How would you imagine the average living room in the 21st century? Would you think of automatic, voice controlled appliances, and immersive, virtual reality video games? That’s how the future is envisioned in one of Disneyland’s Magic Kingdom’s attractions, Carousel of Progress. The last scene, created in the 90’s and meant to depict a home in the distant, but not too distant future, shows how a family might live day to day life immersed in technology, as well as possible issues that can arise from this tech forward lifestyle. When a user of the fictional voice activated oven announces their new high score on their virtual reality game, the oven begins to heat up to the temperature of whatever number is announced by that user. When the high score of “975” is announced by a family member, the oven begins to overheat and ends up burning the fictional family’s turkey that they had baked in that oven.
Although this is a funny way to portray issues that arise from a highly automated and computerized household, the reality of the 21st century is much worse than burnt dinner. The fictional future household from yesterday doesn’t look too far off from how actual, 21st century households operate today, at least for those that can afford it. We have Nest thermostats, Alexa personal assistants, and Ring doorbells that let you monitor your front door at your fingertips.
For those that have the money, a household can be almost fully controlled with a smartphone. Adoption of these new technological devices grows every year, and they have been popping up all over upper middle class homes, but have you ever thought about how putting computers all over your home can put your personal safety and security at risk? We’ve all heard of computer hackers, but with today’s technology, a hacker can have the potential to hack into your home. Since their invention, computer chips have continuously become cheaper, smaller, and easier to manufacture. We are quickly reaching the point where everything has the potential to become a “smart” device.
This computerization of the modern world leads to everyday objects, such as cars, washing machines, and refrigerators, becoming less secure and easier for bad actors to hijack. With cyberattacks on the rise, and the computerization of even the most basic household appliances, we must be very careful about what we choose to automate, and we must prioritize security in order to protect the appliances and objects we do choose to put a computer chip into. Quickly produced technologies in the name of convenience can open the door to hackers having more access to the lives and information of consumers than ever before. Cyber criminals in the future can do a lot more damage than many can even imagine.
How to Hack a Jeep to Prove a Point
In 2015, researchers Charlie Miller and Chris Valasek tested out a vulnerability they’d discovered years before. This vulnerability was found in 1.4 million vehicles, and it allowed hackers to gain almost complete physical control of the car. The two used a 2014 Jeep Cherokee, as it had a combination of features, such as automatic emergency braking and infotainment systems, that could have the potential to make the vehicle more vulnerable to cyberattacks. They used the Jeep’s internet connected infotainment system to change the radio station, mess with the air conditioning, and most terrifyingly of all, kill the engine. The pair presented their findings to the manufacturer of the vehicle, and thankfully this vulnerability was contained and affected vehicles were recalled.
Although this demonstration was done by researchers in a controlled environment, it only showed one possible vulnerability in internet connected vehicles. There are possibly hundreds, if not thousands, of ways that hackers can access your modern, internet connected car. Even though those two researchers didn’t do anything that could harm the passenger, such as swerving into oncoming traffic or suddenly stopping the vehicle after making it drive at high speeds, they very well could have. This is just one example of how a hacker sitting in the comfort of their own home can kill you with just a few taps on a keyboard. Seeing how dangerous and deadly motor vehicles are, you would like to think that it wouldn’t be so easy for a stranger to gain access to them.
Approaches to Software Security
There are two approaches to security that technology companies can take. The first one is slow, expensive, and requires lots of testing and troubleshooting, oftentimes repeated over and over again until you make the product as secure and as well functioning as possible. This approach is used for technology we perceive to have a high potential to cause harm if they fail, such as aircrafts and medical treatments. Even the vaccine that seemed to race against time to get from initial testing into the arms of the public was based on 20 years of SARS vaccine research, and it went through the same rigorous testing that all new vaccines go through, though at a faster pace than most vaccines because of how critical and time sensitive that technology was to public health at the time. This approach also is slow to change, since every change that is made has to go through that same, rigorous, time consuming testing and troubleshooting.
