Fax machines and coffee pots – the surprising ways you could be hacked

with this kind of technology. And it seems that almost as soon as any device is connected to the internet, it gets hacked. Recent examples include cars, toys, thermostats, medical implants and even coffee machines.

A hacker who succeeds in communicating with one of these device can then conduct any number of possible attacks. They could disrupt communications, which would be irritating in the case of a coffee machine, but potentially life threatening in the case of a medical implant. They could also access data sent to the device, again probably uninteresting in the case of a toy, but potentially a security risk if someone can find out where your car is likely to be left unattended or when your home is empty (and your heating is off).

Fax machines
Intriguingly, even some devices that are not directly plugged into the internet can be hacked. As mentioned, it was recently reported that fax machines could be hacked by sending carefully crafted image files to them containing malicious code. When this image was converted into data for transmission within the internal computer network, the code hidden within this data was able to run and inflict its damage.

This method of intrusion, which any device with an external connection to the outside world is potentially vulnerable to, enables hackers to insert malicious software such as a virus into the computer networks connected to the device. This code might not just be used to attack the infiltrated network, but could also connect the devices on it to a wider distributed network of hijacked machines. The hackers could then use this collective computing power to steal passwords, search for bankcard details, bombard websites with requests for data in order to disrupt their service, or attack yet more computers.

Staying safe
Of course, just because something can be hacked does not mean that it will be. An expert user can use network security technologies such as firewalls and strong authentication methods to reduce the risks of outsiders attacking internet-connected devices. But most users are not experts and every device we connect creates a new opportunity for anyone trying to break into our computer systems.

As a society, we have to ask ourselves two big questions. First, what technology will it really benefit us to connect to the internet? A heart monitor that can be tracked by your doctor? Probably. A doll that can have sophisticated conversations but also records everything your child says? Less so.

Second, for those technologies we do want connected, how do we get device manufacturers to take their cyber security seriously? Most new internet-connected products lack the security of more traditional computers such as laptops and phones. The answer probably relies on market pressure, which always takes time to exert its influence. We can do our own part by asking questions about security before purchasing new devices but, ultimately, it’s suppliers who have to make their devices secure.

That said, just because your kettle can connect to the internet, does not mean that you have to let it do so. I fear, however, that we are going to be reading about insecure fridges and hackable toasters for a considerable time to come.

Keith Martin is Professor, Information Security Group, Royal Holloway. This article  is published courtesy of The Conversation.