{"id":18879,"date":"2016-11-18T15:46:07","date_gmt":"2016-11-18T20:46:07","guid":{"rendered":"https:\/\/digital.hbs.edu\/platform-rctom\/submission\/your-toaster-has-been-hacked\/"},"modified":"2016-11-18T15:48:15","modified_gmt":"2016-11-18T20:48:15","slug":"your-toaster-has-been-hacked","status":"publish","type":"hck-submission","link":"https:\/\/d3.harvard.edu\/platform-rctom\/submission\/your-toaster-has-been-hacked\/","title":{"rendered":"Your Toaster Has Been Hacked"},"content":{"rendered":"

Late last month, in the wake of a Mirai-malware hacking \u2013 in which millions of home devices from DVRs to webcams attacked core internet providers in a massive denial of service attack \u2013 Andrew McGill of Atlantic Media ran an experiment to understand how long it would take for an unprotected connected home device to be attacked by hackers.[1]<\/a> With the help of Amazon\u2019s web services, McGill created a fake \u201csmart toaster\u201d connected to the internet and waited. Within forty minutes, the first hacker attempted to wrest control of the toaster. From then it only took an additional fourteen minutes for the next attack. By the end of the day, McGill\u2019s toaster had been attacked over 300 times.<\/p>\n

Forecasters estimate that there are already 4 billion connected devices in use by consumers now, and that we will have over 13.5 billion connected consumer devices by 2020.[2]<\/a> From your smart phone to your smart vacuum cleaner (cats and Roombas anyone?) to your programmable Christmas lights, connected, smart devices are building out a ubiquitous, machine-to-machine internet. Inert devices connected to nothing other than an electrical outlet will become the exception not the rule. With this increased ubiquity comes a broader attack surface for potential hackers to compromise and many more potential sources of data breach, for data that we may not even recognize is being collected as we go about our daily lives. As one friend likes to point out, when welcoming Amazon\u2019s Alexa system into the home, it\u2019s nice to think that you can press mute and prevent it from recording inside the home, but if compromised that mute button may just turn on a red LED.<\/p>\n

Making the challenge more difficult, many hardware manufacturers are decades behind their software and computer compatriots in engineering cybersecurity into their product design. The recent Mirai attack was abetted by the number of manufacturers that released devices into the world with little but flimsy factory-programmed passwords protecting them. As McGill discovered in his adventure with the fake smart toaster, these factory-programmed passwords are often the first to be tested by hackers in an effort to take control of a device. But for most consumers, managing the passwords on their computer and smart phone is already a struggle \u2013 and to be honest, when was the last time many of us changed these passwords? Or even realized that our smart toaster had a password? And are we, the consumers really the ones responsible?<\/p>\n

Enter Icon Labs which helps traditional manufacturers navigate the cyber security morass associated with connecting devices into the Internet of Things. By providing off-the-shelf and customizable cyber security solutions which can be \u201cembedded\u201d on physical products and devices, Icon Labs is providing a much needed solution for over 100 original equipment manufacturers, from Maytag to GE.[3]<\/a> Icon Labs is just one of several players in the estimated $20 billion Internet of Things cybersecurity market.[4]<\/a> Icon Labs specializes in providing solutions that work for connected devices, recognizing that the small memory and processing capacity of these devices presents unique challenges when it comes to protecting them. In addition, Icon Labs helps manufacturers manage and protect device passwords, recognizing that factory-produced passwords are often the first to be compromised as they were with the recent Mirai attack.<\/p>\n

Icon Labs\u2019 services may become even more valuable for manufacturers as the legal and regulatory regime surrounding the Internet of Things evolves. The question of who is responsible for maintaining the security of connected devices is still an open one today \u2013 but increasingly it looks like the original manufacturer may foot the bill. Already, the Federal Trade Commission has taken one enforcement action against a device manufacturer for selling insecure internet routers. And perhaps in recognition of potential product liability, a webcam manufacturer has issued a recall for several of the webcams that were used in last month\u2019s Internet of Things denial of service attack.[5]<\/a><\/p>\n

The Internet of Things is growing quickly as more devices from your doorbell to your toaster oven become connected to the internet, with more machines using the internet than human beings. Cybersecurity for the Internet of Things will have to grow up even faster. Companies like Icon Labs are well positioned to sell a much needed service to product manufacturers looking to prevent their appliances from becoming robotic slaves to the bot-net.<\/p>\n

 <\/p>\n

Word Count: 800<\/p>\n

Image Credit: Disney’s Brave Little Toaster, from Wikia<\/p>\n

[1]<\/a> McGill, Andrew. The Inevitability of Being Hacked: We built a fake web toaster, and it was compromised in an hour.<\/em> The Atlantic. October 28, 2016. (http:\/\/www.theatlantic.com\/technology\/archive\/2016\/10\/we-built-a-fake-web-toaster-and-it-was-hacked-in-an-hour\/505571\/)<\/a>.<\/p>\n

