A robotized home “as service” to a family is probably one of most famous predictions of TV series and Films of past. Nowadays, that reality isn’t too fictitious. What things can you do remotely? Surely, a lot… but how much other things can do an “Internet Pirate”?
A bit of context
No one could say that technology hasn’t changed our life. Since Arpanet born and the first packet commutation was achieved, a tons of Gigabytes or whatever data measure unit that you prefer, are transmitted second to second.
If you make the exercise of go back in time, in 1990’s decade Internet began to massify. In 1993, networks and a few of Internet features was widely used in big organizations, public and privates. So also, thanks to 56k modems, we could access to Internet to pages as Altavista (the Google of those years), Excite and Yahoo!. Do you remember the beautiful Netscape “N” effect when browser was loading the page? or the incipient Internet Explorer looking for a market quote? Yeah, those years I mean.
Since 1998, an important population percentage in worldwide had access to Internet; and new versions of Microsoft Windows as the “98 Second Edition” and MacOS 8, helped to people could access to mail, instant messaging, discussion forums, know people in different cities and countries of World, among others experiences.
In latest years of 90’s decade, the “Intelligent Home” concept was popularized, being the Bill Gates home a referent for future. Read this article of Digital Trends.
The “AI” prototypes and how future was dreamed
In 1987, a Britannic TV series showed how an Artificial Intelligence known as Max Headroom had futuristic features as natural movements, reactions for an specific situation and ability to interact with people.
The AI is commonly associated to Robotics, but AI is much more than Robotics. AI is a field of Computer Science, where intelligence is made by machines that interconnecting a lot of data to represent certain act. A Machine with AI reacts depending of environment in which it be.
Commonly, AI is associated to when a machine imits human features as perceive, think, learn, interact with an human or another machine, etc.
If you want learn more of AI, please read this article of Wikipedia (in Spanish)
So, any developed system that can understand, interpret and make a “correct” action could be defined as a machine with AI features. Examples of it: Tesla Autopilot, Amazon Alexa, Google Assistant and one of the most popular: Siri in our iPhone.
Mainly in developed countries, AI technologies were adopted more early than in sub-developed countries. Considering that advances in technology is global, you will be able to recognize certain abilities of your computer that surely you unknown or ignores until now:
- The speech recognition in Windows 7. Yeah, it’s 2009 technology, before Siri launch in iPhone 4.
- The Deep Blue machine developed by IBM against Garry Kasparov (The chess champion player in the World).
- The Semantic Web, an idea of Tim Berners-Lee.
(I have a dream for the Web [in which computers] become capable of analyzing all the data on the Web – the content, links, and transactions between people and computers. A “Semantic Web”, which makes this possible, has yet to emerge, but when it does, the day-to-day mechanisms of trade, bureaucracy and our daily lives will be handled by machines talking to machines. The “intelligent agents” people have touted for ages will finally materialize.)
- Microsoft Kinect for Xbox 360, the first gaming device able to track human body movement, using a 3D camera and infra-red detection, enabling users to play their Xbox 360 wirelessly.
- Elsa, the first app created to help you to speak English natively. Elsa is a teacher created by IA that help you to get a correct pronunciation and practise words and common phrases in English.
And many others. You can see this timeline of Artificial Intelligence on Wikipedia.
IA in your life
Nowadays, in 2019; a lot of IA form part of our rutine. Surely, the smartphones are one of the biggest responsible in the massify the AI through the born of apps as Google Maps, Waze, Spotify, among others.
If you have a smartphone, surely you understand me. The next step, is make intelligent your home. In USA, some homes have assistants as Alexa or Google. You can find in Walmart or BestBuy smart lights that you can configure to “turn on” when you are near, security cameras that notify you when something occur, thermostats that adjust temperature according your preferences or climate, smart locks, smart doorbells that call you when somebody is in front of your house, etc.
