Internet of Things worrywarts’ worst nightmares have come true. Connected gizmos, which are light on security, have been commandeered by hackers to do harm. It must be the end.
Hackers two Fridays ago exploited a security flaw in inexpensive connected DVRs and webcams, took over their operation, then pointed all of them at Dyn, an Internet company that helps manage traffic for some of the biggest sites. In a flash, Twitter (TWTR), Spotify, Netflix (NFLX), and even parts of Amazon (AMZN) went dark. While the outage is alarming – imagine a world without Netflix – it’s probably the flashpoint that leads to mainstream IoT adoption.
Qualcomm CEO Steven Mollenkopf gestures while responding to questions at 2015 WSJD Live on October 20, 2015 in Laguna Beach, California. WSJ D Live brings together top CEOs, founders, pioneers, investors and luminaries to explore the most exciting tech opportunities emerging around the world. AFP PHOTO / FREDERIC J. BROWN (Photo credit should read FREDERIC J. BROWN/AFP/Getty Images)
Let me explain. Researchers now know the exploit used by hackers was Mirai, a botnet that crawls the Internet to find and network unprotected devices. Hackers used it to force hundreds of thousands of devices to simultaneously demand bandwidth from Dyn, causing its infrastructure to become overwhelmed. The effect is like spamming, and it’s not rocket science.
In the early years of the Internet spam became a huge problem. The promise of the information super highway fizzled. Then filters fixed spam. Businesses that excelled were rewarded, others disappeared. Large companies like Qualcomm (QCOM) Apple, Amazon and Alphabet have every incentive to make certain IoT devices are secure.
That extends beyond their own devices. So far they have done little more than kick around ideas and start joint committees, lots of committees. That’s because they all have aspirations of grabbing as big a piece of the lucrative IoT pie as possible. However, given the Department of Homeland Security is now involved, that will change, quickly.
This is not to suggest government will fix IoT security. Just as it failed to fix the spam problem with the CAN-Spam Act of 2003, government alone is unlikely to squash security threats. According to Bog Gourley, a former chief technology officer at the Defense Intelligence Agency, attacks will continue and they will become larger and more sophisticated. The biggest part of the solution, as always, will be from industry. The threat of government intervention is merely a great motivator.
That means we should expect best practices standards and much more sooner than later. “Businesses need to configure networks to do ingress filtering using community best practices. Governments need to encourage network providers to continuously improve quality,” said Gourley “One suggestion we make is for governments to put in place a grading mechanism like healthcare is graded.”
Losing access to large parts of the Internet to hackers might feel like the beginning of the end for the Internet of Things. If history is any indication, it’s more likely the start of the beginning, the migration to mainstream adoption. It means real standards and more secure devices are coming.
That is extremely positive for Alphabet, Apple, Amazon and Qualcomm. These stocks are still good buys into any material weakness.
Jon Markman is president of Markman Capital Insight. Click here tosign up for his freeVIP newsletteron the intersection of technology, business and culture
