Bruce Schneier’s new book, “Click Here to Kill Everybody,” explains the security risks of a new world of household devices connected to the Internet. I asked him what the risks are, why they are so serious and what their consequences are for politics.
HF: Technology has created a hyper-connected world. How does this lead to vulnerabilities?
BS: As we connect more things to the Internet, they can affect each other. This is generally a goodness, but it leads to vulnerabilities in unexpected ways. First, vulnerabilities in one thing can affect another thing. We saw this last year when a major Vegas casino’s high-roller database was hacked through — and I am not making this up — its Internet-connected fish tank.
The second way hyper-connection leads to vulnerabilities is that individual things, when combined, can generate new vulnerabilities. That is, it is their interaction that creates the vulnerabilities, without any individual system being at fault.
The third way is that vulnerabilities can cascade catastrophically. We also saw this in 2016 when vulnerabilities in Internet-connected webcams and digital video recorders enabled attackers to build a massive cyberweapon that, through a series of steps, took dozens of popular websites offline.
HF: How are those vulnerabilities changing as more and more of our everyday devices become connected to the Internet?
BS: What’s new with everyday devices like appliances, cars, medical devices, thermostats, consumer goods, toys and so on is that they do things. They affect the world in a direct physical manner. We used to only be concerned about bits and bytes. Now the risks are against life and property.
This fundamentally changes our threat model and obsoletes a lot of the security assumptions we have been making for decades: assumptions about how authentication works, about software reliability and patching, and about the wisdom of an unregulated technology space.
Read the full piece at The Washington Post.