Is A Hacking Disaster Inevitable?

More and more products in modern society are being “computerized”. Watches used to tell time. Now you can buy an Apple iWatch (or any of several knock-off smart watches) which is basically a computer on your wrist.

Phones used to be for making phone calls. Now your phone is a camera, camcorder, calculator, credit card/payment device, video game machine, television, with video-phone and texting capability, and it knows your location anywhere on earth, gives directions to any other location, and connects to the internet — a vast storehouse of information, opinion, entertainment, and general craziness. Did you know that a current-generation smart phone has more processing power than a supercomputer from the late 1990′s? I did the math, and it’s true.

Your television is now connected to a Tivo or cable box that is basically a computer. Video game machines are computers. Then there are book reading devices like Kindle and Nook (obsolete?). A FitBit is a wrist-worn device that keeps track of your physical exercise and movements during the day, and can even track your sleeping habits. And various companies are working on computerizing clothing, sneakers, jackets, etc.

Nest is a computerized home control device that keeps track of heating/cooling, lights, home security, and who knows what will be next. You can purchase light bulbs that connect to your wireless network and the internet. GE and Philips both make light bulbs you can control from your smartphone. And power companies across the nation are starting to implement smart meters, that track your power usage and are controlled over the internet.

What could possibly go wrong? Hackers. If it is computerized, it can be hacked. And don’t think that a multi-billion dollar multi-national corporation will have means, or even the will, to make an unhackable product. If the recent NSA revelations have taught us anything, it’s that no technology is 100% secure.

Recently, I had to download a large file from Jeep.com and install it to fix a hacking vulnerability in our SUV. How can a car be vulnerable to hacking? It seems that certain models come with Uconnect, a way for the vehicle to connect to the internet. And that system can be hacked. Does hacking merely give the hacker control over a computer screen in the car, or over the radio? Not hardly. According to this Wired.com article, hackers can toy with the air-conditioning, radio, and windshield wipers, honk the horn, and jerk the seat belts. Well, that’s amusing, and not too dangerous, right? But they can also send commands to the steering wheel, brakes, and transmission. You can lose control of the accelerator, brakes, and steering. The hackers can control your vehicle. And internet connected vehicles can also be tracked by hackers.

As more vehicles become “connected”, the danger of hacking increases. And it doesn’t stop at cars. Commercial passenger planes have become vulnerable as well. The U.S. Government Accountability Office and the FAA have admitted that certain planes are vulnerable to hacking. How can this be? First, modern passenger planes are fly-by-wire.

“Fly-by-wire (FBW) is a system that replaces the conventional manual flight controls of an aircraft with an electronic interface. The movements of flight controls are converted to electronic signals transmitted by wires (hence the fly-by-wire term), and flight control computers determine how to move the actuators at each control surface to provide the ordered response.” [Wikipedia]

Second, passenger planes now have in-flight entertainment systems, which connect to the internet. So you might assume that a hacker could only gain control of the entertainment system, not the plane’s flight controls. Well, it seems that the plane’s manufacturers decided to save money by having the two computer systems — flight control and entertainment — connected. Theoretically, a hacker could enter the entertainment system over the internet, bypass the firewall, and gain control of the plane, in much the same way as with an internet connected Jeep. The FAA warned Boeing about this type of vulnerability seven years ago. And all they did was set up a software firewall.

The FitBit exercise device can be hacked. There are hacking vulnerabilities in smart phones and every type of computer, as well as in internet connected refrigerators, smart phone connected baby monitors, and hospital medical devices. F-ing son of a bitch. Is nothing safe from hacking?

The rate at which new devices are being computerized and internet-connected is rapid, and the pace of security software and vulnerabilities is lethargic. Eventually, hacking is going to be a major threat to society, rather than a theoretical threat or an annoyance. Several years ago, there was a report that hackers had been able to gain control of the power grid for entire cities (outside the U.S.), so as to blackmail the city: pay up or we turn off the power:

“We have information, from multiple regions outside the United States, of cyber intrusions into utilities, followed by extortion demands,” he said in a statement. “In at least one case, the disruption caused a power outage affecting multiple cities. We do not know who executed these attacks or why, but all involved intrusions through the Internet.”

A hacker is not necessarily some teenager with too much time on his hands, causing some mischief via the internet. Hacking has become big business for organized crime. And governments around the world are increasing their hacking resources, for offensive and defensive purposes. The next major war will undoubtedly include cyber-attacks as well as conventional attacks.

We are headed for a major trouble in this area. The solution is to refrain from computerizing and connecting everything, and to make security for computers and the few necessary computerized/connected devices a top priority. But that’s not how society works. If it sells, it will be made. And high security is not a top selling feature. So this problem is only going to get worse. Eventually, the possibility of a hacking disaster will become as serious a threat as a natural disaster. Lives will be at stake, and the disruption to society could be substantial.

– Thoreau

One Response to Is A Hacking Disaster Inevitable?

  1. Excellent points, all. I manage an OPSEC program, in which I hightlight for folks that while pretty much all of us live in this tidy, networked luttle world now, everyone one of us needs to be ready & capable of reverting to a world of 1960s technology, possibly with little or no notice.
    How would you function on a dat-to-day basis without credit? Without wireless communications? Or digital cameras, TVs, or GPS navigation?

    Do you have cash or PMs? Can you read a map? Do you have a wind-up clock? A hard-copy calendar, or a set of encyclopedias? How about a radio transceiver?

    Some day this is going to happen. It may not last forever but it could easily last a good, long time. And we’re going ti have to survive through it. These are the ‘good ol’ days’.