Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

BLOG: The security threat Stephen King warned us about?

Taylor Armerding | Dec. 13, 2011
Remember the film "Maximum Overdrive," where machines took over and went on a murderous rampage? With cars and appliances ever more computerized, such a security threat seems a little less farfetched as we head into 2012.

Most people know that their computers and smart phones are under the constant threat of attack from hackers. But your car? Your house? Your TV and other consumer electronics?

It seems like a take on Stephen King's short story " Trucks" -- where machines come to life and go on a murderous rampage (the movie version was "Maximum Overdrive"). In this case, hackers find security flaws in the computers running our vehicles, appliances and medical devices and wreak havoc.

See the related Salted Hash blog post, " McAfee report reminds me of 'Maximum Overdrive'"

The real threat is far less dramatic, of course. But just a couple years ago, few people were seriously talking about this as a danger that might someday come to pass. As we look to 2012, however, the potential seems a lot less ridiculous, since our electronics increasingly tend to be part of a home network with an IP address -- one that can be controlled by a mobile device.

Some experts in information security believe 2012 will be a year when hackers focus more on those things.

Anup Ghosh, CEO of Invincea, says that, "in the search for more interesting devices to hack, the adversary is going to transition from traditional IT networks to embedded systems, which we normally think of as physical systems -- your car, TVs, your house, your office building. Systems that are networked and run a lot of software will be fertile ground for hackers."

Ghosh says the devices in the house simply become another node on the home network. "The devices will run an operating system kernel of some kind and accept network connections. Hackers will be able to exploit the network interface and software services running on these devices to gain privileged access to these devices. From there, they can launch attacks against other devices, store data, and exfiltrate data off the home network."

Ghosh says researchers from the University of California at San Diego and the University of Washington have already demonstrated how to hack cars through the CD player and Bluetooth interface. He says that makes any number of subsystems in the car vulnerable to exploitation. Hackers could track a vehicle, kill the ignition switch and unlock the doors.

Jason Rouse, principal security consultant at Cigital, says these capabilities are not new.

"Frankly, we've been able to break into a car for a decade," he says. "There is a worm hole attack that lets you unlock a car door just by walking past the driver. But in most cases that's not that interesting to hackers. Their primary goal is to make money."

But he does agree that there is increased danger to cars and appliances because of the convergence of controls for home or car systems with mobile devices.


1  2  Next Page 

Sign up for CIO Asia eNewsletters.