Hacking of vehicles and appliances

How cyber-secure is the Internet of Things?

Four Escapes from Prison
Four Escapes from Prison Four Escapes from Prison

What is the Internet of things?

The Internet of things is a concept scenario in which objects as well as people are interconnected and share data through a cloud service. In this scenario, objects can be tracked and controlled remotely across a network infrastructure. Although widespread adoption of IOT seems like something out of a sci-fi film, there are often more network connected devices in our lives than we realize.

Internet enabled devices date back to1982, when the first ever internet-enabled appliance, a Coke machine at Carnegie Melon University, was wired up and programmed to report inventory levels and temperature of their apartment from a remote location by means of a smart phone or tablet. In the Internet of Things scenario, all kinds of appliances continuously share data with users and even with manufacturers. Cisco estimates that up to 50 billion devices will be connected to a cloud service by 2020. One of the examples often cited to illustrate the Internet of Things scenario, is that of a washing machine which sets up its own maintenance appointments by automatically contacting the manufacturer when it requires a tune up.

The Internet of Things, cyber-security and cyber-safety risks

That the Internet of Things is a future phenomenon is a misconception. The Internet of Things is already around us. As a matter of fact, the Internet of Things, some argue, is developing too quickly. The biggest concern over an interconnected world is that data security is developing at too slow a rate to cover the growing data security needs required to prevent an Internet of Things catastrophe.

It seems unlikely that someone could cause great harm to a community by shutting down coffee makers, but think of what would happen if a criminal were to shut down the electricity in all the casinos in Vegas for one day. With that in mind, the economic implications of not addressing data security requirements immediately come into sharp focus.

One of the big cyber security questions is authentication. Inputing a password to access a WiFi network is an example of an authentication requirement. With computers and cellphones authentication is done through passwords. The question in the minds of experts is how to input an authentication key for appliances and other devices that do not have keyboards? A wearable device (smart watch or cellphone) is a way of authenticating a person’s right to remotely control a network enabled appliance or device. Some vehicles for example can be programed to unlock when they sense the proximity of the owner’s cellphone. But while wearable device authentication does verify the proximity of a familiar device, i.e. a person’s cellphone, the technology will make no distinctionbetween the real owner of the device or a burglar who stole it.

The Jeep Cherokee cyber-hack

Vehicles, Fiat Chrysler vehicles specifically, have recently become the subject of a heated cyber security debate. Charlie Miller and Chris Valasek, who work with car manufacturers to find vulnerabilities in Internet connected vehicles, found a way to hack into the computer of Grand Cherokees. The flaw is a zero-day-exploit type of flaw. The term “zero-day-exploit” describes a vulnerability that manufacturers may be unaware of when the product is released in the market. If the flaw is found and exploited by hackers before manufacturers can patch it up, it means manufacturers had “zero time” to make repairs.

Andy Greenberg, a writer for WIRED challenged researchers Miller and Valasek to remotely hack into a Jeep Cherokee computer while he drove at 70 mph down the highway. Miller and Valasek succeeded in hacking into the SUV’s computer and taking control of the vehicle. They fooled around with the air conditioning, the radio, and were even able to yank on the seatbelt. Eventually, they disabled the brakes, forcing Greenberg to drive the car into a ditch. The zero-day-exploit in Grand Cherokees resulted in the recall of 1.4 million Fiat Chrysler vehicles. You can read the full article here

USB drives loaded with the security patch were sent via mail to the owners of vulnerable Fiat Chrysler vehicles. But the hackers stated that the software patch is not a sustainable solution since the flaw is the result of a hardware design flaw, discrediting Fiat Chrysler’s efforts of updating the computer software of the affected vehicles as a mere temporary solution. According to Miller and Valasek the only way of ensuring no harm would come to owners of this particular model was, in essence, to replace their Cherokee with better designed vehicle.

The capacity of semi-conductors, chips, and processors, has nearly doubled every year since Gordon Moore noticed the trend and called it Moore’s law back in 1965. Moore’s law has enabled the rapid expansion of the interconnected world. Technological innovation has been heavily focused on the development of eye-catching products often leaving data security lagging behind as a somewhat cumbersome requirement. For the general public data security often means coming up with very hard to guess passwords. As consumers, we tend to focus on new exciting products and rarely stop to question how safe it is to bring these products into our lives. How often does a new antivirus make a newspaper headline? Given our lack of interest in the topic, it’s no wonder that data security only makes headlines when a large corporation or a government is hacked. Safety in both the digital and physical world begins at a personal level. As consumers we must become more actively aware of the dangers of segregating data security to an afterthought.

Leave a Comment