The Internet of Things promises to make life easier in countless ways. But don’t make it angry. You won’t like it when it’s angry.

Rise Of The Machines

Scene: New York City in mid-July, not too many years from now—the first day of a new war.

The Holland Tunnel connecting New Jersey with lower Manhattan is just over a mile and a half long. One of six thoroughfares managed by the Port Authority of New York and New Jersey, it features 84 massive fans that can change out air throughout the tunnel every 90 seconds.

One Monday morning in the middle of rush hour, those fans suddenly stop. So do the ventilation systems of every other tunnel leading into Manhattan. Within minutes, air quality nose-dives—though, oddly, automatic alarms fail to sound. Drivers woozy from carbon monoxide plow into guardrails, walls, and each other. The carnage is terrible; multiple huge pileups block exits in all directions, trapping thousands of people amid toxic fumes and inevitable conflagrations as spilled gasoline ignites.

Over on the George Washington Bridge, all is chaos when a string of BMW M7 coupes—the hot new car among Wall Streeters—experience multiple-tire blowouts while crossing the span. Many drivers survive the resulting crashes thanks to airbags; others are not so lucky after exiting their crumpled vehicles, only to find another 4,642 pounds of luxury sports car screeching toward them, sparks flying from their tireless rims.

Other new BMWs soon experience surges of unexpected acceleration and brake failures, with predictable results. In a matter of minutes, traffic across the city is hopelessly snarled across its major arteries and intersections, as often as not in flaming vehicular pileups. Other major cities up and down the eastern seaboard are similarly plagued with gridlock and blazes that no fire company can easily reach.

Meanwhile, up and down the East Coast, cooling systems in dozens of data centers inexplicably shut themselves down, defying technicians’ attempts to coax them back to life. The enormous heat generated by endless racks of servers soon forces now-understaffed IT managers to shut them down, costing businesses millions of dollars an hour—and also taking offline critical systems such as emergency response.

Residential and business alarm systems inexplicably begin sounding all over the five boroughs, overloading 911 systems and adding to the general chaos. Power transformers all over Manhattan then blow out all at once, as do others of the same model in Newark, Philadelphia, and Baltimore. Fires start to burn in cities paralyzed with crumpled vehicles and conflicting reports.

By the end of the day, more than 1,600 people are dead in New York and other East Coast cities, amid confused and badly sourced reports of war, terrorism and rioting. When the dust finally settles, experts agree that the tragedy was the most damaging cyberterror attack in history—a coordinated effort that subverted both public and private infrastructure to wreak unprecedented death, destruction and panic at an eventual cost of several hundred billion dollars. The only consolation was that it could have been much, much worse.

All because folks let the Internet of Things get out of hand.

Meanwhile, Back In Reality

That hypothetical example points to a largely unspoken yet very real concerns about the coming Internet of Things: the way that a distributed but “intelligent” network of ordinary devices could threaten normal commerce, personal privacy, and even human life should malicious types figure out how to hack it.

The Internet of Things is basically today’s Internet on steroids—one that’s connected to an incredible variety of handheld, household and industrial gadgets, each of which can transmit data to or even control other connected devices without human intervention. Some classic theoretical examples include the car that signals the maintenance center when a part is close to failing, or the toaster that tweets when your bagel is ready.

There’s still a lot of work to do before that kind of semi-autonomous network actually comes into existence. And it’s easy to envision it as a technological haven where devices work in concert to ease the burden of our daily lives by directing traffic in our cities, managing power consumption in our homes and letting us know when our kids are on their way home from school.

But if we’re not careful, the Internet of Things could also turn out to be one of the most dangerous weapons around. Subverted by malicious intent, the Internet of Things could just as easily turn our lives into a horror movie, one in which the everyday objects we depend on have suddenly developed a new urge—the urge to kill.

Spoof A Sensor, Destroy A Data Center

Devices on the Internet of Things generally fall into one of two categories: sensors and controllers. Let’s talk sensors for a moment.

Sensors monitor anything that can be measured: temperature, location, power, hydroflow, radiation, atmospheric pressure—you name it. More sophisticated sensors can also watch and listen to their surroundings. Link them all to the Internet of Things and suddenly you have a nervous system for much of the planet, one replete with feedback systems that loop in other devices.

Many of those other devices are the controllers. These are the gadgets that act on the world around them—actuators, switches, servos, valves, turbines and ignition systems, just to name a few. (You may recognize some of these controllers as common elements of critical infrastructure such as power plants and transportation systems.) Though fewer controllers are connected to the Internet than sensors, engineers are rapidly redressing that imbalance.

Of course, it sounds insane to plug the controls for a nuclear power plant or hydroelectric dam into the open Internet. But we’re also talking about large numbers of fairly innocuous devices like thermostats, monitor screens and residential power meters. That doesn’t sound so bad, does it?

Not really—at least, not until they develop minds of their own, at which point the downstream effects of minor security breaches can get serious, fast.

Consider the hypothetical disaster above. Innocuous pressure sensors in the tires of BMW M7s overheated at the behest of malicious commands, causing the tires to blow. Master control of data-center cooling went down because attackers fooled associated sensors into reporting emergency conditions that warranted immediate shutdown. Home alarms were easily tripped with faulty sensor data. Transformers exploded when outside commands disabled their surge-protection features and then jolted them with current spikes.

