Secure Lava Lamps, and Why True Internet Security Is Hard to Come by

In an office building in San Francisco, there is a wall of 100 lava lamps. Red blobs in shimmering purple, sparkly green blobs in Caribbean-Sea blue, all moving up and down in a truly random pattern: These lava lamps are one business’s innovative solution to internet security.

Cloudflare is a business that provides domain name services to millions of prominent websites. In recent years, cyber-attackers have become infatuated with attacking and taking down web hosts like Cloudflare; just over a year ago, a successful DDoS attack on Dyn took major web destinations like Reddit, Twitter, Netflix, and Spotify offline for several hours. Thus, Cloudflare and its competitors have become eager to build the best possible security measures — thus, the lava lamps.

Unlike humans and computers, lava lamps can produce true randomness. Using video, the company transforms the moving blobs into a stream of bytes, which can then be used as encryption keys to keep data safe. In its London offices, Cloudflare uses the movement of two pendulums as well as randomly generated mazes and Sudoku puzzles. In Singapore, Cloudflare creates encryption keys from a Geiger counter next to a pellet of Uranium. The lava lamps may seem eccentric, but they hint at something plaguing internet users around the world: Desperation.

Cyber-attacks aren’t going away — they’re becoming more effective.

Security experts like to refer to cybersecurity as an arms race: Cyber criminals are developing more advanced ways to infiltrate networks and devices, but security firms are also developing more enhanced defenses to thwart attacks. Unfortunately, this isn’t exactly accurate. Indeed, cyberattacks are becoming more diverse and increasingly effective, but it seems that security efforts can’t keep up. In just the first half of 2017, the volume of cyberattacks doubled compared to the second half of 2016. Worse, most cybercriminal activity originates in Russia, and nearly all activity targets victims in the U.S.

A spike in cyber criminal activity was predicted, but it has proven to be dramatically worse than experts believed. It is possible that recent successful attacks, like the WannaCry ransomware and the Reaper botnet, have generated interest in illegal activity and bolstered cybercriminals morale. However, a much more likely reason for the uptick in attacks is the booming Internet of Things.

Device and software developers aren’t helping with security.

The IoT is a fascinating development in technology sure to increase efficiency, improve decision-making, and generate revenue for businesses — if it doesn’t topple them with malware first. In their rush to get IoT devices on the market, most developers have released them with extreme and extensive vulnerabilities that allow cyber criminals easy access to connected networks.

In 2017, the number of logged vulnerabilities increased by roughly 30 percent over 2016; about 35 percent of those vulnerabilities contained a public exploit, and more than half of all vulnerabilities are remotely exploitable, meaning criminals can get in without having the devices in-hand. While about three-quarters of developers had offered solutions to their disclosed vulnerabilities, device users often neglect updates and patches, allowing the vulnerabilities to persist.

The emergence if the IoT is perhaps the most probable reason for the increase in vulnerabilities. Because IoT tech is so new, many developers are uncertain what security precautions are necessary. Fortunately, the U.S. Senate has proposed a bill that would mandate security standards in all IoT used in government buildings, which would ultimately revolutionize IoT security for everyone. However, this could be months or years away, allowing cybercriminals plenty of time to launch successful attacks using existing vulnerabilities.

It’s every user for themselves.

There exist some laws regarding internet security, but few actually help individuals and organizations stay protected or recover lost assets. Thus, users must understand the risks to their devices and data and employ reliable security precautions in their homes and on the road. Similarly, businesses must devise their own network security protocols that stay ahead of clever cyber criminals’ tactics.

Just as criminals continue to launch physical attacks — robbery, assault — they will never cease in their efforts to steal digital data and debilitate digital property. Until the government takes serious strides toward protecting U.S. citizens against cyberattack, we must do what we must to keep our devices and data safe — including, perhaps, buying a lava lamp or two.