More of this feature • Part 1: Enabled Devices • Part 2: Security

Elsewhere on the Web • Reptile Labs • LG Electronics • BBC Article

A recent article in BBC News reported that toilet-maker Twyford is planning to design a loo that monitors excrement and reports discovered health items via the Internet. One of the proposed features cited by the toilet's manufacturer would be to notify the local supermarket automatically when more roughage is needed in the diet. One can only hope hackers don't crack the system and post personal bowel habits for the entire world to review. Some experts believe such devices are just the tip of the iceberg and are raising a red flag of warning over these web-enabled household appliances.

A.Lizard of ReptileLabs has performed extensive research into the security risks 'Net-enabled devices might impose. Given the recent Code Red compromises, Mr. Lizard questions, "if the major *network* equipment companies are bungling this, can the home appliance industry do a better job?"

LG Electronics has already introduced a 'Net-enabled refrigerator, washing machine, and microwave. These appliances are expected to be available to US consumers in the early part of 2002. The refrigerator, already shipping to customers in South Korea, sports a LAN port for dedicated Internet access complete with email and top-mounted digital camcorder. Whether used for downloading custom wash cycles, recipes, or remote diagnostics, it seems likely that consumers will welcome these connected devices. However, given the problems of securing a personal computer from hackers, one can only wonder if such devices will lead to similar assaults.

Question: Mr. Lizard, you recently wrote a review of the Belkin UPS in which you noted that the remote access portion of the software could rather easily allow a hacker to remotely power down a PC. Certainly the loss of unsaved work would be problematic as would the possibility of damage to your system if files became corrupted in the process. Has Belkin made changes to better secure the remote access portion of the software?

A.Lizard: If they have, they haven't bothered to inform me of them. I don't believe they have. Note: after this interview was complete, Mr. Lizard discovered that the new software release of Belkin Sentry Bulldog has been fixed so that password access works normally, i.e., that attempts to access pages other than the login page come up “Authentication Failed”. However, he does not regard the problem as fixed, since the password is "passed across the Internet as plain text, ready for anyone with a packet sniffer to capture." According to Mr. Lizard, “The possibility of this exploit hasn’t been removed, the barrier to entry has just been raised a couple of notches.”

Question: Given the problems presented by a seemingly innocuous UPS, what types of exploits do you envision could occur with the offerings proposed by LG Electronics?

A.Lizard: Refrigerator: Somebody breaks in and either simply turns off the refrigerator or sets it to higher temperature to run the bacteria count up.

Washing machine: Imagine the machine running continuously when you aren't home. Imagine the impact on your water and electric bills. If diagnostic and control modes are available to hackers, imagine simply turning the water ON and the drain valve OFF.

Microwave: Most microwaves don't like being run with nothing inside.

Personally, I'm looking forward to gas ovens / stoves and electric heaters being Web enabled. Once enough of a house is Web-enabled, one can start playing with device interactions. Turning on a heater and air conditioner at the same time. Turning on the valves controlling burners on a gas range or oven and turning the ignition source OFF, followed by turning a toaster or toast oven continuously ON.