Wifi pillows and smart hairbrushes make CES a botnet dream
Internet of things that are likely to be compromised
Lost in the excitement of the 1993 blockbuster “Jurassic Park” was a simple message about the importance of ethics in engineering. “Your scientists were so preoccupied with whether or not they could,” intones Jeff Goldblum as the film’s chief skeptic, “they didn’t stop to think if they should.” In Jurassic Park, the payoff for the science was obvious: real, living dinosaurs. In our mundane real world, we instead have marketers, engineers, and startups all hell-bent on a much more modest goal: putting the internet in everything. The likely consequence: armies of compromised toasters, trashcans, pillows, and even hairbrushes, all harnessed to attack the internet by malevolent hackers across the globe.
At the Consumer Electronics Show in Las Vegas, companies showcased all their latest schemes for putting the internet into things that don’t need it. That trend might be good for both gadget companies and hackers, who frequently take command of the weak security on internet-enabled home devices to build botnets—networks of compromised computers that together can conduct massive online attacks.
This isn’t just speculation. A massive attack last fall was powered not by compromised PCs but by hacked cameras and DVRs. There is no guarantee that all internet-connected devices can be compromised in this fashion, but many companies are thinking first about getting a product to market, and last (or not at all) about the security of that device. Security in the internet of things is, for now, an external cost, one borne by victims of attacks without any direct repercussions for those who made the compromised, internet-connected devices in the first place.
Below are five new internet-connected gizmos that could be commandeered into a hacker’s botnet. All of the below already exist in internet-less form, so maybe just stick with what you’ve got.
A trashcan is a pretty simple device. It’s just a durable box in which to put a bag for garbage. Even advanced trashcans simply provide mechanical improvements: a lock for the lid, a pedal on the floor to open the top with a simple foot-tap, a sensor to open the lid with nary a touch (if you want to get real fancy about it). One could argue that there is very little reason to put the internet in a trashcan (literally speaking, anyway).
Maybe opening a lid is hard, and maybe a foot-pedal isn’t for everyone. Simplehuman’s voice-activated trashcan responds to commands like “open” and “close,” which is fine—if perhaps a niche use. It’s the version of the trashcan coming out in May of 2017 that spells trouble. According to The Verge that May release will add “Wi-Fi, additional languages, and the ability to track your stock of garbage bags.” Paired with a phone app, the can can also order itself bags via Amazon Dash. More languages is nice, but there’s no need for a trashcan to always be connected to the internet to learn new vocabulary or order more bags. Constant connectivity is a great way to end up in a botnet, however, so the next time Netflix is down from a distributed denial of service (DDoS) attack, it might just be the work of an army of compromised trashcans.
The Kérastase Hair Coach bills itself as the world’s first wifi enabled hairbrush, which is not a thing that needs to exist. Built by L’Oréal and Withings, the brush uses load sensors, an accelerometer, and a gyroscope to provide measurements and analysis of a person’s hair as they brush it, a thing no person in history has needed so far. Those measurements are sent to a smartphone app via bluetooth or wifi, so that the hairbrush can combine measurements with weather data to recommend additional products for the user to put in their hair. And since it’s wifi enabled, there’s a non-zero chance it could be compromised and used as part of a botnet. A hairnet, if you will.
Mirrors, like trashcans and hairbrushes, are objects humans figured out a long, long time ago. Bizarrely enough, wifi is not capable of improving a surface’s ability to reflect your image back at you. That doesn’t mean people haven’t tried. Griffin Technology’s Connected Mirror connects to wifi to display the time and weather, as well as phone notifications. For people who are all-in on having a home full of wifi devices, the Griffin mirror can also display updates from Griffin coffeemakers and Griffin bluetooth toasters. It’s the perfect slightly-dystopian way to start your day.
It is not yet voice activated, so you’ll have to save asking “Mirror, mirror, on the wall, which smart appliance in my house is the most compromised of all?” for another edition.
After a long day debugging the trashcan, the hairbrush, and the mirror, it’s probably time for the young technophile to spend some time outside. “What if,” no reasonable person has ever thought, “I wanted to ride a lawnmower that was also connected to the internet.”
At CES this year, Craftsman displayed a riding mower that keeps track of its maintenance needs and sends that information to a smartphone or tablet app. This is a great way to track if the oil in the riding mower is too low. You could also do the job with dipsticks and rags, which can’t be recruited to help take down your favorite websites (yet).
Eventually, everyone needs to sleep. For as long as there have been humans, those humans have managed to get some shut-eye without sending information to the internet. But fortunately those dark ages are over. Thanks to the Zeeq Smart Pillow, spotted at CES, it’s possible to rest your head on a little bundle of internet every night.
“What if your pillow could be an active participant in your sleep, rather than just a dumb rectangle,” intones Warrick Bell, the co-inventor of the Zeeq pillow. What if indeed! The pillow features eight speakers, a 3-axis motion sensor, and a tiny microphone—so that it can play soothing music, record your snoring, and detect your movements while you sleep. The pillow, which can also wake you up with a gentle vibration, successfully raised $400,000 on Kickstarter last summer.
It also records sleep statistics, which you’ll of course need to view via smartphone apps or online. Useful? Maybe. But it’s a pretty risky thing to take into bed with you. You might convince your partner once and for all that they snore louder than you do, but you could also end up snoozing on one piece of a huge botnet army.