Do you set your computing devices to automatically update? I used to, but got bitten by more than a few updates that broke something vital in the operating system. Hours rebuilding computers isn’t something I enjoy. I now only do attended updates, so I can see what’s going on (not that that’s always a defence).
Manual updating is tedious and a pain in the rear, as update screens flag up and nag you when all you wanted to do was finish some paperwork to print, or email.
The reality is that updating is essential; nothing can be allowed to stand still lest it fall far behind.
And if you’re a smartphone or smart TV owner, you may well be grinding your teeth that your recently shiny kit is stranded in a digital backwater after having been quickly abandoned by the manufacturer.
Sometimes, no matter how much you want to, you can’t update.
But I am always looking to update, so there I am in a meeting with my software developer guy, enthusiastically discussing potentially wonderful, updated, job management software.
Developer guy has no more selling to do: I am convinced and sold on his bespoke software and, realise I needed it like three years ago!
We discuss how it’s to be implemented and agree that it’s best website-based.
So I then tell him, I’ll speak to the webmaster and get him website access in order to perform his dark arts.
There’s a slight pause followed by a very wicked smile and, then my guy says, “No need for that Bruv, I’ve already cracked the security on your website and had a good poke about….”
He follows this with, “You don’t half get a lot of hits from Russia! Don’t you ever check your web logs???”
By way of explanation, I pay the webmasters to manage the site, but they only do this upon direction. But he was right, there were indeed lots of hits from places as diverse as Hertfordshire (for some reason), China, the USA, Canada, Finland, Ukraine, Lithuania and even Uganda.
I would have liked to think it was because the website was flashy and dynamic, but we offer no international services, so sadly there might have been a darker reason for the web traffic. To be fair to the software guy, he openly tells me where the site vulnerabilities are, so I “loose the hounds” and happily, no malware or any other nasties were found (ergo, the website must be flashy and dynamic, then…).
But this is not to say that something naughty wasn’t afoot…
Anyhow, the incident inspired me to actually pay for regular site maintenance (updating, cache cleaning, inspection of logs etc), rather than the casual affair I had going on. I might have been a potential victim of my own complacency had it not been for that wake-up call.
So, given the eagerness and abandon with which big business routinely embraces personnel-reducing technology (without really assessing the implications), I have a worry or two. The utilities are currently rolling out smart meters to those previously fortunate customers, who don’t already have them. This will allow them all sorts of arcane control (for good or ill). I am refraining from mentioning, in too much depth, the Electrosmog contingent bitterly opposed to them and lobbying to get the roll-out stopped on health and economic grounds. They may have a point.
One of my fears is that the utilites won’t be able to keep all of the advantages of these meters solely to themselves. Of course, recent high profile data breaches, may suggest that we have more to fear from the utilities’ management of our information, than hackers.
But I am constantly amazed at the ingenuity of hackers. Given time, I’m sure they’ll crack the secrets of existence itself, but it seems they’re currently happier cracking all sorts of Internet-enabled tech. I was reminded of this while reading a BBC article about the hacking of smart bulbs.
The researchers/hackers were able to extract a network username and password from the signals being passed between the smart light bulbs. The feat wasn’t trivial and took them two weeks, but they nevertheless did it. If you’re the owner of such a system, you’ll be pleased to know that the vulnerability has been patched. It remains to be seen how often the utilities patch their hardware.
You may have heard of the “Stuxnet” worm. It’s piece of malicious code flying about all over the place, that’s used by hackers to attack Siemens programmable logic controllers. It doesn’t care whose PLC it finds and it can wreak serious havoc. If Stuxnet wasn’t malicious enough, it’s origins are darker still.
PLCs originate from the latter half of the last century and are found everywhere in industry (we fit them…). It’s not hard to understand their vulnerability to electronic attack, as PLC designers could hardly have imagined their kit coming under cyber attack, way back when. But that’s the world we have today.
In my little story above, I mentioned my negligence in checking my website logs, but it’s a different story with my router. I check these whenever there’s a need (often) and have lost my astonishment at the probes the router receives daily. Anyone up-to-speed will be aware that there’s automated software out there, jiggling the locks of millions of routers looking for open doors. Reverse lookups show that the majority of these probes tend to come from a particularly industrious nation.
It’s always amazed me that computer operating systems generally seem to want to hide this information from you. Default setups don’t even want you to know when the software on your computer is calling home.
So one also wonders what new wheeze, specially-crafted worms will pull with these new smart meters (and I predict that it’s something the designers hadn’t intended…).
A lot can be extrapolated from a record of someone’s power usage. For instance, a hacked meter can readily suggest when no one is at home. And that’s just for starters. The mind truly boggles!
But do not be misled, intrepid reader. At Aegis we’re more than happy to push new technology, so don’t let this article come across as us being all Luddite.
If new-fangled connectivity is what you’re after, you’ve certainly come to the right place. Once tech is fitted, you’ll just have to be certain to update it where necessary to keep it safe online.