Houseplants sending emails reminding you to water them. Baths running for you as you walk through the front door. Driving around the city looking for a parking space becomes a distant memory.
Welcome to the imminent era of the Internet of Things, in which our previously dumb objects and machines will wise up thanks to in-built sensors and web connections. By 2020, analyst firm Gartner believes there will be 26 billion Internet of Things devices, from fridges to TVs to cars, and that doesn’t even include PCs, smartphones and tablets. There is little doubt the age of connected machines could usher in new, innovative ways to make our homes and offices considerably more efficient and improve our lives in many other ways.
However, internet experts are warning about an unusual and worrying implication of what’s ahead: many of our connected possessions will become what they refer to as ‘ghosts’, slowing down broadband and opening up your home to hackers. What are these ghosts? And should they be a concern?
The issue is that many connected things – from coffee makers and traffic lights to dustbins and weighing scales – will be adding traffic to the internet without doing anything useful. For example, you might buy a remote-control coffee maker that has been instructed to continually announce that it is still connected – it might do this even when you’re not using it. Others may simply be faulty, churning out data to nobody, a bit like shouting into the dark.
Why is this a problem? First of all, these ghost devices would be continually adding useless data onto the network, which means they have the potential to slow down internet connections and waste huge amounts of energy, by clogging up telecoms lines.
Indeed, ghost traffic already affects the speed of your internet connection today. Around 20-40% of the space currently available for data transfer is used up by ghost traffic caused by redundant but active connections, even in well-managed networks, says Gunter Ollmann, chief technology officer of consultancy IOActive. “The amount of garbage is huge,” says Ollmann. “It’s not malicious, it's just wasted space. Now if you're adding these other technologies then the misconfiguration on any of these things is going to cause slowing down of internet connection.”
Hack from the dead
While much of this junk traffic will cause inconvenience, expense and needless energy use, it’s when ghost devices are compromised that they have the potential to become a genuine threat. These undead devices could be brought back to life, only now for malicious purposes.
The trouble will start when a product stops being supported – for instance, if you were to sign up for a service that offers sensors and a website to keep tabs on your baby’s bedroom, but then the company goes bust. Many Internet of Things systems are controlled from web interfaces accessed via standard internet addresses. If a service provider stops using those interfaces, and ceases paying for the internet address, a hacker could easily register the same domain once it becomes available and take over those forgotten machines. If it seems unlikely, consider that cases of malicious baby monitor hacking have already happened via web-connected devices.
Once the ghost machine is taken over, the potential for damage is considerable, says Beau Woods, a founding member of I Am The Cavalry, an organisation focusing on protecting the general public from digital attacks. “What could someone malicious do if they could modify or replace the software on the device? This could range from pranks, like funny photos on a fridge screen, to making profits by inserting advertisements on your television, to interception by digitally eavesdropping on your home network, to disablement through wrecking the software on the device, to doing physical damage by overloading the electronics or burning out a motor. In automobiles, medical devices, public transport, airplanes and other more critical systems the damage could be much more severe.”
Networking vendors, who make the systems that transfer data between the machines that make up the internet, are scrambling to find ways to protect the future Internet of Things by looking at the architecture that funnels bits and bytes across the world. “People are going to get more and more stuff and just forget about it,” says Bret Harman, chief technology officer at the networking giant Cisco’s security division. “There are so many ‘things’ and they are so diverse, you really can't trust them. Often they're so small they can't have security built into them.”
As the company providing the service is not in control of any of the technology, responsibility for fixing the issue will land on the user, even if they never wanted the services to be discontinued. To avoid being at risk, users will have to ensure each connected machine is still managed by its manufacturer, which should provide security for its customers, says Jared Mauch, from IT and network provider NTT America. The same should go for the different apps or software sitting on those machines, he adds.
There’s one problem: few users are likely to actually take action. “The user needs to monitor the device – expected traffic patterns, queries, expected operation – and manage the entire lifecycle of the application or device. “Most people won't do that,” says Mauch. “Even people that get technology don't do that.”