How Christmas gifts with the latest technology challenge your security.
And there were shepherds living out in the fields nearby, keeping watch over their flocks at night. An angel of the Lord appeared to them, and the glory of the Lord shone around them, and they were terrified. But the angel said to them, “Do not be afraid. I bring you good news that will cause great joy for all the people. Today in the town of David a Savior has been born to you; he is the Messiah, the Lord. This will be a sign to you: You will find a baby wrapped in cloths and lying in a manger.” [Luke 2: 8-12]
Christmas is quickly approaching, and I am getting excited (it’s my favorite time of the year!). In fact, even as a kid growing up and for as far back as I can remember, my mom nicknamed me, “Mr. Christmas.” As a Christian, I understand the true meaning of Christmas, and my wife and I do our very best to instill this into our kids, although I do have to admit that we got into a slight argument over our choice of lawn decorations this year. My wife wanted to go with a manger scene, and I was pushing for a pre-lit Cornelius Yukon display (I love that guy!).
The truth is I’ve always enjoyed decorating the inside and outside of the house with Christmas flare (and yes, almost of all of which is Christ-centered). I also get excited to watch A Charlie Brown Christmas and Elf over and over with my kids, and even sneak in a viewing (or six) of National Lampoon’s Christmas Vacation. Really, what is there not to like about the Christmas season? However, for me one of the greatest aspects of Christmas is gift giving. I honestly enjoy giving presents much more than receiving them. I am definitely not the proverbial male who does all his shopping the last few hours on Christmas Eve.
Anyhow, you as a fellow gift giver—what are you planning on having wrapped under your tree this year? Or what are you hoping will be waiting for you under those (imitation or real) pine branches?
According to a couple top retail online sites I researched, trending Christmas wish lists for families included: the Amazon Echo or Google Home (both are voice activated speakers), Fitbit One (the Fitbit One tracks your steps, floors climbed, calories burned, and sleep quality), Apple Watch, XBox One S and various large-screen, LED Smart 4K Ultra HD TVs. And one of the most popular applications this season “due to its affordability and availability” (what?) are products developed for the “smart home,” a home equipped with lighting, heating, and electronic devices connected to the Internet that can be controlled remotely by a phone. While I can’t speak for you, I am sure glad that none of the Christmas wish lists that my family penned while sprawling out over the Thanksgiving Day ads included these expensive items. However, when I was preparing for this column and read through these sites, I was truly amazed that almost everything on these lists could be classified under the category, ‘The Internet of things’ (or, IoT). It is truly amazing to see how far technology advancements have come even in the last five years. I sometimes wonder if these “lists” were developed by the desires of actual people like you and me, or by the advertisers that hope we (literally) buy into the idea of IoT. Can anyone remember the good ol’ days when toys like ‘View-Master’ and ‘Speak & Spell’ were considered cool?
Well, even if you come from a simpler time, with simpler gifts, the age of IoT is upon us, and if you are unfamiliar with this term, by definition IoT is the internetworking of physical devices, vehicles, etc. embedded with electronics, software, sensors, actuators, and network connectivity that enable these objects to collect and exchange data. In other words, these devices allow for the ability to transfer data over a network without requiring your interaction.
Could there be risks involved with such pricey, high-demand items on wish lists this year? Sure, there’s always a risk of disappointment of not being able to afford or get the top gift this year. Also, as with all electronic devices, there’s always a slight physical risk with these items (outside of the threat of a Black Friday stampede); just think to the news coverage of the exploding Samsung Galaxy Note 7 a while back. But what if these IoT devices posed a broader risk to all of us?
Back in late October, hackers unleashed a successful Distributed Denial of Service (DDoS) attack on the servers of Dyn, a major DNS host that quickly crippled popular websites such as Amazon, Paypal, Spotify and Twitter. DDoS is a type of DOS attack where multiple compromised systems are used to target a single system. These style of attacks are not uncommon; however, there was one glaring difference between the DDoS attack in October and others—this incredibly historic scaled attack was carried out with a botnet not comprised of computers, but of Internet connected devices (i.e., compromised DVRs and webcam devices) infected with the malware, named ‘Mirai.
Mirai is a DDoS Trojan that targets Linux systems and, in particular, IoT devices. Once the system is infected it can be used as a Bot for DDoS attacks. It has been recorded that at the height of the October Dyn attack, the targeted websites were receiving more than 150,000 requests for information per second eventually over-powering them, resulting in the sites crashing. Making matters worse, it is also known that the source code that powered the destructive botnet attack has been published and made readily available online. (On a side note, at the time of this writing, over the last month or so I’ve observed approximately twenty samples/variations of the Mirai malware. As the malware targets Linux systems, the samples received are ELF files, only supported in Linux. However, as a precautionary measure our Thirtyseven4 products—including Windows Operating Systems—have added the necessary signature based detections and a level of generic detection against Mirai.)
As the New Year approaches, I predict attacks like we those saw in October will increase in frequency as IoT devices often are commonly configured with poor security and lazy default passwords. It has taken years (I might even say decades) to educate computers users of the importance of strong, hard to guess passwords for their computers, and even here we are still losing this education battle at times. The learning curve for properly configuring IoT devices will take time, and hackers know it. They are capitalizing on our laziness.
Of course I am a techie, and the latest gadgets fascinate and intrigue me. But I also have the security wisdom to identify the risks of interconnecting the facets of our lives. When your phone unlocks your front door or turns on your heat, and an activated speaker can order you pizza or a pair of shoes, does anyone else see the not-so-hard-toimagine scenario of a hacker unlocking our front door and robbing us, or of a cyber-criminal cracking our password and ordering a lot more than a large pizza?
Progress is exciting, but security and safety measures (including strong passwords) must be in place or else that same technology in the wrong hands will turn sadly sobering.
So again I ask you, what is under your tree this year? Maybe, going back to the days of Tinker Toys, Etch A Sketch, Slinky and a Red Ryder BB Gun wouldn’t be so bad. And on a grander scale, entering the Christmas season with a sense of contentment for all that God has given us and sacrificed for us would be refreshing. Let’s think twice before jumping on the chaotic sleigh of desires and wants, because we all know that acquiring devices for a “smart home” won’t give us purpose in our days or a feeling of value. It will fill a momentary void, but the real meaning of Christmas is much more valuable and so much deeper. The best gift of all is a free one. He was born in a lowly manger and yet is King of Kings. The house with Christ at the center of Christmas is truly a “smart home”!
Original article can be found in the December 2016 issue of Ministry Tech Magazine.