« Touchy, Touchy | Main | What the Heck? »

Malware for Materials

persistence.jpgThe smart environment era is just about upon us, and I'm looking forward to seeing what happens when our previously "dumb" surroundings become embedded with Internet-connected intelligence. This is a subject I've followed for awhile, so I have some basic expectations as to what we'll see. Rapid adoption for social networks? Check. Greater energy efficiency? Check. Making the invisible, visible, in order to understand the subtle flows of information that support our lives? Esoteric, but check.

Malware? Sadly, double-check.

Spam. Viruses. Phishing. "Zombie" computers. Our online lives take place amidst a massive, escalating, and inescapable battle between malware creators and system defenders. The Internet is an incredibly hostile place, full of malicious software designed to grab our attention, invade our privacy, and (occasionally) even steal our money. Fortunately, the Internet is made livable (and even enjoyable) due to the ongoing efforts of security specialists, and that ongoing battle happens rarely grabs our attention. We know this, and while we're not happy about it, we've learned to live with it.

For the most part, malicious bits of code and data -- collectively referred to as "malware" -- have remained comfortably limited to devices that we recognize as being (to a greater or lesser extent) computers. But as products and materials that have long been seen as non-computers start to get connected to the Internet, start to include processing capability and memory, start to offer "always on" wireless connections -- all in all, start to be active parts of our environments -- the likelihood increases that we'll start to see malware pop up in unexpected locations.

What kinds of products and materials? Cars, refrigerators, walls, clothing, highways, windows, televisions, product packaging... not to mention the various devices made solely to offer a cuddly, friendly interface for Internet messages. As processors and network hardware get smaller and cheaper, the more reasons we'll think of for wanting to put them in our stuff -- and the more platforms we'll create for malware.

Most of this will be spam. Spam infests every networked communication medium, and will likely to continue to do so for the various networked communication systems in development. It's ubiquitous in massively-multiplayer games, and I expect it to be a lingering problem as the Metaverse expands. Although we haven't seen it yet, I wouldn't be surprised if spam became a drag on the fast deployment of augmented reality type systems. While filters can work reasonably well, they're not universally available -- for example, I'm baffled as to why mobile phone carriers all haven't implemented basic filters on text message systems, given the rising volume of text spam.

Since the goal of (most) spam is to grab attention, my guess is that the first public outcry about material malware will be triggered by ads for increased member size, lottery winnings, or offshore casinos popping up on refrigerator doors, in-car displays, and digital picture frames.

Arguably, viruses (and trojans) have the potential to be a more serious problem, but they face more significant roadblocks. In the abstract, the best defense against widespread virus propagation is a "polyculture" model of systems, where no one "species" of host dominates. Viruses thrive in monocultures, whether industrial single-species forests or commercial single-operating system networks. In monocultures, all potential hosts for a virus have effectively identical structures (whether DNA or OS), and the "disease" can easily jump from host to host. In polycultures, conversely, viruses can't propagate as readily since new potential hosts often have widely-divergent configurations.

Anti-virus code, firewalls and the like will certainly help, but hardware and software diversity may be the most important factor preventing the rapid spread of viruses in the smart environment world. The more closely the operating system in your smart shirt is related to the operating system in your television, your Internet-connected camera, and/or your smart home energy system, the more likely it is that someone will be able to figure out how to write something that could infect all of them.

A greater concern is that the viruses (and trojans) that do exist will take advantage of the legacy of trust we have for the dumb versions of the now-smart materials; will we have to worry about what the (voice-controlled) refrigerator overhears or the (video-chat-ready) television sees?

I'm particularly fascinated by the possible new forms of malware that could emerge unique to the new technologies. I've mentioned some possibilities in the past: intentional misinformation/data-pollution in information-dense environments; physical "spam" produced by Internet-connected fabricators; even "sock bots," scripted avatars used to disrupt virtual world gatherings while looking like a mass activity (upon reflection, "bot mob" is probably a better term). The more powerful and flexible our everyday tools and environment become, the more we'll have to pay attention to keeping them on our side.

Does this mean that we're diving headlong into disaster? No. Just as we've become inured to the inundations of spam, accustomed to regularly updating anti-virus software, and bored with the constant, clumsy phishing come-ons, we'll eventually be resistant (both technically and culturally) to the malware outbreaks that pop up in our new toys. The transition period may be a bit rough, but if we're aware of the potential before it hits, we won't be so readily taken by surprise.

Just make sure you keep your anti-virus/spam-filter/malware filters on your furniture up to date.


Creative Commons License
This weblog is licensed under a Creative Commons License.
Powered By MovableType 4.37