Smart burglars will ride the surf of inter-connected hackability

Let’s invent a dustbin that throws itself away

By Alistair Dabbs

Posted in Security, 23rd June 2017 09:02 GMT

Something for the Weekend, Sir? What the world needs now is an intelligent dustbin. It would be the pinnacle of achievement for the Internet of Things sector.

But wait – it already exists! And in common with its robotic, pseudo-not-actually-AI brethren, it has a suitably daft anthropomorphic moniker. Instead of labelling it with a gender-presumptive name such as Beryl or Daryl, they’ve called it Baryl.

That’s right: Baryl. As in “of laughs”, “of bullshit”, “they’ve got you over a”, “shooting fish in a”, or, most appropriately for the IoT market, “scraping the bottom of a”.

Have a look here at Baryl in action, unnecessarily trying to clean up the already spotless passenger concourse at Montpellier train station.

Notice how insistently Baryl pursues potential bylaw offenders, eager to chomp their waste and prevent untidiness. It can't be bargained with. It can't be reasoned with. It doesn't feel pity, or remorse, or fear. And it absolutely will not stop, ever, until you are relieved of your litter.

Just imagine the fun you could have hacking into Baryl. If you were feeling small-minded, you could get it to chase people around the concourse while bleating “om-nom-nom” although as far as I can see, it pretty much does that already.

Much more likely for any self-respecting Reg reader would be to reprogram it to trundle up to the automated ticket machines and get it to purchase cross-European railcards using the details from the last credit card entered into the slot.

Lawyers, calm down. I am not suggesting that Baryl is easy to hack. It could well be that a robot dustbin has been designed with far tighter security protection than, say, all the billion-dollar corporates which are currently suffering customer data loss and ransomware attacks on a daily basis. I am, however, stating that Beryl is as much a potential hacking target as every other Thing on the Internet.

The key word here is “target”. As the variety of interconnected devices increases, you no longer have to head straight for the one you’re after. Instead, you simply break into the device with the worst security and ride the interconnected surf until you hit gold. Even the most basic two-factor authentication doesn’t seem to figure in IoT once the little buggers are talking to each other.

Take the car industry, for example. It was little surprise, least of all to vehicle owners, that those rinky dinky card-keys could be spoofed by a determined thief. Yet these same owners are shocked to discover that thieves, having unlocked your car, have no interest in driving away in it. Instead, they upload malicious code from a USB stick via the car’s infotainment system.

As the current wave of ransomware attacks demonstrate, your car probably won’t be the target any more. Stuff your Mazda, pal. It’s the rest of your personal data and ultimately your wallet they’re after.

My favourite hack scare of the moment is the one about breaking into a computer by recharging an electronic cigarette. Who’d have thought that plugging a device directly into a USB slot could have security implications? I know, you must be as shocked as I am.

Sure, there’s not much storage space on a vape block but you only need enough to trigger a download of the full code and away it goes, hunter-seeking its way across whatever else your computer is connected to.

I have just returned from a lovely product demonstration intended to play upon my paranoia. It was an indoor home security video gadget that watches your hallway, back door or any other part of your house you wish and sends you smartphone app alerts if it notices anything untoward.

So far, so commonplace. The clever bit was that the device uses a bit of AI to learn to recognise faces, so it only alerts you if it sees someone unfamiliar entering your home. Or the cat.

To put my data security terrors at ease, I was assured that the device records its video feed locally to an SD card plugged in at the back. So when you choose to access any of it, you do so sort-of directly from app to device rather than via the intermediary of cloud storage.

Of course, if the burglar (or the cat) notices the device when breaking in, he could always unplug it from the mains and take it home with the rest of the swag, SD card and all. Even if you configured it to upload alert videos automatically from SD card to Dropbox, it might not have enough time to start uploading before the foul deed is done.

In the device’s favour, it records in sharp HD – a far cry from good ol’ CCTV which captures video quality akin to a VHS copy of Die Hard rented from Blockbusters after Christmas 1989. In CCTV’s favour, traditional security cameras tend to be situated inaccessibly high up a wall rather than sitting conveniently in front of you on a bookshelf near a wall socket.

God forbid that the burglar thinks of wearing a mask to disguise his identity. What next? Gloves?

But all of this is academic. A nifty burglar will hack into your home security device through a chain of infection, starting from a humble e-cig. Malicious code will then flow though your connected junk of unnecessary gadgetry, via your smart lampshades, robotically enhanced cutlery and intelligent toilet seats, and simply put your security camera in sleep mode.

On the way, it will change the timer on your boiler, unlock your autonomous vehicle and reprogram the skills in Alexa. You’ll come home to find the only warm place in the house is the fridge, your car has driven itself to Devon for the weekend and Amazon has delivered 4,000 bananas.

So beware: it’s through the small things that we’ll get targeted. Hang on, I’ve just thought of a really good use for Baryl.

Alistair Dabbs is a freelance technology tart, juggling tech journalism, training and digital publishing. Despite what he has written above, he is likely to be among the first to buy an IoT-connected home security device. He welcomes the imminent rerelease of OK Computer. He is a paranoid android.

Sign up to our NewsletterGet IT in your inbox daily

67 Comments

More from The Register

Good news: AI could solve the pension crisis – by triggering a nuclear apocalypse by 2040

New US RAND report predicts a grim technological future

Hypersonic nukes! Nuclear-powered drone subs! Putin unwraps his new (propaganda) toys

Vids No no, you can't see them, unless you attack. Which you won't. So you can't see 'em

Iran: We have defeated evil nuclear-sensing Western lizards!

It's not David Icke, it's Ayatollah Khamenei's former top general

British military spends more on computers than weapons and ammo

Shows where wars of the 21st century will really be fought...

Elon Musk among 116 AI types calling on UN to nobble robo-weapons before they go all Skynet

Open letter to UN warns of 'weapons hacked to behave in undesirable ways'

Diplomats, 'Net greybeards work to disarm USA, China and Russia’s cyber-weapons

Black Hat Asia Because when state attacks blow back, the taxpayers who paid to have them developed pay again

France to tack weapons onto spy drones – reports

Reapers currently used solely for surveillance

It's 2017 and Microsoft is still patching Windows XP+ – to plug holes exploited by trio of leaked NSA weapons

Bugs used by stolen tools fixed among 96 software holes

Kaspersky: Clumsy NSA leak snoop's PC was packed with malware

Lab suspects Chinese spyware was on home computer

Without new anti-robot laws, humanity is doomed, MPs told

RotM Just because we're decades away from seeing real robo-killing machines...