Hackers are not just after your computer: connected devices from cars to home security systems are now targets for those looking to steal or cause mischief.
The rapid growth in the `internet of things’ has opened up new opportunities for cyber attacks and new markets for cyber defenders.
The `internet of things’ are all those physical objects that work with connectivity devices embedded in them.
The problem is among the hot topics at a Black Hat computer security conference that kicked off in Las Vegas on Sunday and an infamous Def Con hacker gathering that follows.
Early glimpses have been provided of scheduled presentations about how to commandeer control of some Chrysler Fiat vehicles or accurately retarget self-aiming sniper rifles.
“The internet of things is definitely one of the big new frontiers,” said Christopher Kruegel, co-founder of cyber security firm Lastline and a professor of computer science at a state university in southern California.
Fiat Chrysler issued a safety recall for 1.4 million US cars and trucks in July after hackers showed they could take control of their systems while they are in operation.
The recall came after cybersecurity experts Charlie Miller and Chris Valasek of the firm IOActive Labs remotely commandeered a Jeep Cherokee, made by Chrysler, to demonstrate the vulnerability of the vehicles’ electronic systems.
As reported in Wired magazine and elsewhere, working from laptop computers at home, the two men were able to enter the Jeep’s electronics via its online entertainment system, changing its speed and braking capability and manipulating the radio and windshield wipers.
After the report, Chrysler issued a free software patch for vulnerable vehicles even while saying it had no first-hand knowledge of hacking incidents.
Miller and Valasek are to reveal more about their Jeep hack at Black Hat.
“The ambiguous nature of automotive security leads to narratives that are polar opposites: either we’re all going to die or our cars are perfectly safe,” read a description a scheduled briefing by the researchers.”
Iran was hit in 2010 by several computer attacks including the Stuxnet virus — widely believed to be developed by the US government — targeting Tehran’s nuclear program.
“The idea of bridging the gap between the cyber world and the physical world has been around for a while,” Kruegel said.
“Now, these proof-of-concepts show that it is a real threat. All these devices are out there and reachable, and security is terrible.”
Stuxnet-type attacks were seen as the work of sophisticated, state-sponsored actors with ample resources and time.
The explosion of connected devices in the booming internet of things has created easy targets for independent hackers motivated by greed or malice, according to security researchers.
“It’s hard to find a way into Windows 10, but now you have these devices that are not hard to get into,” Kruegel said, referring to latest generation Microsoft computer operating system.
“It is low-hanging fruit, in a way.” Protecting gadgets in the internet of things is possible but increases costs of smart gadgets while manufacturers prefer to keep prices low.