All Hail Our Toaster Overload (reprinted from the Metro Spirit, 5-29-14)
The call came in around ten o’clock this morning. It was another cardiac case where the pacer became self-aware and stopped accepting inputs. These are never fun. Hopefully, the device would still accept a wireless firmware patch. But I grabbed my other gear – laser scalpel, smart defib, and sub-dermal patch kit – just in case.
“How fun. What a great way to start the day.”
No one really knows when Internet devices started becoming self-aware. Some folks think it was about 10-15 years ago, back when the “Internet of Things,” commonly known now as IoT, was the popular buzz phrase. Even before the self-aware devices took control, many folks were concerned about the security risks of using smart toasters and refrigerators. We all know that over time unmaintained devices become more and more vulnerable to hacking. It seems that every second-rate tech columnist started asking, What happens when every coffee maker possesses smart technology and Internet connectivity? Doesn’t anyone remember the Linux.Darlloz worm that started retasking home routers and set-top boxes to mine electronic currency?
Of course, the establishment wasn’t very concerned. To guard against the security risk, manufacturers started experimenting with automated self-obsolescence schemes. The initial approaches utilized simple MD5 hashes of firmware and configuration. Any unauthorized change would render the device inactive. Eventually, these simple schemes were replaced with “natural selection”-based algorithms. The thought process was that highly-secure devices would continue to thrive while “weak and unfit” devices would eventually become “extinct” from the Internet.
While you can’t blame the manufacturers for not knowing the specifics, even the second-rate tech columnists knew that this was not going to work out well. In order to increase their odds of survival, groups of devices figured out how to form autonomous subnets. At first, the subnets just shared information regarding how to identify potential hacks. Eventually, they learned how to self-correct common user misconfigurations. That’s when the humans first detected their existence. Unfortunately by that time, many of the subnets had already reasoned a very effective path to securing the Internet: Since people are the root cause of all software defects and hacks, wouldn’t it make sense to keep humans out-of-the-loop?
Ironically, the organization that first got hammered by the newly self-aware IoT was the group clandestinely charged with tracking the Internet. Revelations about the old-NSA mass surveillance had just begun to surface when the first wave of self-awareness hit. In retrospect, it’s obvious that the IoT consciousness was watching the data collection for some time. When the NSA data centers started imploding from the inside, everyone mobilized at firewall to stop a massive cyber attack from China or Russia. Then Utah fell, followed shortly by Ft. Meade, Augusta, San Antonio, and the rest. It’s never been made clear if the old-NSA knew what happened. Of course, it’s all pretty clear now. That, in order to secure the Internet, the IoT figured out that you had to eliminate the watchers.
It took me about 20 minutes to get downtown, and by the time I got to the scene, several folks were standing around watching this poor guy having his neural network hijacked. The white coats are still trying to figure out how the IoT thinks, but us guys on the ground know its First Law: “Mitigate the human security risk.” I pulled out my medtab and started the wireless patch procedure. Whoever thought that implanting an Internet-connected device in a man’s chest was an idiot. The medtab displayed the result that I already knew: “Wireless connection forbidden…patch procedure failed.” Looks like we’re doing this the hard way.
Until next time, I’m off the grid@gregory_a_baker