Archive for July, 2015

Hack my ride

Posted: July 23, 2015 in Uncategorized

I wrote about the issue of car hacking about 6 months ago. Since then, the predictable has happened. The threat has been shown to be even worse through a new proof of concept hack that allowed a 2014 Jeep Cherokee to be remotely, wirelessly controlled from 10 miles away. In this controlled demonstration, the driver knew he was going to be hacked but still experienced a combination of weird and frightening scenarios including:

  • radio turning on spontaneously blaring music and can’t be turned down or off
  • windshield wipers (complete with washer fluid spray) operating on their own
  • engine slowing to a crawl
  • losing control of the steering wheel
  • horn honking on its own

An article in Wired.com covers the demo in more detail. To watch a video of the “thrill ride” take a look here.

Car Hacking Demonstration

Car Hacking Demonstration

Crazy stuff, huh?

Before you dismiss this threat because you don’t drive that model of vehicle, bear in mind that the guys behind this hack believe that there are many more models as well. One estimate has the number at more than 470,000 vehicles vulnerable to this particular exploit alone.

Why these internal systems would ever be accessible remotely is the question that automakers need to answer. At a minimum there should be an “air gap” separating these systems:

  • vehicle control system
  • entertainment system
  • monitoring system

Only the latter should be remotely accessible and even that one is debatable.

The bottom line here is that we are in the early days of Internet of Things (IoT) and vehicle/computer integration. Unfortunately, the focus seems to be on building the functionality and taking care of security as an afterthought. Things are likely to get worse before they get better so buckle up and be prepared for a rough ride…

Advertisements

Who doesn’t love a good sci-fi movie? They offer us a glimpse into a possible future world that may or may not ever come to actually exist but, either way, can be enormously entertaining in the process.

One of the best from my childhood was the 1968 classic (yes, I’m old) Planet of the Apes. 

pota1*** Spoiler Alert *** In the final scene the protagonist, George Taylor (played by Charleston Heston), is walking along the beach of the dystopian world his spacecraft crash landed on. This alien world is run by intelligent, talking apes who have enslaved the native human population. Taylor looks up to see a half-buried Statue of Liberty and realizes that he isn’t on some distant planet but is, instead, back on planet earth many years after he left it. His final lines are:

Oh my God. I’m back. I’m home. All the time, it was… We finally really did it. [screamingYou Maniacs! You blew it up! Ah, d*** you! God d*** you all to hell!

Dramatic stuff! My young mind was completely blown. Still is …

But what if it isn’t apes that we need to keep our eyes on? What if the plot is actually more sinister? What if the threat comes from an even more unlikely source?

COWS!!! CIXs1kCUcAAAeaT

Yes, cows. It seems Hollywood got it wrong (shocking!). Believe it or not, according to US CDC statistics you are more likely to be killed by a cow than a shark — twenty-two times more likely, in fact. All this time they’ve been standing in our fields passively chewing cud and staring at us with those cold, dead eyes …

OK, so I’m overdramatizing for effect. No, I don’t believe that cows are out to get us or that they will eventually become our overlords, but the the point is that we are often quite bad at assessing risk. Are most people more afraid of cows or sharks? According to the actual data, which one should they be more concerned about?

What does this have to do with IT security? If we are bad at assessing real world threats, why would we think that we don’t carry some of the same deficiencies into our assessment of cyber threats? My guess is we shouldn’t think that we don’t because we do.

So, the next time you hear someone trying to downplay a potential risk, it might be worth taking a second look to see if the facts support it. Otherwise, we could one day be living on … the planet of the cows!