Internet of Things opens up hacking fears
Print Edition
A software glitch that allows hackers to commandeer a Jeep Cherokee while on the move is just a glimpse of dangers on the road ahead for the Internet of Things.
The ability to seize data from and take control of once-dumb devices that are now deemed “smart” with wireless Internet connections was a hot topic at the premier Black Hat cyber-security conference in Las Vegas on Wednesday.
Researchers described how they remotely took control of a moving car or re-aimed high-tech sniper rifles, and many at the gathering warned the ramifications could be far more serious and wide-reaching.
For starters, many companies don’t even have teams tasked with making sure their smart devices are secure.
“Almost none of the Internet of Things device-makers have any real security teams, it is sort of a gold rush to market,” Black Hat founder Jeff Moss said.
He expects the problem to grow, with skilled hackers eager to push the boundaries.
“The Jeep hack is the beginning,” said Moss, who also founded the annual Def Con hacking conference that ends today in Las Vegas.
“Criminals are geniuses at figuring out how to misuse this stuff.”
He theorized a scenario in which a connected home appliance, a toaster for example, is hacked and becomes an entry point for an attack that hops wirelessly to other online devices, such as entertainment systems. A hacker could then jump next door via wireless Internet to take over a neighbor’s home devices.
The possibilities for hackers are numerous — and chilling.
Data from smart appliances or other devices can be used to learn about people’s lifestyles. Cameras in smart gadgets could be activated to spy on intimate moments people would prefer to keep private.
Adding to the problem is the fact that smart appliances, such as ovens or washing machines, are designed to last but do not typically get software updates. With time, hackers find vulnerabilities, and companies do not protect devices against attacks with new security software.
“You can see us racing toward a future where everything is connected, nothing is updatable, and it is going to last 10 years,” Moss said.
“Then, it is a numbers game. A million of anything is trouble, a hundred million is a disaster.”
Massive car recall
Fiat Chrysler Automobiles issued a safety recall for 1.4 million US cars and trucks in July after hackers demonstrated that they could remotely control their systems while the vehicles are in operation.
The recall came after cyber-security experts Charlie Miller and Chris Valasek remotely commandeered a Jeep Cherokee, made by Chrysler, to demonstrate the vulnerability of the vehicles’ electronic systems.
Working from laptop computers at home, the two men were able to enter the Jeep’s electronics via its online entertainment system, changing its speed and braking capability and manipulating the radio.
The pair said it was easy.
“This was a weekend project,” Miller said. “What if we did this full time, or got paid to do it?”
Miller is a security researcher at Twitter and Valasek works at cyber-security firm IOActive.
“Car companies spend millions of dollars on safety, and now this is a part of safety, whether they like it or not,” Valasek said.
Chrysler offered a free software patch for vulnerable vehicles, but said it didn’t know of any hacking incidents.
The Internet of Things promises to thrust into the spotlight an issue of liability that software makers have managed to avoid, according to Jennifer Granick, director of civil liberties at the Center of Internet and Society at Stanford University law school.
Most people might not think to sue a software maker when a computer crashes, but the odds are high they will when a smart car crashes, Granick said.
- About Us
- |
- Terms of Use
- |
-
RSS - |
- Privacy Policy
- |
- Contact Us
- |
- Shanghai Call Center: 962288
- |
- Tip-off hotline: 52920043
- 沪ICP证:沪ICP备05050403号-1
- |
- 互联网新闻信息服务许可证:31120180004
- |
- 网络视听许可证:0909346
- |
- 广播电视节目制作许可证:沪字第354号
- |
- 增值电信业务经营许可证:沪B2-20120012
Copyright © 1999- Shanghai Daily. All rights reserved.Preferably viewed with Internet Explorer 8 or newer browsers.