[2]<\/a> Gartner Press Release. Gartner Says 6.4 Billion Connected Things Will Be in Use in 2016, Up 30 Percent from 2015.<\/em> Nov. 10, 2015. (http:\/\/www.gartner.com\/newsroom\/id\/3165317)<\/a><\/p>\n

[3]<\/a> Icon Labs Company Website. (http:\/\/www.iconlabs.com\/prod\/about).<\/p>\n

[4]<\/a> Business Insider Intelligence. IoT Security Market Report. February 2016. (http:\/\/www.businessinsider.com\/iot-devices-are-changing-cybersecurity)<\/a><\/p>\n

[5]<\/a> Waddell, Kaveh. Who\u2019s Responsible When Your DVR Launches a Cyberattack? The Atlantic Monthly. October 25, 2016. \u00a0(http:\/\/www.theatlantic.com\/technology\/archive\/2016\/10\/whos-responsible-when-your-dvr-launches-a-cyberattack\/505322\/)<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"

Who will save the Internet of Things from the evil toaster bot-net? <\/p>\n","protected":false},"author":2481,"featured_media":18894,"comment_status":"open","ping_status":"closed","template":"","categories":[],"class_list":["post-18879","hck-submission","type-hck-submission","status-publish","has-post-thumbnail","hentry"],"connected_submission_link":"https:\/\/d3.harvard.edu\/platform-rctom\/assignment\/digitization-challenge-2016\/","yoast_head":"\nYour Toaster Has Been Hacked - Technology and Operations Management<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/d3.harvard.edu\/platform-rctom\/submission\/your-toaster-has-been-hacked\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Your Toaster Has Been Hacked - Technology and Operations Management\" \/>\n<meta property=\"og:description\" content=\"Who will save the Internet of Things from the evil toaster bot-net?\" \/>\n<meta property=\"og:url\" content=\"https:\/\/d3.harvard.edu\/platform-rctom\/submission\/your-toaster-has-been-hacked\/\" \/>\n<meta property=\"og:site_name\" content=\"Technology and Operations Management\" \/>\n<meta property=\"article:modified_time\" content=\"2016-11-18T20:48:15+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/d3.harvard.edu\/platform-rctom\/wp-content\/uploads\/sites\/4\/2016\/11\/Toaster_The_Brave_Little_Toaster.png\" \/>\n\t<meta property=\"og:image:width\" content=\"321\" \/>\n\t<meta property=\"og:image:height\" content=\"291\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/d3.harvard.edu\/platform-rctom\/submission\/your-toaster-has-been-hacked\/\",\"url\":\"https:\/\/d3.harvard.edu\/platform-rctom\/submission\/your-toaster-has-been-hacked\/\",\"name\":\"Your Toaster Has Been Hacked - Technology and Operations Management\",\"isPartOf\":{\"@id\":\"https:\/\/d3.harvard.edu\/platform-rctom\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/d3.harvard.edu\/platform-rctom\/submission\/your-toaster-has-been-hacked\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/d3.harvard.edu\/platform-rctom\/submission\/your-toaster-has-been-hacked\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/d3.harvard.edu\/platform-rctom\/wp-content\/uploads\/sites\/4\/2016\/11\/Toaster_The_Brave_Little_Toaster.png\",\"datePublished\":\"2016-11-18T20:46:07+00:00\",\"dateModified\":\"2016-11-18T20:48:15+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/d3.harvard.edu\/platform-rctom\/submission\/your-toaster-has-been-hacked\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/d3.harvard.edu\/platform-rctom\/submission\/your-toaster-has-been-hacked\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/d3.harvard.edu\/platform-rctom\/submission\/your-toaster-has-been-hacked\/#primaryimage\",\"url\":\"https:\/\/d3.harvard.edu\/platform-rctom\/wp-content\/uploads\/sites\/4\/2016\/11\/Toaster_The_Brave_Little_Toaster.png\",\"contentUrl\":\"https:\/\/d3.harvard.edu\/platform-rctom\/wp-content\/uploads\/sites\/4\/2016\/11\/Toaster_The_Brave_Little_Toaster.png\",\"width\":321,\"height\":291},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/d3.harvard.edu\/platform-rctom\/submission\/your-toaster-has-been-hacked\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/d3.harvard.edu\/platform-rctom\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Submissions\",\"item\":\"https:\/\/d3.harvard.edu\/platform-rctom\/submission\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Your Toaster Has Been Hacked\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/d3.harvard.edu\/platform-rctom\/#website\",\"url\":\"https:\/\/d3.harvard.edu\/platform-rctom\/\",\"name\":\"Technology