Everything Electronic You Own—iPhone to Subway Card to Power Strip—Can Be Hacked. So How to Defend Yourself?

Innovation, the Internet, gadgets, and more.
Nov. 26 2013 3:15 PM

Can You Hack It?

Everything electronic you own—iPhone to subway card to power strip—can be hacked. So how to defend yourself?

Hacking a computer.
Hackable.

Photo by Pressmaster

Wherever you’re sitting right now, take a moment to note the connected devices around you. In your pocket or handbag, you probably have an electronic key fob and perhaps a rechargeable subway card embedded with RFID. You likely have a smartphone, which is connected to a Wi-Fi network and also has voice-mail service. You might be wearing a Nike FuelBand, or a Fitbit, or possibly even a new pair of Google Glass. Maybe you can spot a traffic light or an orange highway sign out of your window. A power strip is likely not too far away.

All of these devices share one thing in common: They can be hacked.

As we herald the coming Internet of Things, it’s easy to forget that our ever expanding tech playground is mostly unsupervised. There is no playground teacher to blow a whistle when another kid takes control of your Bluetooth headset. There is no Norton antivirus software for your garage door opener.

Advertisement

If you can plug it in or connect it to a network, your device—no matter what it is—can be harnessed by someone else. And that someone doesn’t have to be a Chinese superhacker to do some serious damage with it, either on purpose or by accident. It can be your Uncle Roger, who doesn’t have his new iPhone figured out and is cluelessly turning your lights on and off via your Belkin WeMo.

I’m a hobbyist. Because I study emerging technlogy and the future of media, I’m often tinkering, breaking things, and putting them back together. Once, I wanted to see if I could break into the protected Wi-Fi network we set up for my daughter at home. Less than an hour later, I’d failed to penetrate her network but managed to shut down the main network for our house. Which I knew, because of my husband’s sudden yelling upstairs: “Why is the IRS website redirecting to Sesame Street?!”

Part of what makes new technology so exciting is that, unlike the old days, it works right out of the box. You no longer need to know how to build a computer, connect a modem, run a terminal emulator, and install bulletin board stystem, or BBS, software in order to send a racy message to a co-worker. Now any tech idiot can download Snapchat and accidentally send a racy photo to his sister-in-law. The tech playground is more accessible and, as a result, increasingly problematic.

Just after the annual Black Hat Internet security convention a few months ago in Las Vegas, I asked a group of my friends—a Navy engineer, a professional hacker, and a hobbyist—to help me come up with a quick list of devices that will be vulnerable during the next few years as the Internet of Things becomes widespread. Here’s our (incomplete) list. (Entries with a * are those we’ve tried hacking at home, for fun.):

Obvious
smartwatches*
smartphones*
computers*
tablets and phablets*
home computer locks*
the cloud (services, storage, software)
ATMs at banks
printers
GPS devices*
Wi-Fi routers*
webcams*
thumb and portable USB drives
hotel and gym safes (they tend to use a single default passcode)
cable box or DVR
voice mail (especially those with a global call-in number that doesn’t lock out after successive failed attempts—we saw this with the News of the World scandal)

Less Obvious
power strips (can be infected with malware)
power cords for your devices (code can be implanted)
luggage trackers (such as the Trakdot)
connected glasses (Google Glass, Oculus Rift. As of now, Google’s QR barcodes for Wi-Fi store the full access point name and password as plain text)
gaming consoles: PS3, Kinect, Nintendo*
refrigerators (such as Samsung)
cars with computer operating systems
smart pens (like the Livescribe)
gesture control devices (such as the Leap)*
SD cards
cameras
smart alarm clocks*
coffee makers
key fobs
light switches*
moisture sensors*
kitchen and pantry trackers (such as Egg Minder)
insurance driving monitors, such as Progressive’s Snapshot device
traffic lights (MIRT transmitters can change lights to green in two to three seconds)
highway signs that spell out text

And we didn’t even get into medical devices, which are frighteningly exposed to mischief.

TODAY IN SLATE

Politics

Talking White

Black people’s disdain for “proper English” and academic achievement is a myth.

Hong Kong’s Protesters Are Ridiculously Polite. That’s What Scares Beijing So Much.

The One Fact About Ebola That Should Calm You: It Spreads Slowly

Operation Backbone

How White Boy Rick, a legendary Detroit cocaine dealer, helped the FBI uncover brazen police corruption.

A Jaw-Dropping Political Ad Aimed at Young Women, Apparently

The XX Factor
Oct. 1 2014 4:05 PM Today in GOP Outreach to Women: You Broads Like Wedding Dresses, Right?
Music

How Even an Old Hipster Can Age Gracefully

On their new albums, Leonard Cohen, Robert Plant, and Loudon Wainwright III show three ways.

How Tattoo Parlors Became the Barber Shops of Hipster Neighborhoods

This Gargantuan Wind Farm in Wyoming Would Be the Hoover Dam of the 21st Century

Moneybox
Oct. 1 2014 8:34 AM This Gargantuan Wind Farm in Wyoming Would Be the Hoover Dam of the 21st Century To undertake a massively ambitious energy project, you don’t need the government anymore.
  News & Politics
Politics
Oct. 1 2014 7:26 PM Talking White Black people’s disdain for “proper English” and academic achievement is a myth.
  Business
Buy a Small Business
Oct. 1 2014 11:48 PM Inking the Deal Why tattoo parlors are a great small-business bet.
  Life
Outward
Oct. 1 2014 6:02 PM Facebook Relaxes Its “Real Name” Policy; Drag Queens Celebrate
  Double X
The XX Factor
Oct. 1 2014 5:11 PM Celebrity Feminist Identification Has Reached Peak Meaninglessness
  Slate Plus
Behind the Scenes
Oct. 1 2014 3:24 PM Revelry (and Business) at Mohonk Photos and highlights from Slate’s annual retreat.
  Arts
Brow Beat
Oct. 1 2014 9:39 PM Tom Cruise Dies Over and Over Again in This Edge of Tomorrow Supercut
  Technology
Future Tense
Oct. 1 2014 6:59 PM EU’s Next Digital Commissioner Thinks Keeping Nude Celeb Photos in the Cloud Is “Stupid”
  Health & Science
Science
Oct. 1 2014 4:03 PM Does the Earth Really Have a “Hum”? Yes, but probably not the one you’re thinking.
  Sports
Sports Nut
Oct. 1 2014 5:19 PM Bunt-a-Palooza! How bad was the Kansas City Royals’ bunt-all-the-time strategy in the American League wild-card game?