These fucking stories. "Here's a hyperbolic example of how the world will end because of IoT. Hyperbole is bad, so here's more hyperbole." The facts: Hackers were able to disable the brake assist on a Cherokee. Everyone has since completely lost their shit. ["Purely electronic brake and steering systems have yet to find widespread application in passenger cars. This is primarily because of the significant safety implications of steering or braking systems without a redundant mechanical backup in case of failure of the DbW system. Although it is technically feasible to address these concerns with multiple redundant electronic systems (as in fly-by-wire systems used by many airliners and military aircraft), the additional cost and service requirements have made these systems commercially uncompetitive to date. Hybrid electric vehicles employ limited electronically controlled regenerative braking, but the standard hydraulic braking system is retained. The growth in sales of hybrid and electric vehicles is likely to become an enabling factor for drive-by-wire systems in the future cars because of the availability of high power electrical supplies required for the new electrical actuators."](https://en.wikipedia.org/wiki/Drive_by_wire#Uses_in_passenger_cars) Schnier is the worst - it's no accident that Wired links to Schnier and Schnier links to wired in this big paranoid circlejerk. The fact remains that brakes and steering are hydraulic and even if Those Evil Hackers manage to cook off your power assist, you still have a goddamn steering wheel in front of you. And yes. I'm sure there's a future in which Google Cars will revolt en masse and run us all over Maximum Overdrive style. But until you have a vehicle without manual controls, you still have manual control. All the bloviating in the world won't change that.
Schneier is paranoid, that's pretty much his job description, but sticking a ton of devices you don't control on your network is asking for trouble even if you know what you're doing with what you do control. And the IoT is all about trusting devices designed by people who think the world needs smart diapers.
Yes but no. IoT is about telemetry, not control. You can instrument the fuck out of the world and it lets you know it, not control it. Just because my smoke alarm can be controlled with an app doesn't mean I can set my house on fire with it. Yes, there are servos in the world connected to the Internet. Yes, a lot of them lack the security they should have. But no, it's not a logical progression from there to "The next president will probably be forced to deal with a large-scale internet disaster that kills multiple people."
Again, I disagree. There's this leap of faith that the more things are connected to the Internet, the more damage can be done... but the things that can do damage could have been connected to the internet a long time ago and they don't. It's stupid that Chrysler's control system allowed disabling the vacuum assist on the brakes. But it didn't disable the brakes. Theoretically, a hacker could kill the regenerative braking on your Prius. But they couldn't kill the brakes on your Prius. And it's great that Schnier is raising the hue and cry about this stuff because the first big dumb things that are going to be automated are semis and hell to the yes you can cause a shitton of damage with a rogue semi. But the hue and cry should be "we should worry about this stuff" instead of "ZOMG we need to worry about EVERYTHING" which is what these articles tend to be.