Previous: Do You Have a Maximum Heart Rate?
Next: SciShow Quiz Show: Pit Stains & Climate Change



View count:126,251
Last sync:2022-11-21 21:00
As we hurtle through the development of the digital world, it's important to keep in mind the security implications of the technology we use.

Hosted by: Olivia Gordon

SciShow has a spinoff podcast! It's called SciShow Tangents. Check it out at
Head to for hand selected artifacts of the universe!
Support SciShow by becoming a patron on Patreon:
Dooblydoo thanks go to the following Patreon supporters: Jerry Perez, Lazarus G, Kelly Landrum Jones, Sam Lutfi, Kevin Knupp, Nicholas Smith, D.A. Noe, alexander wadsworth, سلطان الخليفي, Piya Shedden, KatieMarie Magnone, Scott Satovsky Jr, Charles Southerland, Bader AlGhamdi, James Harshaw, Patrick D. Ashmore, Candy, Tim Curwick, charles george, Saul, Mark Terrio-Cameron, Viraansh Bhanushali, Kevin Bealer, Philippe von Bergen, Chris Peters, Justin Lentz
Looking for SciShow elsewhere on the internet?
Personal interview with Troy Hunt
The report available from

Image Sources:

One Friday in October 2016, a big chunk of the Internet went missing. The internet company Dyn, which routes traffic to Twitter, Netflix, and thousands of other sites, had been paralyzed by bogus requests from hundreds of thousands of computers, all infected with a malicious software called Mirai.

But these weren’t any old computers. Many were webcams, smart light bulbs, fitness trackers, and other everyday devices that connect to the internet. Collectively, they’re known as the Internet of Things, or IoT.

As these gadgets gain new abilities, like how a wi-fi enabled doorbell might be able to unlock your front door, they also offer fresh opportunities to cyber criminals. So just how worried should you be about that smart toaster? And what can we do to make our stuff safer?

Internet of Things gadgets are vulnerable to the same takeovers as regular computers. But their access to the physical world can make the consequences much bigger. For instance, if your live streaming dog monitor is hacked, your private data can be exposed — things like pictures of your family or the layout of your house.

Or someone could make your kid’s wi-fi enabled talking teddy bear say anything. That’s pretty creepy, but it gets even scarier when you replace the teddy bear with a home security system, a car, or a pacemaker. The damage isn’t limited to the thing that’s been hacked, either.

A lot of these devices, and sometimes even your laptop, assume that they can trust other machines connected to your home wi-fi network. So if your smart water bottle is compromised, the hacker might be able to send commands to the smart lock on your door, too. Now, there are also serious risks beyond individual owners.

The most common thing that hackers do with their machine victims is weaponize them into botnets—armies of enslaved drones. Then, criminals can hide their nefarious activities behind the normal internet traffic of thousands of machines. For example, in 2014, a massive botnet that included TVs, routers, and at least one smart refrigerator, was caught sending millions of spam emails.

And if a botnet like Mirai suddenly floods a company like Dyn with traffic, it can take down web services in a distributed denial-of-service attack. It’s like if your telephone was forced into a pool of a thousand auto-dialers constantly calling a pharmacy: real calls can’t get through, and there are so many involuntary fake calls that the company can’t block them all. Now, these issues aren’t unique to the Internet of Things.

But IoT devices are extra vulnerable. Manufacturers bring them to market as quickly and cheaply as possible. All too often, the place they cut corners—you guessed it—security.

Many companies grab off-the-shelf software and don’t customize it for each device. For instance, smart light bulbs don’t need printing software, but manufacturers might not bother to delete it from the stock operating system. So if the chunk of code that accepts files for printing mistakenly allows a hacker to inject their own program, you’re in trouble.

And these things rarely update automatically; nobody wants to flip the light switch and hear, “Please wait until your lights finish updating.” So even if a security bug is fixed, those app-controlled bulbs may never hear about it. Plus, any operating system is only as secure as the password you need to log in and make changes. And manufacturers of IoT devices often set passwords to dumb, predictable defaults like “admin1234”… and who changes the password on their smart egg tray, anyways?

To make matters worse, the hardware might have too little memory and processing power to run standard defenses like firewalls, which try to block unwelcome intrusions from the internet. And how would you even know that your smart weight-loss fork is infected with a virus when its only way of communicating is buzzing? Finally, the sheer scale of the Internet of Things intensifies the problem.

Mirai grew way bigger than most botnets simply because there were so many vulnerable IoT devices. So…this can all sound pretty terrifying. But the truth is that for now, the main threat to an average user is garden-variety data theft.

Most of the fancier attacks are too difficult and their payoffs are too low for crooks to bother. After all, if your enemies are so committed that they’ll track down your glucose monitor and hack it, you probably have other things to worry about beyond IoT security. But it may not be long before a hacker can lock your smart thermostat at its max while you're on vacation, running up your energy bill until you pay a ransom.

If manufacturers don’t start baking security into the design of their products, experts worry that we’re heading for a train wreck. They suggest a couple of solutions, including being selective with what data to record, and encrypting whatever data is sent around. They also recommend that manufacturers set a unique default password for each device and only accept commands from someone who’s logged in.

Automatically monitoring for suspicious activity would help, too. There are also a few steps you can take to protect yourself from your devices:. You can manually check the manufacturer’s website for updates and change any passwords that the software allows you to.

Don’t put webcams anywhere you wouldn’t broadcast. Isolate smart devices on separate wi-fi networks from your computers and phones. You can do that with a second router, or on some routers you can just set up a second untrusted “guest network.” And, y’know, consider whether you really need that hairbrush to connect to the internet.

Ultimately, though, it’s going to take pressure from all of us. Manufacturers need to hear that we don’t just want cool features, but guarantees that they’ll keep us safe. Thanks for watching this episode of SciShow, which is produced by Complexly, a group of people who believe the more we understand about the world we live in, the better we get at being humans.

If you want to learn more about this stuff, check out the Crash Course computer science series at [♪OUTRO].