Bad (internet of) things

What we can do to keep all those clever devices from causing harm

The internet of things is a wondrous vision. Over the last few years, we have invited clever little IoT pixies into our homes, offices, factories and institutions. They watch out for us, perform services for us and generally impact our lives in good ways.

But these clever things are not necessarily intelligent things. Just like little kids, they need to be taught not to talk to strangers and not to believe everything they hear. They must learn to understand the context of the world around them to know right from wrong. If we overload them with functionality, leave them too open or let them come in with malicious ideas latent under cute exteriors, they will do things you don’t want them to do. The consequences can be disastrous.

On Oct. 21, we saw firsthand the impact of giving some of these things a bit too much trust, too much responsibility. A switch in our IoT pixies’ subconscious flipped, and suddenly our favored webcams and video recorders turned into an army intent on sending millions of simultaneous requests for information to a single Internet infrastructure company, Dyn.

Dyn hosts the Domain Name System (DNS), and these devices were unknowingly executing a distributed denial-of-service (DDoS) attack. Because Dyn was flooded with incoming connections, it couldn’t tell legitimate requests from those created by the ad hoc army. Across the U.S., large swaths of the internet became unreachable.

The attack on Dyn demonstrated a known vulnerability in the internet’s DNS system, but the more pressing issue it highlighted was that we exist in a world filled with insecure devices. The reality is, that webcam you bought last week may be ready to flip into attack mode upon receiving a few carefully curated bytes from the right sender. A week earlier, Johnson & Johnson had announced that its insulin devices were hackable. The list of digital vulnerabilities lurking within our homes, vehicles and factories goes on.

So what can we take away from this situation? Here are our recommendations:

  1. Watch out for unintended consequences: The allure of enhanced convenience services is great, but so too is the potential for trouble. Linking an Amazon Echo to a smart door lock may seem like a good idea, but a burglar could shout from the window to unlock the door. As IoT enables new modalities for device and service interaction, remain vigilant and anticipate how unexpected use cases can undermine your goals.
  2. Let cloud things help: As we noted, cleverness and intelligence are not the same thing. We can make clever devices intelligent by giving them big brothers and sisters in the cloud. These digital big siblings are worldlier, aware of more context information, savvier about desirable and undesirable interactions and better able to defend themselves. If we treat these big siblings as proxies for our pixies and communicate with them exclusively, we can take some of the vulnerabilities out of the equation. This is the same as the idea of digital twins, where a cloud “avatar” has more intelligence to complete advanced actions, like interfacing with other devices, while local devices limit their actions to the very minimum.
  3. Build in watchdogs: While our IoT pixies may not have fully developed thinking, their big siblings do. These siblings can learn models for how the world normally behaves and how certain systems respond to input. This awareness lends itself to the creation of a “cognitive supervisor” capable of supervising the pixie, identifying when something isn’t quite right and notifying an adult. If a big brother notices his sister looks sick, he tells his parents. We need this same sort of human in the loop alerting and validation for IoT.

    Similarly, the big sibling may use its understanding of the pixie to evaluate inputs prior to execution, creating a “cognitive firewall” of sorts. If a big sister knows her little brother will start bouncing off the walls after eating sugar, she may prevent him from eating a king-size candy bar. Our digital siblings must be able to similarly prevent our IoT pixies from receiving bad data or malicious requests. Turn on a connected microwave for 100 minutes? No way.
  4. Beware Trojan horses: Consumers and industry must learn to preferentially select hardware and software from trusted vendors. Over time, the nascent field of security standardization and certification for IoT device security will develop more fully. Consumers should exclusively use devices possessing stringent certifications and take care to address existing weak points where possible (e.g., by changing a device’s default password).

While the attack on Dyn was scary, ultimately good will come from it. Heightened consumer awareness of system limitations, newly vigilant developers and novel architectures will help the IoT thrive. The resulting better-designed systems taking security, data privacy and ownership, interoperability, and resilience into account will ensure a bright future for all connected devices and services, so people can continue to reap the benefits from allowing good things into our lives.

Sanjay Sarma is a professor mechanical engineering at MIT. Josh Siegel is a postdoctoral associate in the Field Intelligence Lab at the Massachusetts Institute of Technology. He researches connected systems and their applications.

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection

Tags businessIoT

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

By Sanjay Sarma and Josh Siegel

Computerworld (US)
Show Comments


James Cook University - Master of Data Science Online Course

Learn more >


Sansai 6-Outlet Power Board + 4-Port USB Charging Station

Learn more >



Back To Business Guide

Click for more ›

Brand Post

Most Popular Reviews

Latest Articles


PCW Evaluation Team

Louise Coady

Brother MFC-L9570CDW Multifunction Printer

The printer was convenient, produced clear and vibrant images and was very easy to use

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Walid Mikhael

Brother QL-820NWB Professional Label Printer

It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?