and Operations Management\",\"description\":\"MBA Student Perspectives\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/d3.harvard.edu\/platform-rctom\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Your Toaster Has Been Hacked - Technology and Operations Management","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/d3.harvard.edu\/platform-rctom\/submission\/your-toaster-has-been-hacked\/","og_locale":"en_US","og_type":"article","og_title":"Your Toaster Has Been Hacked - Technology and Operations Management","og_description":"Who will save the Internet of Things from the evil toaster bot-net?","og_url":"https:\/\/d3.harvard.edu\/platform-rctom\/submission\/your-toaster-has-been-hacked\/","og_site_name":"Technology and Operations Management","article_modified_time":"2016-11-18T20:48:15+00:00","og_image":[{"width":321,"height":291,"url":"https:\/\/d3.harvard.edu\/platform-rctom\/wp-content\/uploads\/sites\/4\/2016\/11\/Toaster_The_Brave_Little_Toaster.png","type":"image\/png"}],"twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/d3.harvard.edu\/platform-rctom\/submission\/your-toaster-has-been-hacked\/","url":"https:\/\/d3.harvard.edu\/platform-rctom\/submission\/your-toaster-has-been-hacked\/","name":"Your Toaster Has Been Hacked - Technology and Operations Management","isPartOf":{"@id":"https:\/\/d3.harvard.edu\/platform-rctom\/#website"},"primaryImageOfPage":{"@id":"https:\/\/d3.harvard.edu\/platform-rctom\/submission\/your-toaster-has-been-hacked\/#primaryimage"},"image":{"@id":"https:\/\/d3.harvard.edu\/platform-rctom\/submission\/your-toaster-has-been-hacked\/#primaryimage"},"thumbnailUrl":"https:\/\/d3.harvard.edu\/platform-rctom\/wp-content\/uploads\/sites\/4\/2016\/11\/Toaster_The_Brave_Little_Toaster.png","datePublished":"2016-11-18T20:46:07+00:00","dateModified":"2016-11-18T20:48:15+00:00","breadcrumb":{"@id":"https:\/\/d3.harvard.edu\/platform-rctom\/submission\/your-toaster-has-been-hacked\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/d3.harvard.edu\/platform-rctom\/submission\/your-toaster-has-been-hacked\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/d3.harvard.edu\/platform-rctom\/submission\/your-toaster-has-been-hacked\/#primaryimage","url":"https:\/\/d3.harvard.edu\/platform-rctom\/wp-content\/uploads\/sites\/4\/2016\/11\/Toaster_The_Brave_Little_Toaster.png","contentUrl":"https:\/\/d3.harvard.edu\/platform-rctom\/wp-content\/uploads\/sites\/4\/2016\/11\/Toaster_The_Brave_Little_Toaster.png","width":321,"height":291},{"@type":"BreadcrumbList","@id":"https:\/\/d3.harvard.edu\/platform-rctom\/submission\/your-toaster-has-been-hacked\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/d3.harvard.edu\/platform-rctom\/"},{"@type":"ListItem","position":2,"name":"Submissions","item":"https:\/\/d3.harvard.edu\/platform-rctom\/submission\/"},{"@type":"ListItem","position":3,"name":"Your Toaster Has Been Hacked"}]},{"@type":"WebSite","@id":"https:\/\/d3.harvard.edu\/platform-rctom\/#website","url":"https:\/\/d3.harvard.edu\/platform-rctom\/","name":"Technology and Operations Management","description":"MBA Student Perspectives","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/d3.harvard.edu\/platform-rctom\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"}]}},"_links":{"self":[{"href":"https:\/\/d3.harvard.edu\/platform-rctom\/wp-json\/wp\/v2\/hck-submission\/18879","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/d3.harvard.edu\/platform-rctom\/wp-json\/wp\/v2\/hck-submission"}],"about":[{"href":"https:\/\/d3.harvard.edu\/platform-rctom\/wp-json\/wp\/v2\/types\/hck-submission"}],"author":[{"embeddable":true,"href":"https:\/\/d3.harvard.edu\/platform-rctom\/wp-json\/wp\/v2\/users\/2481"}],"replies":[{"embeddable":true,"href":"https:\/\/d3.harvard.edu\/platform-rctom\/wp-json\/wp\/v2\/comments?post=18879"}],"version-history":[{"count":0,"href":"https:\/\/d3.harvard.edu\/platform-rctom\/wp-json\/wp\/v2\/hck-submission\/18879\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/d3.harvard.edu\/platform-rctom\/wp-json\/wp\/v2\/media\/18894"}],"wp:attachment":[{"href":"https:\/\/d3.harvard.edu\/platform-rctom\/wp-json\/wp\/v2\/media?parent=18879"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/d3.harvard.edu\/platform-rctom\/wp-json\/wp\/v2\/categories?post=18879"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}