buses and Muni vehicles "invisible" to the NextMuni system: A bus or light rail train could arrive far sooner than indicated, but the problem, which emerged this week, is not expected to be resolved for several weeks.
Muni management have explained the problem (emphasis mine):
NextMuni data is transmitted via AT&T’s wireless cell phone network. As Muni was the first transit agency to adopt the system, the NextMuni infrastructure installed in 2002 only had the capacity to use a 2G wireless network – a now outdated technology which AT&T is deactivating nationwide.
What took down NextMuni - the obsolescence of the 2G network that it relied on - will also be the fix for all the obsolete and insecure IoT devices out there, next time there is a major upgrade in wifi standards. More expert users may proactively upgrade their wifi access points to get better speed and range, but that will not catch most of the blinking twelves people. However, it’s probably safe to assume that most of the Muggles are relying on devices from their internet provider, and when their provider sends them a new device or they change provider, hey presto - all the insecure Things get disconnected from their botnets.