Android in My Rice Cooker: Gateway to Future Cyber Home Invasion?

Over the past few days, there were several interesting stories in the news that caught my eye. The first was at Bloomberg News on 8 January; it reported how Google’s Android operating system software is increasingly being embedded into everything from refrigerators to rice-cookers. According to the story, Android creates a nice, symbiotic relationship between Google and product manufacturers. The manufacturers get a free and easy-to-use OS that allows them to create Internet-connected products, while Google is in a position to “collect more data to build its lucrative search business and one-up software rivals Microsoft Corp. (MSFT) and Apple Inc.”

Another goal of the manufacturers is to also create products that can “exchange information with less human intervention.” The Bloomberg story goes on to state that, “A television, for example, might show a pop-up message from a clothes dryer in the basement, indicating that the homeowner’s jeans are not yet dry. The user could press a button on the TV remote to automatically add 15 minutes to the dryer cycle. A connected rice cooker could determine what type of rice is being used and set cooking instructions accordingly.”

Given that your rice cooker might also inform others what type of rice you’re cooking, like a competitor to the brand you're using who might then try to convince you otherwise, consumers might view their relationships with their Android-enabled devices as parasitic in nature, but that is a discussion for another time.

For the past 20 years or so, observers have predicted that digital convergence—what used to be called “smart” or “intelligent” devices and has now has morphed into “The Internet of Things"—is just over the horizon. Finally, it's actually is looking like it is going to be an everyday reality sooner than later. A story in 9 January’s Wall Street Journal reports that 10 consumer-oriented product companies have launched the Internet of Things (IoT) Consortium whose aim is, “cooperation between hardware, software, and service providers.”

The IoT website states further that, “The IoT Consortium is primarily focused on those Internet enabled devices and related software services that directly touch consumers in the form of home automation, entertainment, and productivity. One of the goals of the consortium is to see billions of connected devices that benefit from communication with other devices and services.”

The IoT charter members include Active Mind Technologies, BASIS Science, Coin, Kease, Logitech, MOVL (KontrolTV), Ouya, Poly-Control, SmartThings, and Ube.  The members of IoT essentially break along two lines: new companies that are basically start-ups, like Active Mind, Kease, Ouya, Smart Things, and Ube, who are developing products that include video game consoles (Ouya), smart electrical outlets (Ube) and home automation controllers (Smart Things), and more established product companies like Logitech (peripherals), Basis (personal health trackers), and Poly-Control (access security products). Active Minds has a nice description of what all these companies are ultimately aiming to do in this age of the Internet of Things, namely, provide tools and technology to support the “emerging world of the quantified self.”

The third story, from the 9 January London Telegraph, concerns a report from the UK Commons Select Committee on Defense which finds that, “Evidence received by the Committee suggested that in the event of a sustained cyber attack the ability of the Armed Forces to operate effectively could be fatally compromised due to their dependence on information and communication technology.”

The report points out that because of the increasing extent of digital technology in defense systems that communicate with one another, there are “many more points of vulnerability.” Therefore, says the Defense Committee, “cyber threats can evolve with almost unimaginable speed and serious consequences for the nation’s security." The Government, it added, "must be more vigorous in its approach to cyber security.”

The committee wants the UK Ministry of Defense to make a heavier investment in “mechanisms, people, education, skills, thinking and policies that take into account both the opportunities and the vulnerabilities which cyberspace presents.” The Parliament members also supported the view (pdf) expressed last summer by the Cabinet Office Intelligence and Security Committee that the UK should not just try to keep cyber criminals out, but engage in “active defense”, i.e., "actively interfere with the systems of those trying to hack into UK networks.”

All of which leads us back to our Android-enabled rice cookers.  As more everyday appliances become nodes in home networks that connect into national networks, and become increasing interdependent (and vulnerable) in the manner that military systems now are, how will the inevitable cyber attacks against them be viewed? For instance, consider a coordinated cyber attack against home automation networks using some insecure Internet-enabled appliance connected to the network as a gateway which successfully shuts down tens of thousands of home heating systems during a major blizzard like that of 1978 that hit the Northeast United States. Will such a widespread attack against non-vital government or infrastructure IT systems be seen as mere nuisances or as something more threatening?

It may sound far-fetched, but once everything communicates with everything else, I don't put it past malicious programmers to figure out clever ways to exert control over devices remotely in ways no one planned against.

It is interesting that the IoT Consortium doesn’t mention improving the security of Internet-enabled devices and related software services in its mission statement. Maybe it should think about doing so in order to ensure that the above question never has to be answered. Until then, I think I'll hang on to my dumb rice cooker.

Advertisement

Risk Factor

IEEE Spectrum's risk analysis blog, featuring daily news, updates and analysis on computing and IT projects, software and systems failures, successes and innovations, security threats, and more.

Contributor
Willie D. Jones
 
Advertisement