Gartner, the world’s leading information technology research and advisory company, who have provided the above 5 billion figure says that over 2,800 million consumer devices -and more than 300 million cars are already online. The figure is expected to hit 25 billion by 2020 due to the number of objects connected to the Internet of Things (IoT), which is not an unbelievable figure given that many of the household appliances these days are coming with online functions.
Ted Harrington, who is organizing an IoT “theme park” at DefCon, which is a leading hacker conference in August, told tech site Informationweek “One of the things we’re constantly seeing is functionality absolutely being considered first, and security implications not being considered at all,”
While giving control of the baby monitors, fridges, garage doors, and security cameras to hackers at DefCon, it would be interesting to see the hacking unfold with the dangers of it likely to be more delicate and extensive.
Earlier this year, Ken Westin, an analyst for security company TripWire, told Wired “As we interact with our devices there’s this trail of digital exhaust that we leave behind. Once you combine this data and create very rich profiles of people.”
Two sources are believed to bring dangers according to Westin and other experts. Firstly, criminals who can hack objects to get to know target behavior, steal information, and carry out financial crimes; and secondly governments, who have a new set of devices to keep an eye on people.
Over 70 percent of IoT devices have vulnerabilities that can be abused by hackers, a percentage that is disturbing according to the study conducted by HP last year.
1.4 million Jeeps were recalled by Chrysler last week after two notorious hackers hijacked a moving car from a laptop hundreds of miles away and demonstrated the same to the media.
Charlie Miller and Chris Valasek told the petrified Wired journalist whose car they had hacked and sped up and slowed down until he begged them to stop that “If consumers don’t realize this is an issue, they should, and they should start complaining to carmakers. This might be the kind of software bug most likely to kill someone.”
Back in 2011, Miller and Valasek had their first successful car hacks; however, their own 2013 demonstration that needed them to sit in the carjacked vehicle found no truck with automotive giants, who told them the hack was almost the same except that the brake lines were cut manually.
Looking for more susceptibilities, the two enraged Americans have now humiliated Chrysler into providing a USB stick with a fix to their customers – an offer that would probably be taken up by only a small percentage of Chrysler car owners, while the rest would hope that they do not become the targets.
And the danger is not limited to one brand.
Josh Corman from IoT security company I Am the Cavalry, said to Wired “I don’t think there are qualitative differences in security between vehicles today. The Europeans are a little bit ahead. The Japanese are a little bit behind. But broadly writ, this is something everyone’s still getting their hands around.”
Getting in the grove, of late the Congress had come up with a new bill last week that will call on regulators to introduce more strict car security standards along with a ranking system that would set manufacturers against each other.
With the autonomous car revolution around the corner, of course, the potential danger will only multiply.
According to a report in German newspapers, a group of digital perpetrators took control of the Patriot missile system standing on Turkey’s border. However, later the Germans officials rejected the claims, saying it was “extremely unlikely” their missile systems could be vulnerable.
In an interview with RT, reasoned UK-based hacker Robert Jonathan Schifreen says systems are not linked to public networks, they require special codes to fire the missile, which only a certain number of people have, and you generally need the code from two or three people to fire it, or to do anything that is of significance. I don’t think it’s actually happened, which is not to say that some of these systems are not hackable in some way.”
The ability to hack enemy military equipment could cause damage worth billions has made all the leading military powers follow them.
Earlier this year, Defense Undersecretary Frank Kendall said “It’s about the security of our weapons systems themselves and everything that touches them. It’s a pervasive problem and I think we have to pay a lot more attention to it,” after the Pentagon insisted on providing $5.5 billion dollars for cybersecurity in the next year’s budget.
The vulnerability to outside interference is more in the case of advanced equipment. Richard Stiennon, chief research analyst at IT-Harvest, last month told FCW, a US state tech procurement website, that the troubled F-35 joint strike fighter costing over $100 million per unit, has 9 million lines of code in its software, and 17 million more in all the software suites written to support its basic function. According to Stiennon, it would cost “hundreds of billions of dollars” to completely destroy the susceptibilities in all military code in all the weapons systems used by the U.S.
“If we ever go to war with a sophisticated adversary, or have a battle, they could pull out their cyber weapons and make us look pretty foolish,” said Steinnon, who believes that the problem has resulted due to the inability to predict the action in future and a reliance on supposedly proprietary tech on the part of the Pentagon.
“Many of the things that are in the field today were not developed and fielded with cybersecurity in mind. So the threat has sort of evolved over the time that they’ve been out there,” admitted Kendall.
Earlier this year, a tweet sent by Chris Roberts, a security researcher from a United Airlines flight departing from Denver to Chicago marked a event in the wider awareness that planes could be hacked. He simply plugged into the electric box underneath a standard plane seat with just a laptop and an Ethernet cable. He told the FBI he was able to figure a way from the in-flight entertainment system to the important commands that influence the plane. Roberts also said he was able to operate one of the engines, and convincingly change direction of an actual flying passenger plane off-course.
The vulnerabilities that were brought out were all too real. As far as 2008, the FAA had warned Boeing of susceptibility in its Dreamliner design; however, it still does not look like to have been completely resolved.
“A virus or malware planted in websites visited by passengers could provide an opportunity for a malicious attacker to access the IP-connected onboard information system through their infected machines,” said a US Government Accountability Office report from April.
This is one target that will surely be tested by terrorists in the future, which is even before the ever increasing number of drones is considered – a hard-to-calculate batch of new risks, some of which have already been abused by hackers.
Nuclear power facilities
Infrastructure infiltrations like weapons hacks are meant not only for criminals or terrorists but also for organizations with million-dollar budgets, headquartered in Maryland, Tel Aviv and Beijing. Also, infrastructure hacks do not require an immediate war to be employed, which is the case in weapons hacks.
Though it is difficult to think that the U.S. and China would go to war, but asymmetrical disagreement between world superpowers and “rogue states” remain probable. For example, Stuxnet, supposed to be a US-Israeli piece of malware was utilized to destroy nuclear centrifuges in Iran. However, it was later found out in North Korea although with little success. Surprisingly, not many similar operations are ongoing nor this technology has been surpassed ever since. As recent as last year, South Korea charged its northern neighbor, Pyongyang of hacking into its nuclear plants, which was clearly denied by them.
And technology that initially cost governments massive funds to develop often does eventually become available to less responsible groups, at a fraction of the cost.
Speaking to the Jerusalem Post in April, Gabi Siboni, Director of the Cyber Security Program at the Institute for National Security Studies said “The disruption and possible infiltration of critical infrastructure is the most severe form of cyber-attack. Such attacks on airplanes or air traffic control towers, for instance, means that hackers could cause accidents, or even paralyze entire flight systems. As of now, this area of capabilities is the exclusive domain of developed states,”
“I strongly believe, however, that the next 9/11 will happen without suicide bombers aboard the plane with box-cutters, but will occur because of a cyber-incident perpetrated by a terror organization.”
Even though there has not yet been a terrorist Chernobyl, according to a survey published by the Organization of American States taken from 35 states shows that more than fifty percent of the security chiefs of critical infrastructure objects, such as dams, power plants, airports, said that there had been “attempts to manipulate” their equipment from the outside.