You don't have to be on a computer to get hacked

Computer-like devices are everywhere these days. We often don't even realize that they are computers, and that's why computer security isn't all that important to us. More importantly, security isn't important to the large corporations making those products either.
For instance, luxury cars:

Thousands of cars from a host of manufacturers have spent years at risk of electronic car- hacking, according to expert research that Volkswagen has spent two years trying to suppress in the courts.
“Keyless” car theft, which sees hackers target vulnerabilities in electronic locks and immobilizers, now accounts for 42 percent of stolen vehicles in London. BMWs and Range Rovers are particularly at-risk, police say, and can be in the hands of a technically minded criminal within 60 seconds.
Security researchers have now discovered a similar vulnerability in keyless vehicles made by several carmakers. The weakness – which affects the Radio-Frequency Identification (RFID) transponder chip used in immobilizers – was discovered in 2012, but carmakers sued the researchers to prevent them from publishing their findings.

Besides your car being stolen, consider the bigger security implications.

First, whether they are owned by an individual or by a fleet, AVs are the greatest force multiplier to emerge in decades for criminals and terrorists. Whether you’re a school shooter or a religious extremist, the biggest barrier to carrying out your plan is the risk of getting caught or killed by law enforcement. Only the most extreme mental illness, depraved hatred, or religious fervor can motivate someone to take on those risks as part of a plan to harm other people.
Autonomous vehicles neutralize those risks, and they open the door for new types of crime not possible today. A future Timothy McVeigh will not need to drive a truck full of fertilizer to the place he intends to detonate it. A burner email account, a prepaid debit card purchased with cash, and an account, tied to that burner email, with an AV car service will get him a long way to being able to place explosives near crowds, without ever being there himself. How will law enforcement solve physical, violent crimes committed by people who were never at the scene of the crime?

It should concern you that someone soon could steal your car in under a minute, without breaking anything, load it with explosives, and blow up a shopping center from miles away.
But if you think that is scary, consider this:
Pacemakers:

Medical devices such as insulin pumps, continuous glucose monitors, and pacemakers or defibrillators have become increasingly small and wearable in recent years. They often connect with a hand-held controller over short distances using Bluetooth. Often, either the controller or the device itself is connected to the Internet by means of Wi-Fi so that data can be sent directly to clinicians. But security experts have demonstrated that with easily available hardware, a user manual, and the device's PIN number, they can take control of a device or monitor the data it sends.
Medical devices don't get regular security updates, like smart phones and computers, because changes to their software could require recertification by regulators like the U.S. Food and Drug Administration (FDA). And FDA has focused on reliability, user safety, and ease of use—not on protecting against malicious attacks.

Someone could turn off your heart remotely. Or maybe they could set your insulin pump to Max, and you would never see them.
But that's nothing compared to this:
Infrastructure:

How easy would it be to pull off a catastrophic cyber attack on, say, a nuclear power plant? At next week’s Black Hat and DEF CON cybersecurity conferences, two security consultants will describe how bits might be used to disrupt physical infrastructure.
U.S. Cyber Command officials say this is the threat that most deeply concerns them, according to a recent Government Accountability Office report. “This is because a cyber-physical incident could result in a loss of utility service or the catastrophic destruction of utility infrastructure, such as an explosion,” the report said. They’ve happened before. The most famous such attack is the 2010 Stuxnet worm, which damaged centrifuges at Iran’s Natanz nuclear enrichment plant. (It’s never been positively attributed to anyone, but common suspicion holds that it was the United States, possibly with Israel.)

The price of the infrastructure hacking class was $3,700.
So do people really try to hack critical infrastructure such as damns, power plants, and transportation? Yes.

Hacking attacks that destroy rather than steal data or that manipulate equipment are far more prevalent than widely believed, according to a survey of critical infrastructure organizations throughout North and South America.
The poll by the Organization of American States, released on Tuesday, found that 40 percent of respondents had battled attempts to shut down their computer networks, 44 percent had dealt with bids to delete files and 54 percent had encountered “attempts to manipulate” their equipment through a control system.

OK. So people try to hack critical infrastructure. But do they ever succeed? Yes.

A year ago, Cesar Cerrudo flew to Washington, strolled over to Capitol Hill and pulled out his laptop. Then he began to hack the city’s traffic system.
The traffic lights — like so many he had tested before in Manhattan and elsewhere — were wide open to attack. Mr. Cerrudo, an Argentine security researcher at IOActive Labs, an Internet security company, found he could turn red lights green and green lights red. He could have gridlocked the whole town with the touch of a few keys, or turned a busy thoroughfare into a fast-paced highway. He could have paralyzed emergency responders, or shut down all roads to the Capitol.

It makes one wonder what would happen if just one sicko had the computer ability to do this.
Are there sickos out there with computer abilities? Yep.
Baby monitors:

Disturbing reports in recent years of hackers hijacking baby monitors and screaming at children have creeped out parents, but these incidents apparently haven't spooked makers of these devices.
A security analysis of nine baby monitors from different manufacturers revealed serious vulnerabilities and design flaws that could allow hackers to hijack their video feeds or take full control of the devices.

Cybercrime may cost hundreds of billions of dollars every year.

I remember when I was working in the IT field back in the 90's, and one of my coworkers pointed out a basic flaw in the IT industry.
Companies make money on releasing new products and new features, so that's where they put their R&D money.
Companies don't make money on finding and fixing security holes. That is a net loser. So they will only put in enough effort to prevent being sued.

Tags: 
Share
up
0 users have voted.

Comments

LapsedLawyer's picture

greedy practice by big and small business alike of externalizing costs. When a hack occurs, when an identity is stolen, who pays the price and who is responsible for fixing it? Not the irresponsible business and computer or computerized device maker that by now knows full well their machines are not secure, but the customer whose entire life is turned upside down and rent asunder by some computer nerd with as much of a greedy heart as the most vile of bankers.

And they pay their lobbyists well to keep governments from passing laws and regulations that would force them to internalize the costs they put on the rest of us.

And the lobbyists set out to hire the most compliant of politicians to run things in their favor.

up
0 users have voted.

"Our society is run by insane people for insane objectives. I think we're being run by maniacs for maniacal ends and I think I'm liable to be put away as insane for expressing that. That's what's insane about it."
-- John Lennon