Computer security legend John McAfee’s social accounts have been racking up the retweets, likes and shares in recent days after he posted an image of what appears to be Pornhub running on the display of a smart refrigerator. His tweet accompanying the image was ominous.
“The IoT … do you believe me now?” reads part of what he wrote about the porn fridge.
It was typical McAfee, but also reflective of the colorful headline-maker’s reinvention of himself a few times over in recent years. He now leads a public company called MGT Capital Investments. MGT’s website says the firm — which includes Atari founder Nolan Bushnell on its board — “is positioned to address various cyber threats through advanced protection technologies for mobile and personal tech devices, including tablets and smart phones.”
McAfee himself — as his tweet shows — is also something of a professional Cassandra, especially when it comes to the exploding Internet of Things market. He was in Beijing in August to keynote the China Internet Security Conference to warn about security around IoT devices.
That was before, of course, developments like the DDoS attack powered by a massive IoT botnet that targeted security journalist Brian Krebs’ website. A few days ago, Krebs himself reported that the European Commission is drafting new rules to improve security around IoT devices.
All of which helps explain why, minutes before the second presidential debate was set to begin on Oct. 9, McAfee was insisting in an interview with BGR that none of us completely understands the implications of what he warns are gaping security holes inherent in IoT products.
Oh, and that he thinks the space is “a hacker’s wet dream.”
“We’re approaching a situation where we won’t have the resources to stop, prevent or recover from the potential damage coming down this pike,” McAfee said.
If that’s true, what will it take to make people think twice about filing their homes with smart thermostats, refrigerators, lightbulbs and the like?
“Basically, a catastrophe,” McAfee said. “When it was about entering World War II, what did that take? The annihilation of America’s Pacific fleet. We’re people. We’re lazy. We’re indolent. We just think the best is going to happen – and if the worst happens, someone will take care of me. But they won’t. Not this time.”
The warnings certainly don’t seem to be slowing down the expansion of the space. German software giant SAP said at the end of September it plans to spend the equivalent of $2.2 billion on IoT products by the end of 2020. Same with Samsung, which earlier this year said it would invest $1.2 billion in IoT.
“The fundamental problem is that the device manufacturers, whether they be safes or refrigerators or toasters or thermostats or lawn sprinklers or what have you – the vertical space is well-understood by the manufacturer, else they wouldn’t be in business,” McAfee said. “But what do they know about computer security? You have to ask yourself this. Probably nothing. Because with their skill set and employees and departments, what experience do they have in terms of building intelligence into their device to make it secure for us? They have none. What most manufacturers do is buy off the shelf hardware and off the shelf software. Meaning, you buy hardware and software which has had many years of exposure to hacking.”
Those warnings, of course, urge caution about a space that’s increasingly being recognized for the new degrees of convenience and utility it brings. It’s certainly cool to be able to monitor a live camera feed of your home on your phone while you’re away. Or to control something like your home’s thermostat from a smartphone.
Recent weeks, meanwhile, have also seen something of an uptick in the volume of commentary offering similarly pointed warnings about the proliferation of connected devices and the ubiquity of IoT.
Cory Doctorow, for example, laments the inevitability of a future when ordinary people will interact with “hundreds, then thousands, then tens of thousands of computers every day.” Most of those interactions will be, he says, in the form of glances and quick moments – fleeting encounters with devices that often lack some sort of user interface similar to that of a PC or smartphone.
“The economics of the IoT mean that it will remain insecure unless government steps in to fix the problem,” computer security expert Bruce Schneier writes. “This is a market failure that can’t get fixed on its own.
“Our computers and smartphones are as secure as they are because there are teams of security engineers working on the problem … This isn’t true of embedded systems like digital video recorders or home routers. Those systems are sold at a much lower margin, and are often built by offshore third parties. The companies involved simply don’t have the expertise to make them secure. Even worse, most of these devices don’t have any way to be patched.”
Schneier says the government needs to step in to set standards and mandate fixes.
McAfee thinks the only answer can come from upstart entrepreneurs untethered to legacy business models.
Coverage of him over the past year or so has certainly turned him into something of a larger-than-life caricature, or character. If he cares, he doesn’t show it. But never mind for now about his troubles in Belize; trying unsuccessfully to secure the Libertarian Party’s nomination this year; blasting the recent Showtime documentary about him; and a host of other examples.
As the rest of the country watched the nasty showdown between Clinton and Trump, the gruff-voiced McAfee was focused on one thing — warning of the crisis he’s sure will come, eventually. It will be a digital “Pearl Harbor,” he insists, lamenting that maybe then, everyone will get the message.