Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Held for ransom by the digital 'mob'

Taylor Armerding | Jan. 6, 2015
Everybody has heard of business owners forced to pay "rent" to mobsters to ensure that their building doesn't "accidentally" burn to the ground or suffer some other deliberate misfortune.

That was the message a year ago from Craig Heffner, a vulnerability researcher with Tactical Network Solutions. In a discussion of the "connected home" a year ago at a conference hosted by the Federal Trade Commission (FTC), he said that, "consumer devices typically don't have any security, at least not by today's standards."

Finally, with the FTC predicting that the number of embedded sensors or devices will hit 50 billion or more by 2020, it is obvious that they could offer an almost unlimited attack surface.

So far, this is not a major problem. But experts say it is coming.

Shaker said the chances of being "held up" for ransom today before you can start your car are "pretty small. But the vulnerability to hacking is already obvious, he said, since, "we're already seeing cars where people can start it with their mobile device."

And as Chris Hadnagy, founder, CEO and chief human hacker at Social-Engineer notes, "Any device that connects to the Internet or uses Bluetooth with weak encryption is susceptible to an attack.

"Imagine a world where a whole network can be compromised from a coffee machine," he said. "You don't have to — I have seen it first hand. Network-enabled devices means that someone can alter, adjust, spy, listen and use that device in any way they want if they compromise it."

Howard, speaking on the Georgetown panel, said at least one auto manufacturer has a Linux box in the dashboard that not only provides access to music services like Pandora and social media like Facebook, but also controls the brakes and the airbags. "I can't imagine what a DoS attack will do, when both your Pandora and your brakes stop working," he said.

James Arlen, director, risk and advisory services at Leviathan Security Group, said he thinks it could start with home automation systems. "The one to watch for is a vulnerability in a thermostat — it has direct safety and financial costs associated with it," he said. "Cycling the temperature up and down is a great scenario, used with great effect as part of the Heinlein novel 'The Moon is a Harsh Mistress,' published in 1966."

Of course, not everybody has to have a home automation system that puts control of everything from thermostats to door and window locks and major appliances onto the Internet.

But it may be difficult for consumers to buy a new car that is not connected.

"The black-box functionality in a modern automobile is very difficult to get rid of without resorting to, 'hack the car and hope it stays hacked,'" Arlen said.

Howard, in an interview, said disabling the connected features of cars will be, "too complicated for the average Joe.


Previous Page  1  2  3  4  Next Page 

Sign up for CIO Asia eNewsletters.