Next month at MEX, I’ll be doing a talk and some workshopping on designing for the IoT. I’ve been considering ways to get people thinking a bit differently, and one of them is to think about the darker side of connected objects, homes, cars and so forth. And because everyone loves a good heist/thriller/game of Cluedo, I’m going to get participants to plan a crime that’s committed purely through (hijacked or otherwise) connected objects.
Technology has long been a means for illegal activity – credit card theft rings, corporate and political espionage, faux African royalty fraud, phishing, the list goes on and on – but somehow those crimes all feel distant, abstract. What about murder by IoT? Remember those horror movies when you were a kid, where a poltergeist would take over the blender or the garbage disposal? Substitute ‘person who doesn’t like you very much and has some money to hire a hacker’ and you’ve got the general idea. Some say it’s bound to happen any day now. Or how about kidnapping someone by hijacking their satnav?
Last night, walking through East London, I passed a gorgeous old warehouse and immediately thought, “I want to steal that building.” This idea has been floating around my circle of friends ever since one of us at Uni heard a (probably apocryphal) story of a guy who ‘stole’ the flat of a couple in Manhattan by moving in as a housekeeper or similar and gradually driving them so crazy that they left and he stayed. This seems unlikely to actually have happened, so “I’m going to steal that house” has always been a joke – but what if that house were fully connected? It might be possible to steal it, after all. Once you cracked the home area network, you could probably do a lot of damage – you could change the locks to let you in and keep the ‘real’ owners out. Or if you wanted to emulate our apocryphal friend, you could change all the settings for the lighting, the hifi, the climate control, the blinds and so forth until the residents just couldn’t take it anymore. If the ownership documentation were digitised (as most governments are planning), those could be hacked and forged as well.
This scenario is probably just as unlikely (at least for now) as its analog counterpart, but there is something to the idea that cybercrime is no longer confined to the ethereal plane of the magickal interwebs – as ‘smartness’ gets added to more and more elements of our environment, so do the attendant security risks. It’s possible that huge numbers of internet refrigerators and the like are already being used in botnets, but what if that security violation, which is still passive and usually invisible to the owner, becomes actively aggressive?
I’m certainly not trying to catastrophise here, but in all the excitement of the near-magical things we can do with technology, there needs to be a consideration of the impact, and considering what might go wrong can be an interesting exercise in helping things go right.