Wednesday, 9 September 2015

A distributed denial of things part 2

I speculated earlier about the possibility of a distributed denial of things.  It was an off-the-cuff remark but not an entirely idle one.  As we rely ever more on increasingly smart devices, we have more and more to lose if we’re denied their use.  Technically, I won’t be talking only about denial of service attacks, distributed or otherwise, but about the concept of other people denying us the things we think we own.Image result for denial of service

Think about an internet-connected alarm clock that wakes us up early if the traffic is bad or on especially nice days so we can walk to work.  We already rely on alarm clocks and we’ve all panicked when they didn’t, for one reason or another, go off.  We might rely on a smartclock even more because we no longer need to plan for contingencies, meaning we can maximise our time in bed.

The amount of stuff such a device would need to know (and would surely report) about us is deeply concerning, but so is the possibility that the functionality we’ve come to rely on will be taken away from us. 

That’s a fairly trivial example.  What if our TVs won’t function if they are not connected to their service centre over the internet?  What if our fridges stop keeping our food cold or our thermostats stop working?  What if our car stops working?

When we need to abide by user agreements while we drive our cars, we face two problems.  First, it means we’re going to be under surveillance.  The user agreement will have to be enforced.  The service centre (or insurance company) can take away our car if they don’t like the way we use it.  Second, there’s likely to be a way for attackers to take away our cars, too. 

Denial of things could become a serious problem and it’s not clear what sort of defences we’ll have.  Imagine someone taking away our car the morning of an important interview (which our calendars and clocks told them about).  Would we pay to have our cars unlocked?  We might.

That’s personal. But what if an attacker launches an actual DoS against the server that keeps our cars running or our alarm clocks alarming?  The more customers those servers have, the more they might pay to get their servers back.  I think that’s where the danger of denial of things lies.

No comments:

Post a Comment