Editing 1966: Smart Home Security

Jump to: navigation, search

Warning: You are not logged in. Your IP address will be publicly visible if you make any edits. If you log in or create an account, your edits will be attributed to your username, along with other benefits.

The edit can be undone. Please check the comparison below to verify that this is what you want to do, and then save the changes below to finish undoing the edit.
Latest revision Your text
Line 8: Line 8:
  
 
==Explanation==
 
==Explanation==
 +
{{incomplete|Created by ORGANIZED CRIME - Confirm that the graph means "the oldest the device, worst the best-case is".}}
  
With the proliferation of smart appliances in recent years, there is a growing trend of hackers taking over smart "Internet of Things" devices and adding them to {{w|botnets}}. The hardware is then used for DDOS attacks, crypto mining etc. The "{{w|Mirai (malware)|Mirai}}" botnet, for example, made of over 500,000 compromised routers, refrigerators, TVs, DVRs, baby monitors, thermostats, and webcams, was used in October 2016 to take down DynDNS, one of the core infrastructure providers for the internet in North America.
+
With the proliferation of smart appliances in recent years, there is a growing trend of hackers taking over smart "Internet of Things" devices and adding them to {{w|botnets}}. The hardware is then used for DDOS attacks, crypto mining etc. The "Mirai" botnet made of over 500,000 compromised routers, refrigerators, tvs, DVRs, baby monitors, thermostats, and webcams was used in October 2016 to take down DynDNS, one of the core infrastructure providers for the internet in North America.  
  
With the constant potential threat, security updates must be constantly published, and vulnerabilities must be found by the original developers and "{{w|White hat (computer security)|white hat}}" hackers (the faceless team of engineers [[Randall]] describes), before they are found and exploited by "{{w|black hat}}" hackers (not to be confused with [[Black Hat]]). At any time, these defenders could step down from their jobs, leaving devices defenseless.
+
With the potential threat always looming, security updates must be constantly pushed, and exploits must be found by the original developers and "white hat" hackers (The faceless team of engineers [[Randall]] describes), before they could be found (and get used) by "black hat" hackers. At any time, these people could quit, leaving devices defenseless.
  
The graph shows the various cases of how well things go on the y-axis, compared to how long it has been owned on the x-axis. The probability of compromise briefly dips (indicative of first rounds of security fix updates & the time window when you can easily exchange the product if you find out it's faulty) within the 1st year, then rises: the older a device/software is, the less likely it is to consistently receive security updates for protection, so they are more likely to be hacked, even in the best case. After 10 years, the device/software is most likely outdated and is not being used anymore. Companies then no longer find it profitable to continually update the product. Thus, they pull the support out, even if people are still using the device, leaving customers vulnerable.
+
The graph shows the various cases of how well things go on the y axis, compared to how long it has been owned on the x axis. The older a device/software is, the less likely it is to consistently receive security updates for protection, so they are more likely to be hacked, even in the best case. After 10 years, the device/software, is most likely outdated and is not being used anymore. Companies then no longer find it profitable to continually update the product, and then pull support out, even if people are still using it, leaving them vulnerable. The exact thing happened to many users, when Microsoft halted updates to Windows XP in 2014, even though many people still used the operating system.  
  
The title text suggests that there may be some silver lining to having your device controlled by organized crime professionals: they have a vested interest in keeping your device working well enough that you keep it plugged in. So, the more organized, pragmatic attackers will actually secure it against competing attackers, especially those of a more prankster-like mindset, who would cause more noticeably malicious changes. Advanced malware in the wild does frequently block and evict competing malware, so Randall is probably right. Some IOT malware may thus provide "regular security update services" after the original manufacturers give up, some at a conceivably acceptable cost of a few cents' worth of electrical usage for a crypto-miner. However, it could very easily go horribly wrong, for instance if that miner is hiding by letting a refrigerator run 2°C higher than its outputs allege and using the energy difference to max out the processor on mining operations.
+
The title text suggests that being easy to hack may actually be a positive thing for an older device, because it means that criminals have a vested interest in providing system support to keep it operational after the manufacturer has stopped supporting it.
  
 
==Transcript==
 
==Transcript==

Please note that all contributions to explain xkcd may be edited, altered, or removed by other contributors. If you do not want your writing to be edited mercilessly, then do not submit it here.
You are also promising us that you wrote this yourself, or copied it from a public domain or similar free resource (see explain xkcd:Copyrights for details). Do not submit copyrighted work without permission!

To protect the wiki against automated edit spam, we kindly ask you to solve the following CAPTCHA:

Cancel | Editing help (opens in new window)

Templates used on this page:

Retrieved from "https://www.explainxkcd.com/wiki/index.php/1966:_Smart_Home_Security"