5 frightening hacking targets which include planes, guns, automobiles, Nuclear power plants and everyday devices
With
nearly 5 billion non-communication devices connected to the internet
worldwide ranging from watches to CT-scanners to airplanes, providing
government, cyber criminals and cyber terrorists can cause confusion and
damage in our everyday life.
Let’s have a look at the 5 most dangerous things that can be hacked today.
Every household electronic device
Gartner,
the world’s leading information technology research and advisory
company, who have provided the above 5 billion figure says that over
2,800 million consumer devices -and more than 300 million cars are
already online. The figure is expected to hit 25 billion by 2020 due to
the number of objects connected to the Internet of Things (IoT), which
is not an unbelievable figure given that many of the household
appliances these days are coming with online functions.
Ted Harrington, who is organizing an IoT “theme park” at DefCon, which is a leading hacker conference in August, told tech site
Informationweek
“One of the things we’re constantly seeing is functionality absolutely
being considered first, and security implications not being considered
at all,”
While giving control of the baby monitors, fridges,
garage doors, and security cameras to hackers at DefCon, it would be
interesting to see the hacking unfold with the dangers of it likely to
be more delicate and extensive.
Earlier this year, Ken Westin, an
analyst for security company TripWire, told Wired “As we interact with
our devices there’s this trail of digital exhaust that we leave behind.
Once you combine this data and create very rich profiles of people.”
Two
sources are believed to bring dangers according to Westin and other
experts. Firstly, criminals who can hack objects to get to know target
behavior, steal information, and carry out financial crimes; and
secondly governments, who have a new set of devices to keep an eye on
people.
Over 70 percent of IoT devices have vulnerabilities that
can be abused by hackers, a percentage that is disturbing according to
the study conducted by HP last year.
Cars
1.4
million Jeeps were recalled by Chrysler last week after two notorious
hackers hijacked a moving car from a laptop hundreds of miles away and
demonstrated the same to the media.
Charlie Miller and Chris
Valasek told the petrified Wired journalist whose car they had hacked
and sped up and slowed down until he begged them to stop that “If
consumers don’t realize this is an issue, they should, and they should
start complaining to carmakers. This might be the kind of software bug
most likely to kill someone.”
Back
in 2011, Miller and Valasek had their first successful car hacks;
however, their own 2013 demonstration that needed them to sit in the
carjacked vehicle found no truck with automotive giants, who told them
the hack was almost the same except that the brake lines were cut
manually.
Looking for more susceptibilities, the two enraged
Americans have now humiliated Chrysler into providing a USB stick with a
fix to their customers – an offer that would probably be taken up by
only a small percentage of Chrysler car owners, while the rest would
hope that they do not become the targets.
And the danger is not limited to one brand.
Josh Corman from IoT security company I Am the Cavalry, said to
Wired
“I don’t think there are qualitative differences in security between
vehicles today. The Europeans are a little bit ahead. The Japanese are a
little bit behind. But broadly writ, this is something everyone’s still
getting their hands around.”
Getting in the grove, of late the
Congress had come up with a new bill last week that will call on
regulators to introduce more strict car security standards along with a
ranking system that would set manufacturers against each other.
With the autonomous car revolution around the corner, of course, the potential danger will only multiply.
Weapons
According
to a report in German newspapers, a group of digital perpetrators took
control of the Patriot missile system standing on Turkey’s border.
However, later the Germans officials rejected the claims, saying it was
“extremely unlikely” their missile systems could be vulnerable.
In
an interview with RT, reasoned UK-based hacker Robert Jonathan
Schifreen says systems are not linked to public networks, they require
special codes to fire the missile, which only a certain number of people
have, and you generally need the code from two or three people to fire
it, or to do anything that is of significance. I don’t think it’s
actually happened, which is not to say that some of these systems are
not hackable in some way.”
The ability to hack enemy military
equipment could cause damage worth billions has made all the leading
military powers follow them.
Earlier this year, Defense
Undersecretary Frank Kendall said “It’s about the security of our
weapons systems themselves and everything that touches them. It’s a
pervasive problem and I think we have to pay a lot more attention to
it,” after the Pentagon insisted on providing $5.5 billion dollars for
cybersecurity in the next year’s budget.
