TED is a non-profit organization which organizes and hosts a variety of speakers from all walks of life. Recently, TED hosted a series of talks called “The Dark Side of Data.” In Part 1 of our series we reviewed online privacy, and in Part 2, we reviewed three types of online attacks.
Today’s final installment of our 3-part series investigates Avi Rubin‘s talk about smart device hacking (http://www.ted.com/talk/avi_rubin_all_your_devices_can_be_hacked.html) — phones, refrigerators, and even pacemakers can be hacked. Rubin is a professor of computer science and director of Health and Medical Security at Johns Hopkins. He works on computer and information security, with a focus on electronic medical records.
Pacemakers and our Brave New (Networked) World
Pacemakers have been around since 1926, but something dramatic happened to them in 2006: they began to have networking capability. Pacemakers have this so that doctors can make small adjustments when necessary without the need for surgery.
But this remote capability comes at a price: in theory, a hacker could gain control of the pacemaker and kill the patient. Seems far-fetched, doesn’t it? It seems straight out of the movies: terrorists assassinate a high-level official by hacking into his pacemaker. Indeed, this was the fate of the VP in the Showtime series, Homeland.
But a real-life Vice President actually was concerned about this. Dick Cheney, who received a pacemaker in 2007, was worried enough to ask his doctors to remove his pacemaker’s wireless capabilities in case any terrorist could gain access to it.
It’s Not Just Pacemakers
Rubin went on to explain how cars are at risk too. Our modern cars have both wired and wireless systems. The wired systems control the engine, lighting, brakes, and wheels, while the wireless systems control the remote lock/unlock functionality, starting the car, the radio, and GPS capabilities.
Researchers were able to launch remote attacks against both a car’s wired and wireless systems, and could disable the brakes, change the odometer reading, and install malware. They were even able to steal a car by finding it via its GPS system, overriding its remote lock/unlock feature, and then starting the engine. When these researchers presented their findings to security experts, the experts were astonished.
But it’s not just pacemakers and cars: the list of things that either have been hacked or may be hacked in the near future includes ATMs, refrigerators, heating systems, toasters, digital cameras, toilets, children’s toys, and TVs.
Where We Go From Here
So what should we take away from all of this?
Society tends to adopt technology before thinking through security issues and adequately providing solutions. Developers need to take security into account from the very beginning of the development process.
In addition, we as consumers need to realize that nearly all of our devices can be compromised, and that anything that contains software and has networking capabilities is going to be vulnerable to outside attacks.