December 12, 2011, 10:13 AM — Most people know that their computers and smart phones are under the constant threat of attack from hackers. But your car? Your house? Your TV and other consumer electronics?
It seems like a take on Stephen King's short story " Trucks" -- where machines come to life and go on a murderous rampage (the movie version was "Maximum Overdrive"). In this case, hackers find security flaws in the computers running our vehicles, appliances and medical devices and wreak havoc.
See the related Salted Hash blog post, " McAfee report reminds me of 'Maximum Overdrive'"
The real threat is far less dramatic, of course. But just a couple years ago, few people were seriously talking about this as a danger that might someday come to pass. As we look to 2012, however, the potential seems a lot less ridiculous, since our electronics increasingly tend to be part of a home network with an IP address -- one that can be controlled by a mobile device.
Some experts in information security believe 2012 will be a year when hackers focus more on those things.
Anup Ghosh, CEO of Invincea, says that, "in the search for more interesting devices to hack, the adversary is going to transition from traditional IT networks to embedded systems, which we normally think of as physical systems -- your car, TVs, your house, your office building. Systems that are networked and run a lot of software will be fertile ground for hackers."
Ghosh says the devices in the house simply become another node on the home network. "The devices will run an operating system kernel of some kind and accept network connections. Hackers will be able to exploit the network interface and software services running on these devices to gain privileged access to these devices. From there, they can launch attacks against other devices, store data, and exfiltrate data off the home network."
Ghosh says researchers from the University of California at San Diego and the University of Washington have already demonstrated how to hack cars through the CD player and Bluetooth interface. He says that makes any number of subsystems in the car vulnerable to exploitation. Hackers could track a vehicle, kill the ignition switch and unlock the doors.
Jason Rouse, principal security consultant at Cigital, says these capabilities are not new.