Photo

Credit Jim Datz

A FRIDGE that puts milk on your shopping list when you run low. A safe that tallies the cash that is placed in it. A sniper rifle equipped with advanced computer technology for improved accuracy. A car that lets you stream music from the Internet.

All of these innovations sound great, until you learn the risks that this type of connectivity carries. Recently, two security researchers, sitting on a couch and armed only with laptops, remotely took over a Chrysler Jeep Cherokee speeding along the highway, shutting down its engine as an 18-wheeler truck rushed toward it. They did this all while a Wired reporter was driving the car. Their expertise would allow them to hack any Jeep as long as they knew the car’s I.P. address, its network address on the Internet. They turned the Jeep’s entertainment dashboard into a gateway to the car’s steering, brakes and transmission.

A hacked car is a high-profile example of what can go wrong with the coming Internet of Things — objects equipped with software and connected to digital networks. The selling point for these well-connected objects is added convenience and better safety. In reality, it is a fast-motion train wreck in privacy and security.

The early Internet was intended to connect people who already trusted one another, like academic researchers or military networks. It never had the robust security that today’s global network needs. As the Internet went from a few thousand users to more than three billion, attempts to strengthen security were stymied because of cost, shortsightedness and competing interests. Connecting everyday objects to this shaky, insecure base will create the Internet of Hacked Things. This is irresponsible and potentially catastrophic.

That smart safe? Hackers can empty it with a single USB stick while erasing all logs of its activity — the evidence of deposits and withdrawals — and of their crime. That high-tech rifle? Researchers managed to remotely manipulate its target selection without the shooter’s knowing.

Home builders and car manufacturers have shifted to a new business: the risky world of information technology. Most seem utterly out of their depth.

Although Chrysler quickly recalled 1.4 million Jeeps to patch this particular vulnerability, it took the company more than a year after the issue was first noted, and the recall occurred only after that spectacular publicity stunt on the highway and after it was requested by the National Highway Traffic Safety Administration. In announcing the software fix, the company said that no defect had been found. If two guys sitting on their couch turning off a speeding car’s engine from miles away doesn’t qualify, I’m not sure what counts as a defect in Chrysler’s world. And Chrysler is far from the only company compromised: from BMW to Tesla to General Motors, many automotive brands have been hacked, with surely more to come.

Dramatic hacks attract the most attention, but the software errors that allow them to occur are ubiquitous. While complex breaches can take real effort — the Jeep hacker duo spent two years researching — simple errors in the code can also cause significant failure. Adding software with millions of lines of code to objects greatly increases their potential for harm.

The Internet of Things is also a privacy nightmare. Databases that already have too much information about us will now be bursting with data on the places we’ve driven, the food we’ve purchased and more. Last week, at Def Con, the annual information security conference, researchers set up an Internet of Things village to show how they could hack everyday objects like baby monitors, thermostats and security cameras.

Connecting everyday objects introduces new risks if done at mass scale. Take that smart refrigerator. If a single fridge malfunctions, it’s a hassle. However, if the fridge’s computer is connected to its motor, a software bug or hack could “brick” millions of them all at once — turning them into plastic pantries with heavy doors.

Cars — two-ton metal objects designed to hurtle down highways — are already bracingly dangerous. The modern automobile is run by dozens of computers that most manufacturers connect using a system that is old and known to be insecure. Yet automakers often use that flimsy system to connect all of the car’s parts. That means once a hacker is in, she’s in everywhere — engine, steering, transmission and brakes, not just the entertainment system.

For years, security researchers have been warning about the dangers of coupling so many systems in cars. Alarmed researchers have published academic papers, hacked cars as demonstrations, and begged the industry to step up. So far, the industry response has been to nod politely and fix exposed flaws without fundamentally changing the way they operate.

In 1965, Ralph Nader published “Unsafe at Any Speed,” documenting car manufacturers’ resistance to spending money on safety features like seatbelts. After public debate and finally some legislation, manufacturers were forced to incorporate safety technologies.

No company wants to be the first to bear the costs of updating the insecure computer systems that run most cars. We need federal safety regulations to push automakers to move, as a whole industry. Last month, a bill with privacy and cybersecurity standards for cars was introduced in the Senate. That’s good, but it’s only a start. We need a new understanding of car safety, and of the safety of any object running software or connecting to the Internet.

It may be hard to fix security on the digital Internet, but the Internet of Things should not be built on this faulty foundation. Responding to digital threats by patching only exposed vulnerabilities is giving just aspirin to a very ill patient.

It isn’t hopeless. We can make programs more reliable and databases more secure. Critical functions on Internet-connected objects should be isolated and external audits mandated to catch problems early. But this will require an initial investment to forestall future problems — the exact opposite of the current corporate impulse. It also may be that not everything needs to be networked, and that the trade-off in vulnerability isn’t worth it. Maybe cars are unsafe at any I.P.