网络安全:或将被入侵的物联网

原文链接:Cyber-security – The internet of things (to be hacked)


Hooking up gadgets to the web promises huge. But security must not be an afterthought

将各种东西交联到互联网上似乎前景极大,但首先应该考虑到安全问题。

CYBER-SECURITY is now part of all our lives. “Patches” and other security updates arrive for phones, tablets and PCs. Consultants remind us all not to open unknown files or plug unfamiliar memory sticks into our computers. The bosses of some Western firms throw away phones and laptops after they have been to China assuming they have been hacked. And yet, as our special report this week points out, digital walls keep on being breached. Last year more than 800m digital records, such as credit- and debit-card details, were pinched or lost, more than three times as many as in 2012. According to a recent estimate by the Centre for Strategic and International Studies, a think-tank, the cost to the global economy of cybercrime and online industrial espionage stands at 445 billion a year—about as much as the GDP of Austria.

如今,网路安全与我们每个人息息相关。手机、平板电脑以及个人电脑上的各种“补丁”以及其他的安全更新应运而生。安全顾问提醒我们不要打开未知文件或将陌生的记忆棒连接到自己的电脑上。一些西方公司的老板如果在中国遭遇黑客,他们就会将手机跟笔记本电脑扔掉。正如本周的特别报道中指出的,数字墙正遭受着源源不断的攻击。去年,诸如信用卡和借记卡记录在内的超过 800m 的数字文件被删除或丢失,是2012年的三倍之多。据战略和国家问题研究中心—一个智库—最新评估称,全球经济网络犯罪和网络工业间谍活动一年耗资为4450亿美元,将近奥地利的 GDP。

Now a new phase in this contest is emerging: “the internet of things”. This involves embedding miniature computers in objects and connecting them to the internet using wireless technology. Cisco, a technology company, predicts that 50 billion connected devices will be in circulation by the end of the decade, up from 11 billion last year. Web-connected cars and smart appliances in homes are becoming more common, as are medical devices that can be monitored by doctors many miles from their patients. Tech companies are splurging cash: witness Google’s punt on driverless cars and the 3.2 billion it has spent buying Nest, a maker of smart thermostats.

如今,这场对抗的新阶段正在形成——即物联网。包括将微型计算器嵌入物体中并利用无线技术将他们连入互联网。思科技术公司预测,在去年110亿的基础上,2020年底以前将有500亿连接装置处于流通。联网汽车和智能家电以及能供医生远距离监控病人的医疗装置越来越普遍。科技公司斥巨资于此,例如谷歌投资无人驾驶汽车并花费32亿美元收购智能恒温器公司 Nest。

Such connectivity offers many advantages, from being able to adjust your house’s heating when you are in the office to alerting your doctor that your insulin level has risen. But it also gives malicious hackers an easy way to burrow deeper into people’s lives. The small, embedded computers at the centre of the internet of things do not have as much processing power or memory as, say, a smartphone, so security software on them tends to be rudimentary. There have already been instances of nefarious types taking control of webcams, televisions and even a fridge, which was roped into a network of computers pumping out e-mail spam. And security researchers have found ways of hacking into some kinds of medical devices and cars, though this still requires specialist knowledge and kit. The wireless heart monitor of Dick Cheney, America’s former vice-president, was modified to stop remote assassination attempts.

这样连通性提供了许多好处,例如当你在办公室就能够调节房子的供暖设备,又或是在你的胰岛素水平上升时提醒医生。但同时它也使得恶意黑客们很容易就深入挖掘到人们的生活。物联网中心的小型嵌入式计算机没有像智能手机那样的多处理能力或内存,所以往往需要安全软件。已经有通过网络群发垃圾邮件控制摄像头、电视甚至冰箱的例子。尽管需要专业的知识和装备,安全研究人员仍发现一些侵入某些医疗设备和汽车的方法。美国前副总统迪克·切尼的无线心脏监视器就是通过修改来停止远程暗杀的。

Beware the fridge in Ealing

当心伊林的冰箱

For the companies building the internet of things, its vulnerability could be costly. The tactic of pumping out new software as fast as possible and then issuing patches later to fix flaws in the code may be tolerable if all that is lost is data, but if it involves personal safety, consumers will be less tolerant. In order to avoid lurid headlines about cars crashing, insulin overdoses and houses burning, tech firms will surely have to embrace higher standards. Just as with computers and phones, there will be more passwords and more updates, though that may make the internet of things less easy to use—a blow for a business based on making life more convenient.

对于构建物联网的公司而言,计算机的漏洞可能会使其付出巨大代价。如果只是丢失了数据,尽快推出新的软件然后发布补丁修复代码中的缺陷这一策略是可以被接受,但如果涉及到人身安全,消费者将不会那么宽容了。为了避免关于撞车、胰岛素过量以及房屋失火等耸人听闻的标题,科技公司必将执行更高的标准。就像电脑和电话,物联网将会需要更多的密码和更新,尽管使用上不再方便,但这是为了使生活有更多的便利。

For governments, the temptation will be to panic and do too much. They should make clear that web-connected gadgets are covered by existing safety laws and existing product-liability regimes: last year Japan’s Toyota was successfully sued for installing malfunctioning, but not web-connected, software. Wrongdoers should be punished, but the best prompt for securing the internet of things is competition. Either tech firms will find ways to make web-connected gadgets more dependable, or people will decide they can live without them. Who needs a smart fridge anyway?

对于政府来说,这种诱惑是危与机并存的。他们理应明确上网设备是由现有的安全法律、现有的产品责任制度所涵盖。去年日本丰田成功起诉了安装故障而不是网络连接或软件。违法者应该受到惩罚,但保障物联网的最好方式是竞争。是科技公司设法使上网设备更可靠,还是人们决定他们生活中是否应该依赖于此?到底是谁需要一个智能冰箱呢?

Leave a Reply