Carnegie Mellon professor gets $1.1M to secure appliances
How secure is your toaster?
It's a question you're probably not asking now, but one that Vyas Sekar, an assistant professor in Carnegie Mellon University's department of Electrical and Computer Engineering, says we should consider.
Hackers will have many more gateways into personal data, business accounts or public infrastructure as more and more toasters, refrigerators, light switches, garage doors, outlets, thermostats, cars and other items are connected to the Internet.
“There's a saying in network security that your network is only as secure as your weakest link, and these could become the weakest link,” Sekar, a faculty member in CMU's CyLab Security and Privacy Institute, said.
The National Science Foundation recently awarded Sekar $1.1 million over the next four years to design a shield that can protect the Internet of Things from cyber attacks. The Internet of Things, shortened to IoT, is Wi-Fi enabled light switches that sense when a room is empty and turn off, thermostats that automatically change temperatures throughout the day, cars that can talk to each other and traffic signals, baby monitors that stream to your mobile phone and even refrigerators that can access your Google calendar.
Gartner Inc., an information technology research and advisory company, predicts 6.4 billion things will be connected to the Internet of Things by the end of the year. About 5.5 million new things will be connected every day. By 2020, 20.8 billion things will be connected.
Sekar said most connected appliances, machines and devices aren't designed with robust cyber security measures in mind. They often won't allow anti-virus or malware software and can't be updated to protect against emerging threats. Connected devices can store personal data, like when you leave and return to your house; provide gateways for hackers to get into personal networks where credit cards might be stored and be vulnerable to someone else taking control.
“This is a conversation we should be having right now. These kinds of threats are not hypothetical,” Sekar said.
“Imagine I take over a car, and this car goes crazy and starts causing accidents.”
Pittsburgher Chris Valasek and Charlie Miller, of St. Louis, hacked into and remotely controlled a Jeep Cherokee last year. Baby monitors have been hacked to let strangers spy. Hackers turned at least one refrigerator into a spam machine as part of botnet attack in late 2013 and early 2014 that sent out more than 750,000 emails.
Greg Puschnigg works in the Internet of Things. He is CEO of BOSS Controls in Pittsburgh's Bloomfield neighborhood, which sells smart plugs and switches that are connected to a network to monitor power usage and can be turned on and off remotely to control it. His plugs were installed last week in the City-County Building as part of the city's efforts to monitor and cut energy costs. Puschnigg said his products can cut energy use by 30 percent for small- to medium-sized buildings.
BOSS connects its products over a Wi-Fi network, and Puschnigg said with the right encryption and security controls, the networks can be safe. The problem, he said, is that many people don't take the steps necessary to protect their networks.
“Our devices go on the network, so we are as secure as the network,” Puschnigg said. “When you don't follow the rules, it can be hacked, and that's what happens.”
Puschnigg said his company set up a separate network at the City-County Building to connect the outlets. If someone could hack in, they wouldn't have access to information stored and sent over a different network. They might be able to turn on all the lights in the middle of the night.
“I assure you, no hackers are interested in that,” Puschnigg said.
Aaron Aupperlee is a Tribune-Review staff writer. Reach him at 412-320-7986.