The second approach to security is what is typically used by most companies that produce software. This approach is much more fast moving than the latter, and ensures that patches can be made easily to the hastily produced software that is bound to be full of vulnerabilities and bugs. If you’re an iPhone user like me, I’m sure you’re used to the endless updates and bug fixes that inevitably come every time there’s a new IOS version. Not only is this annoying and mildly inconvenient, but leaving these security vulnerabilities to be discovered later can put a lot of devices, as well as people’s identity and information, in danger.
Most bugs are discovered by the tech company themselves, but having these holes in software that have already been released to the public gives a potential cyber criminal a chance to discover them before anyone else does. In my opinion, software should be treated with the same safety standards that we treat physically dangerous objects, such as airplanes, buildings, and bridges.
Although the hackers of yesterday seldom caused their victims physical harm, there’s no telling what the hackers of tomorrow can do to you or anyone that uses such software. As we’ve seen in the 2015 Jeep experiment, a hacker can easily kill people if they can find a vulnerability in an internet connected vehicle. If a criminal had discovered that vulnerability before Miller and Valasek did, there would have been 1.4 million drivers at risk of losing control of their car, or worse. A cyber criminal wouldn’t even need to hack into a 5000 pound death trap capable of going 100+ miles per hour to cause real damage to the average, internet connected consumer.
These days, we store all our sensitive personal information on our phones and computers. Our devices contain banking information, credit cards, and, as mentioned earlier, some people can control their home appliances from their smartphones. A hacker can spend your money, steal your personal information, and even unlock your front door. Given how vulnerable the lives and security of consumers are in the hands of the software they use every day, technology companies should be testing and patching their software before it hits the free market. Most people wouldn’t feel comfortable sitting on a plane that hasn’t been thoroughly tested in its design, so why shouldn’t we hold the same standards for software?
Well? What are we supposed to do about it?
If you’re anything like me, you would feel uneasy after learning just how vulnerable we are in the hands of the technology that is created to make our lives easier. So, how did we get here? How did we allow industries to get this far in creating advanced technology when it puts us at such a risk?
Well, it boils down to a system that is the root of many problems humanity faces today: capitalism.
The companies creating these technologies, being the private, for-profit corporations that they are, prioritize making money above all else — and that includes consumer security. Much of the software consumers use today is insecure because the free market rewards cheap and quickly produced software over well-made, secure software. The last time you were shopping around for a new phone or computer, was security at the forefront of your mind?
I would say that the average consumer would barely pay any mind to security, if they’re thinking about security at all. The vast majority of consumers aren’t even aware of the security risks they take when they use these quickly produced and hastily patched software. On top of that, the majority of consumers demand their products to be released in a short amount of time. This leads to the free market rewarding tech companies that release software that’s full of vulnerabilities quickly, and rather than companies that release software that is secure from the beginning.
There is hardly any incentive under the current system for tech companies to release secure, well tested software. This can cause so many problems that consumers will pay the price for, and it must be addressed. The industry needs to have some regulation and intervention to ensure the safety of software consumers, while also incentivizing tech companies to provide a high level of security to their customers. The first step the government can take to regulate the tech industry in the name of security is to set comprehensive standards for how software is produced and tested. The next step would be to monetarily incentivize tech companies to follow these standards, by giving tax breaks to those that comply, and fining those that do not. The government should also create legislation that forces companies to be transparent about their technology, as well as fund research into making software more secure. With these government regulations, the industry will be forced to improve their security measures, and as a result, consumers will be better protected from cyber criminals.
As computer chips make their way into all aspects of modern life, insecurity will creep in with it. Although these technologies have undoubtedly made modern life easier and more convenient, there are costs to pumping out software at this fast of a pace. I believe the first step to solving this potential security crisis is to inform the public of what can potentially happen if this doesn’t get addressed soon. I hope that with this information, you’ll be more aware of the vulnerabilities you face as a consumer of modern technology, and you’ll inform your family, friends, and colleagues about the severity of these security risks. With public pressure comes systematic change, and systematic change in the technology industry can’t be made until the problem is addressed by its consumers. Although the responsibility to fix these issues lies on the government and corporations that create vulnerable software, we can start the process by holding these entities accountable, and advocating for regulations that protect consumers.
Comments