The vulnerability to
outside interference is more in the case of advanced equipment. Richard
Stiennon, chief research analyst at IT-Harvest, last month told FCW, a
US state tech procurement website, that the troubled F-35 joint strike
fighter costing over $100 million per unit, has 9 million lines of code
in its software, and 17 million more in all the software suites written
to support its basic function. According to Stiennon, it would cost
“hundreds of billions of dollars” to completely destroy the
susceptibilities in all military code in all the weapons systems used by
the U.S.
“If we ever go to war with a sophisticated adversary, or
have a battle, they could pull out their cyber weapons and make us look
pretty foolish,” said Steinnon, who believes that the problem has
resulted due to the inability to predict the action in future and a
reliance on supposedly proprietary tech on the part of the Pentagon.
“Many
of the things that are in the field today were not developed and
fielded with cybersecurity in mind. So the threat has sort of evolved
over the time that they’ve been out there,” admitted Kendall.
Planes
Earlier
this year, a tweet sent by Chris Roberts, a security researcher from a
United Airlines flight departing from Denver to Chicago marked a event
in the wider awareness that planes could be hacked. He simply plugged
into the electric box underneath a standard plane seat with just a
laptop and an Ethernet cable. He told the FBI he was able to figure a
way from the in-flight entertainment system to the important commands
that influence the plane. Roberts also said he was able to operate one
of the engines, and convincingly change direction of an actual flying
passenger plane off-course.
The
vulnerabilities that were brought out were all too real. As far as
2008, the FAA had warned Boeing of susceptibility in its Dreamliner
design; however, it still does not look like to have been completely
resolved.
“A virus or malware planted in websites visited by
passengers could provide an opportunity for a malicious attacker to
access the IP-connected onboard information system through their
infected machines,” said a US Government Accountability Office report
from April.
This is one target that will surely be tested by
terrorists in the future, which is even before the ever increasing
number of drones is considered – a hard-to-calculate batch of new risks,
some of which have already been abused by hackers.
Nuclear power facilities
Infrastructure
infiltrations like weapons hacks are meant not only for criminals or
terrorists but also for organizations with million-dollar budgets,
headquartered in Maryland, Tel Aviv and Beijing. Also, infrastructure
hacks do not require an immediate war to be employed, which is the case
in weapons hacks.
Though it is difficult to think that the U.S.
and China would go to war, but asymmetrical disagreement between world
superpowers and “rogue states” remain probable. For example, Stuxnet,
supposed to be a US-Israeli piece of malware was utilized to destroy
nuclear centrifuges in Iran. However, it was later found out in North
Korea although with little success. Surprisingly, not many similar
operations are ongoing nor this technology has been surpassed ever
since. As recent as last year, South Korea charged its northern
neighbor, Pyongyang of hacking into its nuclear plants, which was
clearly denied by them.
And
technology that initially cost governments massive funds to develop
often does eventually become available to less responsible groups, at a
fraction of the cost.
Speaking to the Jerusalem Post in April,
Gabi Siboni, Director of the Cyber Security Program at the Institute for
National Security Studies said “The disruption and possible
infiltration of critical infrastructure is the most severe form of
cyber-attack. Such attacks on airplanes or air traffic control towers,
for instance, means that hackers could cause accidents, or even paralyze
entire flight systems. As of now, this area of capabilities is the
exclusive domain of developed states,”
“I strongly believe,
however, that the next 9/11 will happen without suicide bombers aboard
the plane with box-cutters, but will occur because of a cyber-incident
perpetrated by a terror organization.”
Even though there has not
yet been a terrorist Chernobyl, according to a survey published by the
Organization of American States taken from 35 states shows that more
than fifty percent of the security chiefs of critical infrastructure
objects, such as dams, power plants, airports, said that there had been
“attempts to manipulate” their equipment from the outside.
Tom
Kellermann, Chief Cyber Security Officer for Trend Micro Inc., who
compiled the report said “This is going to be the year we suffer a
catastrophe in the hemisphere, and when you will see kinetic response to
a threat actor.”
Source:
RT.com