CybersecurityCan a hacker stop your car or your heart? Security and the Internet of Things
An ever-increasing number of our consumer electronics is Internet-connected. We’re living at the dawn of the age of the Internet of Things. Appliances ranging from light switches and door locks, to cars and medical devices boast connectivity in addition to basic functionality. The convenience can’t be beat, but the security and privacy implications cannot and should not be ignored. There needs to be a concerted effort to improve security of future devices. Researchers, manufacturers and end users need to be aware that privacy, health and safety can be compromised by increased connectivity. Benefits in convenience must be balanced with security and privacy costs as the Internet of Things continues to infiltrate our personal spaces.
An ever-increasing number of our consumer electronics is Internet-connected. We’re living at the dawn of the age of the Internet of Things. Appliances ranging from light switches and door locks, to cars and medical devices boast connectivity in addition to basic functionality.
The convenience can’t be beat. But what are the security and privacy implications? Is a patient implanted with a remotely controllable pacemaker at risk for security compromise? Vice President Dick Cheney’s doctors worried enough about an assassination attempt via implant that they disabled his defibrillator’s wireless capability. Should we expect capital crimes via hacked Internet-enabled devices? Could hackers mount large-scale terrorist attacks? Our research suggests these scenarios are within reason.
Your car, out of your control
Modern cars are one of the most connected products consumers interact with today. Many of a vehicle’s fundamental building blocks – including the engine and brake control modules – are now electronically controlled. Newer cars also support long-range wireless connections via cellular network and Wi-Fi. But hi-tech definitely doesn’t mean highly secure.
Our group of security researchers at the University of Washington was able to remotely compromise and control a highly computerized vehicle. They invaded the privacy of vehicle occupants by listening in on their conversations. Even more worrisome, they remotely disabled brake and lighting systems and brought the car to a complete stop on a simulated major highway. By exploiting vulnerabilities in critical modules, including the brake systems and engine control, along with in radio and telematics components, our group completely overrode the driver’s control of the vehicle. The safety implications are obvious.
This attack raises important questions about how much manufacturers and consumers are willing to sacrifice security and privacy for increased functionality and convenience. Car companies are starting to take these threats seriously, appointing cybersecurity executives. But for the most part, automakers appear to be playing catchup, dealing with security as an afterthought of the design process.
Home insecurity
An increasing number of devices around the home are automated and connected to the Internet. Many rely on a proprietary wireless communications protocol called Z-Wave.
