The Internet of things is great until it blows up your house

How to stop hackers letting the gas flow in your connected oven? Bitcoin has the answer


If something uses electricity, it will be connected

We live in a world where billions of devices consume electricity, so when I read last week that Strategy Analytics predicted 33 billion connected devices by 2020 - now just five years away - it confirmed something I’d suspected for a long time now: we’re in deep trouble.

Let me pose another hypothetical appliance: the connected oven. (You can probably guess where this is going, but indulge me.) The connected oven pairs with a smartphone to read the QR codes in recipes to get the settings just right for a perfect bake, every time.

That sounds delightful.

But when you go away on a fortnight’s holidays, and someone hacks into your oven, turns the gas on, waits 36 hours, then lights the pilot, well, then you’ve got a problem. A much worse problem if you happen to be at home at the time. Your oven could gas you in your sleep.

2014 saw both the peak of the internet of things hype cycle, and the start of the ‘What have we done?’ era of network computing. 33 billion connected devices means 33 billion attack surfaces, each with their own exploits, zero day attacks, weaknesses and vulnerabilities.

There’s no way to stay on top of all of that. If we continue to design connected devices way we have the last forty years - haphazardly, patching our mistakes as we go along - we will turn the entire planet into a honeypot. The numbers are too big, and the dangers too present for us to trust that ‘she’ll be right’. She’ll be hacked.

We need a solution that provides security for connected devices, and moreover, we need a universal solution, so a device designer can simply add this into their product as a bog-standard feature, without having to worry too much about either its implementation or its vulnerabilities.

We need something difficult to attack, something that can’t be spoofed or subverted. We need a solution that is open, inspectable, verifiable, something that favours transparency over obscurity. And it needs to be freely available, to prevent another pointless round in these endless patent wars.

In short, we need the blockchain.

The first real advance in security in decades, the Bitcoin blockchain uses a network of peers to create a platform for distributed authentication. This network of peers must come to consensus before any Bitcoin transaction is validated, offering ‘defense in depth’ to any network attack, as at least 51% of the network would need to be compromised before an attack could succeed.

In a world of 33 billion connected devices, something very unlikely to happen.

The Bitcoin blockchain provides enough security to support a distributed financial system, sufficient protection for all our connected devices. And as an open source technology, it’s freely available for anyone to implement and adapt to their needs.

IBM has seen this as well, and recently launched the ‘Adept’ initiative, blending the blockchain with the Internet of Things, provisioning for security and access control within the blockchain.

It’s early days yet. We have a proposed solution, but we haven’t deployed it. But one thing immediately becomes clear: this solution - or any similar offering - defines a floor, a minimum set of capabilities that will be required of all connected devices. Table stakes for the connected era.

At present, chipsets providing device-level connectivity at best offer minimal security services. The blockchain is compute hungry, relying on hashing and public-key cryptography and implements a protocol for peer-to-peer communication. That’s not the sort of thing you can deliver on a ten cent microcontroller.

Although we consistently focus our attention on the high end - how many transistors Intel can squeeze out of their latest process node - that’s not the main game for these 33 billion connected devices. Every device has an absolute need for computationally-expensive security, with a few modest and computationally cheap device integration features thrown on top.

So the race is on to design this chip: cheap, safe, simple and effective. A chip that will be designed into every connected product, selling in the hundreds of billions. A chip that defines the bottom rung of connected electronics: the foundation for a new world of devices that, as each one comes to life, and joins the network of peers, increases the security of all of the others.

Powered by this soon-to-be chip, that future is (borrowing from Nassim Taleb) ‘antifragile’, growing more stable and more secure over time. That’s the world we want to be living in. That’s the world we we need to be building. ®

This article was first used as a talk delivered at The Register's Christmas lecture in Australia.


Other stories you might like

  • Crypto market crashes on Celsius freeze, inflation news
    Not a good moment to look at that digi-coin portfolio, fam

    The cryptocurrency world is experiencing what can only be described as a meltdown, with prices plummeting today to lows not seen since the end of 2020.

    The plunge is likely due to several factors including general economic uncertainty as seen in the stock market, inflation, bearish conditions and loss of confidence in crypto-coins, and scared money and bots being spooked by whales selling.

    It definitely did not help that crypto-lending biz Celsius Network put a freeze on withdrawals, swaps, and transfers Sunday night. Soon after Bitcoin tumbled 10 percent, Ethereum lost 19 percent of its value, and fan-favorite Dogecoin shed nearly 15 percent of its value, or about $0.01, since then. 

    Continue reading
  • Coinbase CEO cuts 1,100 jobs, warns of 'crypto winter'
    The buck stops with me, says Armstrong, but I still have a job

    Coinbase has axed 1,100 employees, cutting its workforce by 18 per cent, while the value of digital assets including Bitcoin plummet amid rising inflation rates in the US.

    CEO Brian Armstrong announced on Tuesday he was "making the difficult decision to reduce the size of [the] team ... to stay healthy during this economic downturn." As the largest US cryptocurrency exchange, Coinbase employed about 1,250 employees at the start of 2021, when novel blockchain-based technologies such as NFTs and stablecoins exploded, launching the current Web3 hype to new heights.

    But the glowing promise of getting rich from trading cryptocurrencies or cartoon apes is losing its shine, spelling bad news for Coinbase. Armstrong warned of a "crypto winter" as America looks set to enter a recession.

    Continue reading
  • Inverse Finance stung for $1.2 million via flash loan attack
    Just cryptocurrency things

    A decentralized autonomous organization (DAO) called Inverse Finance has been robbed of cryptocurrency somehow exchangeable for $1.2 million, just two months after being taken for $15.6 million.

    "Inverse Finance’s Frontier money market was subject to an oracle price manipulation incident that resulted in a net loss of $5.83 million in DOLA with the attacker earning a total of $1.2 million," the organization said on Thursday in a post attributed to its Head of Growth "Patb."

    And Inverse Finance would like its funds back. Enumerating the steps the DAO intends to take in response to the incident, Patb said, "First, we encourage the person(s) behind this incident to return the funds to the Inverse Finance DAO in return for a generous bounty."

    Continue reading

Biting the hand that feeds IT © 1998–2022