The Moral Tapestry of IoT: Exploring Ethics in a Hyperconnected World
Morality , like art , means drawing a line someplace. — Oscar Wilde
In October 2016, internet users all over the United States were taken aback when a massive cyberattack rendered them unable to connect to some of the world’s most popular websites. This included tech moguls like Netflix, Twitter, CNN, and The New York Times.
The concurrent trait amongst them is the fact that they were all customers of DYN DNS, a company specializing in online infrastructure. One of the company’s primary functions is to translate human-readable inputs into IP addresses, which can be used to route online traffic. This was disrupted when hackers launched a Distributed denial of service (DDoS) attack on DNS servers.
The perpetrators utilized a sophisticated strategy exploiting a botnet comprising IoT devices. They disrupted traffic to these websites, effectively blocking human users by deploying automated bots. To overwhelm the targeted servers, they employed the Mirai malware program, seizing control of compromised network-enabled devices like CCTV cameras, DVRs, and various household items.
A hacker under the pseudonym, Anna_Senpai had released the source code of Mirai Botnet earlier that month, a common tactic used by hackers to avoid being the sole possessor of code if law enforcement comes knocking. [https://github.com/jgamblin/Mirai-Source-Code]
Being an ardent fan of Greek mythology, my initial thought on encountering the word Tapestry is the narrative of Arachne and Athena. Arachne , a mortal endowed with exceptional weaving skills dared to challenge the artistic prowess of the goddess Athena. Despite Athena’s warnings and efforts to dissuade her, Arachne’s hubris prevails, leading to a tapestry weaving contest between the two. While both craft extraordinary tapestries, Arachne’s insolent portrayal of the gods causes her to succumb to Athena’s wrath, who in turn subsequently transforms Arachne into the a spider.
Drawing parallels with the present ethical dilemmas, the advent of the Internet of Things (IoT) can metaphorically be compared to a complex tapestry interweaving the digital and physical realms. As our lives become increasingly interconnected, the “Moral Tapestry of IoT,” echoes the challenges presented in the myth. Both stories highlight the necessity of navigating the ethical intricacies in our choices — whether it involves questioning divine authority or pushing the boundaries of technology.
In the same year, an Amazon customer in Germany was mistakenly sent about 1,700 audio files from someone else’s Echo, providing enough information to name and locate the user and his girlfriend. Amazon attributed this “unfortunate mishap” to human error. In Portland, Oregon, a woman discovered that her Echo had sent recordings of private conversations to one of her husband’s employees. In a statement, Amazon said that the Echo must have “misheard the wake word, misheard a request to send a message, misheard a name in its contacts list and then misheard a confirmation to send the message”, all during a conversation about hardwood floors.
According to a Statista report , the number of IoT devices will grow from 8.74 billion in 2020 to more than 25.4 billion in 2030 . The tremendous potential of IoT promises to revolutionize our future , but at what cost?
Buried deep under the customer agreement is the mutual consent of third parties being able to access customer’s personal info. From data breaches to environmental concerns, the lack of transparency lays the foundation for legal and regulatory compliances. In the words of John Knoll,
Any tool can be used for good or bad. It’s really the ethics of the artist using it.
The magnitude of seriousness further intensified in 2017 when the FDA announced that they had discovered a serious vulnerability in implantable pacemakers made by St. Jude Medical. The vulnerability was detected in the transmitter that pacemakers used to relay information about the patient’s vitals to physicians. Once attackers gained access , they were able to alter its functioning, deplete the battery, and even administer potentially fatal shocks.
In the current age of autonomous vehicles, a team from IBM conducted an experiment where they were able to access onboard software of a Jeep SUV and exploit a vulnerability in the firmware update mechanism. They were able to alter the speed, turn the wheel and veer it off road.
The increasing indispensability of IoT in various industries is prompting brands to adapt to this evolving environment . However, Forbes reported that a significant 77% of security experts believe manufacturers were not implementing adequate security measures , especially among router producers. This poses a major concern as majority of IoT devices operate through WiFi. A notable example is TP-Link, a prominent global provider of home routers, where over 55% of FTP protocol users have open FTP ports susceptible to intrusion. Concerning HTTP protocols, 1.2 million routers were identified with weak access credentials.
In a recently conducted survey by the company Fastly, IoT devices face relentless probing, with attackers attempting to exploit vulnerabilities 800 times per hour, an average of 400 login attempts per device, 66% of which are successful. Once infected, an IoT device can launch an attack within six minutes of going online. Devices are breached through uPNP(Universal Plug and Play) , a technology facilitating instant connections to network-enabled devices. Reverse-engineering firmware can unveil hardcoded credentials or software vulnerabilities in IoT devices. Some devices store critical security information within the firmware itself, making it easier for attackers to gain complete control over the device.
Listed below are certain steps that can be undertaken to combat unethical activies:
★ Developing Industry Standards ( Eg : IEC 62443 standards )
★ Certification of IoT Devices ( To ensure compatibility and interoperability)
★ Authentication Enhancement (2 factor authentication,secure gateways)
★ Network/Physical Security ( Employ VPN, HTTPS, AES / RSA encryption algorithms )
★ Privacy Enhancement Technologies ( Anonymization and pseudonymization)
Ethics is not simply limited to privacy and accountability. Ethical IoT deployment involves efforts to ensure that advancements are accessible to all socioeconomic groups, preventing social and cultural implications in the long run. Ethical IoT design involves minimizing the environmental impact, from device manufacturing to end-of-life disposal.
As Bill Moyers aptly notes,
Our very lives depend on the ethics of strangers, and most of us are always strangers to other people.
Our lives are intertwined with the ethics of strangers, emphasizing the shared responsibility we bear in shaping a secure and ethical IoT future.
