Tuesday, August 6, 2013

The Internet of Things: Everything Is Hackable

From Strata:

A world where everything is hackable
​It’s been a weird couple of weeks for the Internet of Things. As we connect everything to everything else, we inadvertently create a huge attack surface for hackers, and we’re starting to see the chinks in the armor.
Let’s say you fancy a fast car. Flavio Garcia, a University of Birmingham computer scientist, discovered the algorithim that verifies the ignition key for luxury cars like Porsches, Audis, Bentleys, and Lamborghinis. He was slapped with an injunction to ban him from disclosing his findings at the Usenix Security Symposium in order to prevent sophisticated criminal gangs from having the analytics tools for widespread car theft.
You might need Garcia’s algorithm to steal a car, but soon, with an entirely different algorithm, you may be able to crash one into a tree or disable its brakes from a distance. ​Or maybe it’s a fast boat you’re after. Mess with its GPS, and you can steer it where you want without the crew noticing.

​But why go to all that trouble when you can just get bank machines to spit out money, as the late hacker Barnaby Jack had demonstrated? Then again, you could just bend someone’s house to your will, remotely, and extort money from them, as Kashmir Hill did for this Forbes piece.

If you’ve got good mind for code and a loose moral code, tomorrow’s world is your oyster.

When everything is linked, everything is hackable
Today, the Quantified Self is OCD-for-the-digerati. But there’s little question that an industrial Internet in which everything is connected is right around the corner. In an interview with Kara Swisher, General Electric CEO Jeff Immelt makes it clear that his company thinks this is where we’ll find the efficiencies of tomorrow. And a company like GE, with well over $100M in sales backlog, should know.

Here’s a funny (though admittedly impractical) example to prove just how hackable a connected world might be. Use a license plate as a way to inject arbitrary SQL code into a traffic camera’s software and delete the table of violators....MORE