IoT disaster could happen at any time, warns Bruce Schneier

A connected world is at risk

A major Internet of Things (IoT) disaster is almost a certainty as more and more devices are connected to the web, according to security expert Bruce Schneier.

Furthermore, if secret services really are trying to influence elections by hacking the systems of political parties and releasing embarrassing emails, they will almost certainly attempt to hack into the increasing number of internet-connected voting machines for the same ends.

Schneier is the author of multiple encryption algorithms, founder of security company Counterpane, and former chief technology officer of BT Managed Security Solutions.

"It's one thing if your smart door lock can be eavesdropped on to know who is home. It's another thing entirely if it can be hacked to allow a burglar to open the door or prevent you opening your door," Schneier wrote in an article published by Motherboard.

"A hacker who can deny you control of your car, or take over control, is much more dangerous than one who can eavesdrop on your conversations or track your car's location.

"With the advent of the IoT and cyber-physical systems in general, we've given the internet hands and feet: the ability to directly affect the physical world. What used to be attacks against data and information have become attacks against flesh, steel and concrete."

Schneier explained that many of the devices now being connected to the internet, including industrial systems controlling major facilities, have security only as an afterthought, and that the IoT "will allow for attacks we can't even imagine".

The key weaknesses come from software control systems, the connections between systems and autonomous systems. Schneier highlighted a lack of security patching in control systems, the ability to compromise networks via insecure devices connected to them, especially IoT devices, and the security dangers of increased automation.

"Security engineers are working on technologies that can mitigate much of this risk, but many solutions won't be deployed without government involvement. This is not something that the market can solve," he said.

Schneier also suggested that if Russian security services were indeed behind the attack on the systems of the US Democratic National Committee there is no reason why they wouldn't target internet-connected voting machines.

"Over the years, more and more states have moved to electronic voting machines and have flirted with internet voting. These systems are insecure and vulnerable to attack," Schneier warned.