With our free press under threat and federal funding for public media gone, your support matters more than ever. Help keep the LAist newsroom strong, become a monthly member or increase your support today.
An Experiment Shows How Quickly The Internet Of Things Can Be Hacked
Listen
3:34
Listen to the Story
Reporter Andrew McGill set up a fake Internet-connected toaster to see how long it would take hackers to find it. He thought it would take days, but to his surprise it was under attack within minutes.
The Internet can be a dangerous place. Hackers, bots and viruses are prowling the Web trying to turn your machines into zombies.
Last month, a massive network of hacked devices helped temporarily shut down Twitter and other websites. Hackers used a virus called Mirai to target Dyn, a major Internet infrastructure company, in a sophisticated denial-of-service attack — when insecure Internet-connected devices are directed to barrage a target with data until it shuts down.
Andrew McGill, a reporter at The Atlantic, devised an experiment to find out how vulnerable our devices are to hackers. He built a virtual Internet-connected toaster, put it online and waited to see how quickly it would take for hackers to attempt to breach it. They found him much faster than he expected.
"Well, I had talked to some experts, and I was fully expecting maybe a week, maybe never, certainly not less than a day," McGill told NPR's Ari Shapiro. "But it came a lot sooner. It was 41 minutes. [The second attempt was] within 10 or 15 minutes [and the third was] another 10 or 15."
Sponsored message
Interview Highlights
On the toaster experiment
Well, I kind of wanted to see if I put something unsecured on the Internet — if I just plugged it in — how long would it take for a hacker to find it and hack into it?
So when this botnet took down all these computers a few weeks ago, there were thousands and thousands of devices that had been compromised, but I always had kind of thought, "You know, if I'm lax with security in my own personal life, it won't be a big deal because the Internet is huge." You know, there's millions, and actually billions, of IP addresses, each one with a computer behind it. Why would a hacker find me?
So I kind of devised this thing where I built a virtual Internet-connected toaster, as I called it, and I put it online and saw how quickly it took for someone to compromise it.
On how hackers found him so quickly
This is the thing: People probably think of a hacker as behind their keyboard and prowling for folks that are vulnerable. Really they write scripts and they write bots that do that prowling for them.
Sponsored message
They will actually randomly scan ports, which are essentially ways into computers, across the entire Internet. And the thing is, you know, our technology has advanced to a degree that you can actually reasonably expect to scan the entire Internet in a few hours.
On why certain devices are more vulnerable than others
This is the thing that I always want to make clear to the readers is that if you are plugging in your Internet toaster into your home Wi-Fi or into your home router, you already have a layer of security and that's your router. It's essentially a device that makes sure that incoming connections don't get through to your devices that would be malicious.
This [device] was a little bit different. This mimicked more the simpler devices that were attacked in the Mirai botnet . They're more vulnerable because they don't have that layer of protection between them and the modem, which connects directly to the Internet. So your average consumer has that layer of protection, but that protection can be breached sometimes, too.
On identifying the location of hacking attempts
I could log the IP addresses, and you could actually geo-locate those to see where they're coming from. You know, I don't really trust those because you can easily spoof an IP or have a proxy server to make it look like you're coming from somewhere else, but they were all over the map. There actually was one as close as Ohio, which I thought was funny.
On how to protect your devices from hacking
Sponsored message
For the average consumer, we've figured this out to some degree. We have basic security in place in modern devices that screen out the most obvious attacks. Really getting phished , if you will, is more of a problem where you are tricked in surrendering your password or username to a common service. If you plug in your webcam into your router or to your Wi-Fi, you're relatively safe.
I think the biggest security concern for folks at home would be if their router actually is old, it might have an easily guessed password that someone could gain control. Most modern devices don't have that problem, but that certainly is a concern for older devices.
Copyright 2023 NPR. To see more, visit https://www.npr.org. 9(MDA1OTI3MjQ5MDEyODUwMTE2MzM1YzNmZA004))
At LAist, we believe in journalism without censorship and the right of a free press to speak truth to those in power. Our hard-hitting watchdog reporting on local government, climate, and the ongoing housing and homelessness crisis is trustworthy, independent and freely accessible to everyone thanks to the support of readers like you.
But the game has changed: Congress voted to eliminate funding for public media across the country. Here at LAist that means a loss of $1.7 million in our budget every year. We want to assure you that despite growing threats to free press and free speech, LAist will remain a voice you know and trust. Speaking frankly, the amount of reader support we receive will help determine how strong of a newsroom we are going forward to cover the important news in our community.
We’re asking you to stand up for independent reporting that will not be silenced. With more individuals like you supporting this public service, we can continue to provide essential coverage for Southern Californians that you can’t find anywhere else. Become a monthly member today to help sustain this mission.
Thank you for your generous support and belief in the value of independent news.
But the game has changed: Congress voted to eliminate funding for public media across the country. Here at LAist that means a loss of $1.7 million in our budget every year. We want to assure you that despite growing threats to free press and free speech, LAist will remain a voice you know and trust. Speaking frankly, the amount of reader support we receive will help determine how strong of a newsroom we are going forward to cover the important news in our community.
We’re asking you to stand up for independent reporting that will not be silenced. With more individuals like you supporting this public service, we can continue to provide essential coverage for Southern Californians that you can’t find anywhere else. Become a monthly member today to help sustain this mission.
Thank you for your generous support and belief in the value of independent news.
Senior Vice President News, Editor in Chief
