Intruders for the Plugged-In Home, Coming In Through the Internet

Photo
Sometime soon, you may be able to turn your lights on with your iPhone. That, however, raises the question of what could happen if your device fell into the hands of a hacker. Credit Monica Almeida/The New York Times

Home, connected home. The front door opens with a tap on an iPhone. The lights come up as if by magic. The oven sends a text: Dinner is ready.

You will probably be hearing a lot about these sorts of conveniences this week from the Apple Worldwide Developers Conference in San Francisco. Apple is expected to unveil software that promises to turn our homes into Wi-Fi-connected wonderlands, where locks, lights, appliances — you name it — can all be controlled via an iPhone or iPad. You can bet that before long, refrigerators will come with “Made for iPhone” stickers.

These initiatives are all part of what is known as the Internet of Things. That is a catchall term used to describe connectivity — specifically, how people connect with products, and how products connect with each other.

Sounds great. But I can’t shake the feeling that one day, maybe, just maybe, my entire apartment is going to get hacked.

The word in Silicon Valley is that Apple has all the security issues locked down. But as any computer security expert will tell you, nothing — and I mean nothing — is impervious.

Hackers can crack governments and corporations, let alone smartphones and desktops. What’s to stop them from hacking a connected house? Think back to those dark ages when the first smartphones arrived. Back then, few people worried about the privacy and security issues those products might pose. Look where we are today.

“Obviously, there are lots of benefits of connected devices in the home, but there can also be complications,” said Marc Rotenberg, the executive director of the Electronic Privacy Information Center, a nonprofit research and advocacy group. “When you worry about computer viruses, you can unplug your computer. When your house gets a virus, where do you go?”

Take an episode that occurred last week in Australia. Reports popped up on Apple forums and in the media that some iOS devices like iPhones and iPads, as well as some Mac computers, had been targeted in a “digital hijacking” operation. Hackers had commandeered the machines and rendered them unusable. A hacker going by the name “Oleg Pliss” demanded a $100 ransom, paid via PayPal, to unlock each one.

Now imagine what could happen to your house. You come home to unlock your front door or turn on your lights with your smartphone — and find yourself locked out, your home held hostage.

Laugh if you will. But we’ve already seen similar situations happen with cars. Last year, as an experiment, Charlie Miller, a security researcher at Twitter, and Chris Valasek, director of security intelligence at IOActive, a security research company, hacked into a Toyota Prius. In their demonstration, they disabled a driver’s ability to control the steering and brakes.

Just like the early days of the iPhone, we don’t seem to be too worried that such intrusions could happen to a connected home. Maybe we’re just starry-eyed.

A May report from Pew Research about the Internet of Things asked 1,606 experts on Internet-connected clothing and appliances to explain their visions of this future. The report is a cornucopia of delights about how our toothbrush will email our dentist, how the toilet paper dispenser will know when to order a new roll from Amazon, how our alarm clock will start our coffee maker minutes before we get up. The term “hacker” appears only once in the 30,000-word document.

Lee Rainie, director of the Pew Research Center’s Internet & American Life Project, who oversaw the report, said people would initially see these new technologies as a “gee-whiz phenomenon.” Only later will they start to worry about the potential problems.

“There is a reference in our report to consumer willingness to embrace these things,” Mr. Rainie said. “If they seem too powerful and know too much about us, consumers aren’t going to want to adopt these products.”

The report also addressed another troubling aspect of the Internet of Things: the privacy implications. In that regard, hackers are only one worry. The companies that are actually making these technologies could become flies on our walls. In a filing with the Securities and Exchange Commission late last year, Google said it foresaw a future of ads in cars, watches, glasses, thermostats and so on.

Google has backtracked since, saying last week: “We’ve contacted the S.E.C. to clarify our 2013 filing; it does not reflect Google’s product road map.” But, as privacy experts noted, someone, somewhere inside Google has been thinking about putting ads in your home.

“These are devices that are designed to track people,” Mr. Rotenberg of the Electronic Privacy Information Center said. “You might start to wonder, why is my toaster spying on me?”

Correction: June 4, 2014
The Disruptions column on Monday, about the potential risks of “connected” homes, described the operating system of Mac computers incorrectly. They run versions of Mac OS, not iOS, which is Apple’s mobile operating system.