Viewed this way, the Internet of Things is comprised of a multitude of potential security weaknesses, each largely innocuous in itself. But put them all together, and ya got Trouble with a capital T.

Control A Controller, Crash A Car

Lawrence Pingree could be voted Most Likely To Become A Supervillain. The Gartner research director has put an inordinate amount of thought into various ways bad actors might compromise the hardware systems we have today—not to mention the ones we may have tomorrow.

For instance: Given the profusion of sensors and controllers in today’s automobiles, and the fact that their numbers will continue to mushroom as we move closer to self-driving cars, it’s probably only a matter of time before someone can—theoretically, at least—seize control of your car and effectively turn it into a multi-ton weapon of metal, glass and fuel. Hello, Christine.

Here’s another. Consider the world of medical devices, increasing numbers of which feature wireless connections that allow remote programming. (The advantage for implanted devices such as pacemakers is obvious: Wireless reprogramming obviates the need for a second surgery.) It’s not hard to envision these devices eventually connected to the Internet for monitoring, analysis of health data and firmware updates.

Now suppose hackers find a way to hijack these systems to injure or kill their users. Diabetics and heart patients aren’t the only ones at risk; biomedical monitors, “smart” drug patches and even hospital devices such as robotic surgical systems are all potentially vulnerable.

Let’s Get Small

The example of medical devices highlights a problem that’s endemic to many of the new gadgets now linking up to the Internet of Things: They’re frequently built to tight specs with limited memory and processing power that barely accommodates the functions their designers have crammed into them. There often isn’t much headroom for anything else. Like, well, security.

Such limitations are widespread. So even if a manufacturer had the wherewithal to retrofit existing devices with hardened security, there may be very real limitations preventing such upgrades. And that, in turn, means that many of the “things” on the Internet may already be wide open to selective attack.

You don’t need a hypothetical scenario to see some of these threats. All you really need is a specialized search engine like Shodan.

Shodan is designed specifically to locate devices that have been carelessly plugged into the Internet without much attempt at preventing unauthorized access. It’s sometimes portrayed as the scary bogeyman of the Internet of Things, an all-powerful master search engine that can find any device connected to the Internet at any time.

The reality isn’t quite that dramatic; Shodan isn’t very user friendly and performing searches takes time. But sophisticated users won’t have any trouble using Shodan or similar tools to find unguarded systems to attack.

Why Disaster Hasn’t Yet Struck

So what’s holding them back?

“Hackers usually want to keep systems up and running,” Pingree says. Destruction of the systems hackers subvert would—usually—run counter to their goals of profiting or making a broader social/political point. At the individual level, only a true supervillain would want to blow things up for the sake of blowing things up. Which is good news, since as we’ve recently learned, prisons sometimes have trouble keeping regular villains locked up.

What we have seen, thus far, has been the small stuff, the kind of activities that one would expect from hackers. Just this summer, for example:

An unknown person hacked into a baby monitor-camera in a 2-year-old’s room in Houston, Texas. The hacker bypassed the manufacturer’s security and used the established connection to shout obscenities though the monitor’s speakers.

Security expert Nitesh Dhanjani released a whitepaper detailing the security vulnerabilities of the Philips Hue lighting system. The vulnerability could theoretically allow an attacker to black out locations via remote control, though there aren’t any known exploits. Yet.

Forbes reporter Kashmir Hill was walked through a demonstration of a connected home system hack, which had her controlling the lighting system of a complete stranger’s home.

But Simon Mullis, a systems engineer at the security firm FireEye, raises a new concern. Compromising lower-level devices such as simple sensors could offer hackers a way to move up the food chain toward their real target. A hacked low-level device, Mullins warns, could help inject malware into a government or company control system with more authority, and thus create a major security breach.

“You could use a device to inject bad shell code into another device, and up the chain until you take over one of the company’s servers,” Mullis said.

Nation-states and terrorists, by contrast, might harbor fewer qualms about such destruction. Financial systems, power grids, sewage systems, oil and natural-gas pipelines communications—all might be fair game in a declared or undeclared cyberwar, Pingree argues. If things go badly wrong, it won’t be groups like Anonymous or LulzSec or a real-life Lex Luthor to blame, but a state or terrorist actor bent on doing real, serious damage.

What Is To Be Done?

Preventing such scenarios is simple but not easy. Pingree wants to start at the beginning by setting up and enforcing strict security standards at the manufacturing level, so that devices are hardened before they leave the factory. Developers and engineers also need to start putting on their black hats, he said, and really start thinking about scenarios where things could go sideways with their devices.

It may also come down to a complete revision of how such devices are utilized. CoreTalk Founder and CEO Sandy Klausner proposes a model where devices are explicitly connected to a domain controlled by a single entity (a person, corporation or government). Any functions directed to a device from someone outside the domain would always be blocked. Only domain-specific commands would be regarded as true, and pretending to be inside the domain would be impossible.

All this is more easily said than done. At the moment, there’s no authority ready to devise and enforce new security standards for thermostats and the like. Some manufacturers may take on that challenge themselves, but that would only offer piecemeal protection. Sad to say, it may take an actual disaster to get the attention of device builders.

Will the Internet of Things will be the harbinger of a post-apocalyptic world where we’re all huddled over smoldering fires and munching on lichens? Probably not. But it’s time to take security more seriously to minimize the odds that malefactors can wreak havoc via the smallest of our devices.