So, turn on or off the Exterior Lights of your home is much more easy saying instructions as this:
- Hey Siri, turn on exterior lights to get your exterior lights on, without the need of leave lights on all afternoon or whole days.
- Hey Google, set thermostat at 23ºC at 9:00 PM.
Also, you can say to your phone or your Voice Assistant that play your favorite playlist on a Music Service; get directions to go where a friend, etc. Yeah, IA make our life much more easy. But it have a support in hardware and networks that if fail or are intervened could cause serious problems in our security and privacy.
All services work and run on the network… and the risks, also!
If hardware fails, surely your experience will be bad. If light or Internet supply fails, you must return temporarily to “analog” form. Situations as Internet fails or light supply interruption can do unsatisfactory the experience. (I had experienced this in my home, sure; I don’t live in USA). Those problems are temporary, but recurrent.
When our network is taken and controlled through sabotage, our sensible data and privacy could be used against us. Think that in normal conditions, you can configure your assistant to tell you about a packet that soon will be delivered in your home, send messages to other device, ask a flight status of a familiar that are traveling, request a friend address, how to get to certain place, set devices when you’re not in home, among much others functions.
If the network is compromised, an attacker can use these information to extortion us, know our movements, our family and more… intimate details about our life. It’s risky and too danger.
So, the solution is disconnect all due to a possible threat? No.
A compromised network is dangerous everywhere, not only in our home that theorically must be a secure place. Nobody make bank transactions in Public WiFi hotspot (I believe) or send private photos through that networks (I hope).
Do you know the phrase that says:
It’s clearly an exaggeration, but you must know that threats always are latent, and our work is minimize this threats in their maximum expression.
“The most secure computer is that that are turn off and disconnected from Internet”.
Compromising your security and privacy since day 1
In some countries, ISP (Internet Service Providers) provide basic hardware to give access to Internet Services. Much of these machines have a lot of vulnerabilities in their firmware, with stock credentials or known root access user/password that can compromise your security on Internet. If you or any in your home know “something” of networks, is probably that had changed the ISP router. If you no had changed your basic router, should think change it soon or add other device where you have total control. Total of totally. Nobody says that a device be infallible, only more safer or less unsafer, depends of your viewpoint.
Much of these routers run old versions embedded of *NIX variants, that you can manage totally only with Shell commands.
In some specialized pages and forums, root credentials to access to this routers are public and if you find some credentials, prove it and try access to your router remotely.
First, you must know your Public IP Address, that probably be dynamic and assigned by a DHCP from your ISP. Success!
With a tool as PuTTY, you can open a Telnet (a cool but obsolete technology by their low security) to get access to Busybox tool and give instructions to your router as listen traffic, get IP’s given by a DHCP server to specific device and disconnect devices if you want.
It’s fun have control when you’re behind.
Some of these Public root access are really limited because ISP changes the stock firmware by an modified firmware with less options, but an experienced hacker can break this “security” and replace the firmware with a lot of knowledge, specially if exists known vulnerabilities.
Q: What things can the attacker do?
A: What things can’t do is a better question!
So, an attacker can do whatever he pleases. If I attack successfully the first wall, the others are much more accessible for me. Nothing would stop me to catch traffic specially if it’s unencrypted. With a Man-in-the-Middle and unsecure protocols, I can get access to other devices connected to the network with known vulnerabilities or known root credentials. A good hacker can control remotely all in your home, without your consent.
So, the solution is?
The first: not alarm. Try get a better router that you can manage totally, with no known vulnerabilities; and, if you believe in free software, you can try with versions of modified firmware as DD-WRT, OpenWRT or others where the source code is public and you can study and modify at your like.
The safest router is the one you can control; and please: Change the default root password and username.
A lot of attacks are automated, so a personalized credentials severely reduces the risks.
Don’t forget that all hardware and software is vulnerable, but you can minimize the effects of a disaster.
The post The risk of connected homes appeared first on lalonotes.
