What do a car, a coffin, a skateboard and a rifle have in common? In 2015 these unrelated items were unforeseeable and unlikely things that were hacked. Hackers got bolder and more imaginative, even surpassing the startling takeover of Jeeps’ controls that was revealed at the Black Hat convention in Vegas this summer. From a remote location some 10 miles away, using a simple laptop, hackers unleashed an attack on Chrysler vehicles that resulted in a recall of 1.4 million cars, and a lot of heartburn for the automaker! Let’s see how these scenarios played out with the other elements, possibly ushering in a new level of sophistication for determined hackers.
The idea that technology improves the efficiency of just about everything applies also to the next item – rifles. A Texas company, TrackingPoint, manufactures a device that employs electronic auto-aiming. To enable it to work effectively, it utilizes Wi-Fi connectivity. This feature unfortunately renders the device liable to be hacked from a simple mobile phone, redirecting the shooters aim to a different target. Researcher Runa Sandvik demonstrated how aim can be thrown on to a different target one yard away at a Def Con convention recently. “A successful attacker could cause the rifle to misbehave on every single shot without the shooter knowing how or why,” Sandvik told MarketWatch. The good news is that a hacker cannot fire the weapon remotely.
For those eschewing the novelty of the hoverboard and stay grounded with the skateboard, the experience can be enhanced by electronics which smoothens the ride – until it doesn’t, and throws you from the board! Two researchers developed a hack they dubbed “FacePlant,” which gave them total control over digital skateboards by manipulating the Bluetooth connection, and which allowed them to stop it, alter its course or kibosh its brakes. Those that use the boards regularly for long commutes present a ready and vulnerable target for hackers.
Whoever said that the only things that are certain are death and taxes (editors note: it was Benjamin Franklin) might want to alter the adage after hearing about the next odd hack. Chris Rock, chief executive officer and founder of the security company Kustodian, showed why, in a presentation at Def Con. Using information found online, anyone can complete state electronic death records that can literally knock the life out of someone making them deceased – if only on paper and only temporarily. But in contemplating the complications this might cause, even temporary, this be might be too long. Why would you exploit a situation like this? One reason might be simple revenge against an ex- ex-boss or ex-lover. But more sinister applications come to mind, such as insurance fraud, or draining a relative’s estate. In any case, it clearly demonstrates that when it comes to hacks, nothing is off-limits.
I’ll end this piece with an item that raised everyone’s consciousness about the danger of attacks on everyday items – cars. As we’ve learned, the more cars are computerized, the more vulnerable to hacks they become. Being an electric car company, Tesla has more to lose than other automakers, and, conversely, more to gain by thwarting hackers. A computer security researcher at San Francisco-based Lookout, set out to see if Tesla had learned anything from prior industry attacks and had taken steps to protect its franchise. While acknowledging that Tesla was ahead of its industry counterparts in the security game, he found several vulnerabilities, and was able to remotely open and close trunks, lock and unlock doors, and stop a Tesla car (depending on what speed it was being driven.) On the bright side, Tesla didn’t launch a lengthy and cumbersome recall a la Fiat Chrysler, but instead managed to correct the flaws by supplying patches to customers, thus resolving the problem in a matter of weeks.
Hacks like I’ve described are more than nuisances when they affect ordinary things that can alter life and limb. Though it is good to know that in virtually every case a remedy for the attack exists or will be developed and applied, Runa Sandvik opined,
“The short version here is that you cannot underestimate a motivated attacker.”
Look for further, more abundant attacks in 2016.