Today’s mantra in cyber security circles is that everything is hackable if it’s connected to the internet.
And while the new craze in connected devices promises to bring convenience to our lives like never before (cook the perfect steak, get location-based traffic updates, and never forget to take your medication again) there is a dangerous trade-off that experts warn is not being given proper attention.
This past month alone has brought worrying revelations of security flaws in internet-enabled objects from guns to medical devices and cars – all of which, if subjected to malicious interference, have the potential to kill us.
CQR Security co-founder Phil Kernick says as more manufacturers jump on the hi-tech bandwagon, regulatory authorities the world over are lagging on how to keep consumers safe.
For instance, medical regulators such as Australia’s Therapeutic Goods Administration have strict approvals processes but no security testing, leaving safety issues incumbent on manufacturers, which may not be up to the task.
“If you’re a medical technology company, you’re not a security firm – you don’t even understand why this is a problem,” Kernick says.
He worries that nothing will change until someone dies.
Here are five connected objects you may want to think twice about using, so long as we live in this regulatory “Wild West”:
1. Medical devices
Medical device manufacturer Hospira came under fire this month after US security and regulatory authorities urged hospitals to stop using its internet-enabled Symbiq infusion system, which pumps drugs into a patient’s bloodstream via a drip.
Cyber security expert Billy Rios discovered the pump was hackable via a hospital’s staff network, meaning it could be controlled remotely to change a patient’s dosage, with potentially lethal consequences.
More than three years ago, the late security expert Barnaby Jack demonstrated a similar vulnerability with an insulin pump, which could be hacked to mete out a dangerous dose of insulin to a diabetic.
Other devices, including some pacemakers, can communicate wirelessly too, and unlike smartphones or PCs which automatically receive software update notifications, it’s much harder to patch vulnerabilities on these types of devices.
2. Vehicles
A security flaw discovered in Jeep Cherokees sold in the US made big headlines last month, resulting in an unprecedented recall from maker Fiat Chrysler of 1.4 million vehicles.
Hackers demonstrated they could take over a car’s controls remotely via the Jeep Uconnect infotainment system – potentially smashing it into a wall at high speed, or hurtling it over a cliff.
Earlier this year, the aviation sector also came under scrutiny after hacker Chris Roberts claimed he had been able to gain access to flight control systems via a plane’s entertainment system.
3. Weapons
Bad aim? No problems – firearm manufacturer TrackingPoint has created a “smart rifle” which can correct your shot by factoring in blustery winds, distance and ammunition weight, and will calculate the best moment to fire a shot after the trigger is pulled. It can record this all on video, too.
Except, a hacker can mess with its “smarts” using a simple default password, causing you to miss your target, big-time.
4. Home appliances
Smart kitchen and laundry appliances are all the rage right now for companies like Samsung, LG and Panasonic.
Turn your oven on using an app before you arrive home for a better roast, and let your busted washing machine “diagnose itself” for better customer care service.
Now imagine you’ve gone away for the weekend and someone’s hacked into your home appliances, which variously use water, electricity and fire. Some of them have blades, too.
Not such a good idea to be able to fire up that oven remotely on full blast, now, is it?
5. Smoke and security alarms
There are dozens of “smart alarms” on the market nowadays which can notify you of fire or break-in remotely via an app.
But Phil Kernick warns they could “almost certainly” be disabled remotely given enough time and effort.
That could have potentially lethal consequences if, say, your oven caught alight and your smart alarm didn’t alert you.
View the original content and more from this author here: http://ift.tt/1gDAhKN
from hacker samurai http://ift.tt/1OZrD4z
via IFTTT
No comments:
Post a Comment