Christmas is quickly approaching, and I am getting excited (it is my favorite time of the year!). In fact, even as a kid growing up and for as far back as I can remember, my mom nicknamed me, “Mr. Christmas”. As a Christian, I understand the “true” meaning of Christmas, and my wife and I do our very best to instill this into our kids, though I do have to admit that we got into a slight argument (not really) over our choice of lawn decorations this year. My wife wanted to go with a new light-up manger scene, and I was pushing for a pre-lit Cornelius Yukon display (I love that guy!).
The truth is I’ve always enjoyed decorating the inside (and outside) of the house with Christmas flare (and yes, almost of all of which is Christ-centered). I also get excited to watch ‘A Charlie Brown Christmas’ and ‘ELF’ over and over with my kids, and even sneak in a viewing (or six) of National Lampoon’s Christmas Vacation. Really, what is there not to like about the Christmas season? However, one of the greatest aspects of Christmas for me is Gift Giving. I honestly enjoy giving presents much more than receiving them. I like the whole process--thinking about what to get people, shopping for the specific gift and giving the Christmas present. I am definitely not the proverbially male who does all his shopping the last few hours on Christmas Eve.
Anyhow, you as a fellow gift giver--what are you planning on having wrapped under your tree this year? Or what are you hoping will be waiting for you under those (imitation or real) pine branches?
According to a couple top retail online sites I researched, top trending Christmas wish lists for families included: the Amazon Echo or Google Home (both are voice activated speakers), Fitbit One (the Fitbit One tracks your steps, floors climbed, calories burned, and sleep quality), Apple Watch, XBox One S, various large-screen, LED Smart 4K Ultra HD TV’s and one of the most popular applications this season “due to its affordability and availability” (what?) are products developed for the “smart home”, a home equipped with lighting, heating, and electronic devices connected to the Internet that can be controlled remotely by a phone. While I can’t speak for you, I am sure glad that none of the Christmas wish lists that my family penned while sprawling out over the Thanksgiving Day ads included these expensive items. However, when I was preparing for this column and read through these sites, I am truly amazed that almost everything on these lists could be classified under the category, ‘The Internet of things’ (IoT). It is truly amazing to see how far technology advancements have come even in the last five years. I sometimes wonder if these “lists” were developed by the desires of actual people like you and me, or by the advertisers that hope we (literally) buy into the idea of IoT. Can anyone remember the good ole days when toys like ‘View-Master’ and ‘Speak & Spell’ were considered cool?
Well, even if you come from a simpler time, with simpler gifts, the age of IoT is upon us, and if you are unfamiliar with this term, by definition IoT is the internetworking of physical devices, vehicles, etc. embedded with electronics, software, sensors, actuators, and network connectivity that enable these objects to collect and exchange data. In other words, these devices allow for the ability to transfer data over a network without requiring your interaction.
Could there be risks involved with such pricey, high-demand items on wish lists this year? Sure, there’s always a risk of disappointment of not being able to afford or get the top gift this year. Also, as with all electronic devices, there’s always a slight physical risk with these items (outside of the threat of a Black Friday stampede), just think to the news coverage of the exploding Samsung Galaxy Note 7 a while back. But, what if these IoT devices posed a broader risk to all of us?
Back in late October, hackers unleashed a successful Distributed Denial of Service (DDoS) attack on the servers of Dyn, a major DNS host that quickly crippled popular websites such as Amazon, Paypal, Spotify and Twitter. DDoS is a type of DOS attack where multiple compromised systems are used to target a single system. These style of attacks are not uncommon, however, there was one glaring difference between the DDoS attack in October and others- this incredibly historic scaled attack was carried out with a botnet not comprised of computers, but of Internet connected devices (i.e. compromised DVRs and webcam devices) infected with the malware, named ‘Mirai.
Mirai is a DDoS Trojan that targets Linux systems and, in particular, IoT devices. Once the system is infected it can be used as a Bot for DDoS attacks. It has been recorded that at the height of the October Dyn attack, the targeted websites were receiving more than 150,000 requests for information per second eventually over-powering them, resulting in the sites crashing. Making matters worse, it is also known that the source code that powered the destructive botnet attack has been published and made readily available online. (On a side note, at the time of this writing, over the last month or so I’ve observed approximately twenty samples/variations of the Mirai malware. As the malware targets Linux systems, the samples received are ELF files, only supported in Linux. However, as a precautionary measure our Thirtyseven4 products (including Windows Operating Systems) have added the necessary signature based detections and a level of generic detection against Mirai.)
As the New Year approaches, I predict attacks like we saw in October will increase in frequency as IoT devices often are commonly configured with poor security and lazy default passwords. It has taken years (I might even say decades) to educate computers users of the importance of strong, hard to guess passwords for their computers, and even here we are still losing this education battle at times. The learning curve for properly configuring IoT devices will take time, and hackers know it. They are capitalizing on our laziness.
Of course I am a techy, and the latest gadgets fascinate and intrigue me. But I also have the security wisdom to identify the risks of inter-connecting the facets of our lives. When your phone unlocks your front door or turns on your heat and an activated speaker can order you pizza or a pair of shoes, does anyone else see the not-so-hard-to-imagine scenario of a hacker unlocking our front door and robbing us, or of a cyber-criminal cracking our password and ordering a lot more than a large pepperoni pizza.
Progress is exciting, even intoxicating, but security and safety measures, including strong passwords must be kept in check or else that same technology in the wrong hands will be sadly sobering.
So again I ask you, what is under your tree this year? Maybe, going back to the days of Tinker Toys, Etch A Sketch, Slinky and a Red Ryder BB Gun wouldn’t be so bad. And on a grander scale, entering the Christmas season with a sense of contentment for all that God has given us and sacrificed for us would be refreshing. Instead of jumping on the chaotic sleigh of desires and wants, because we all know that acquiring devices for a “smart home” won’t give us purpose in our days or a feeling of value. It will fill a momentary void but the real meaning of Christmas is much more valuable and so much deeper. The best gift of all is a free one. He was born in a lowly manger and yet is King of Kings. The house with Christ at the center of Christmas is truly a “smart home”!