Technology has become so pervasive in our lives today that we are almost completely dependent on it. It makes you wonder, how easily can these technologies that control everything from pacemakers to cars be hacked? The answer to that question is surprising and even scary.
Avi Rubin, professor of computer science at Johns Hopkins University and technical director of the JHU Information Security Institute, gave an insightful (and quite entertaining) presentation on the academic community’s efforts to test the vulnerabilities of various devices.
Rubin discusses a broad spectrum of hacks, proven by researchers, that range from implanted medical devices such as pacemakers that now have networking capabilities, to automobiles that have both wired and wireless networking, to the compromise of mobile devices by recording reflections and pressure vibrations to read and steal keystrokes.
In short, the “hackers” were able to:
- Reprogram an internal medical device to induce heart failure
- Remotely disable the brakes on a moving automobile using a radio network
- Detect confidential conversations among police agencies who were using P25 radios
- Recover desktop keystrokes detected by a nearby iPhone 4
As a security professional, you will appreciate the ingenuity of the hackers in this video that you simply must watch.
Rubin’s takeaway is that society is adopting technology at an amazing pace and the developers of all sorts of products need to design security from the onset. They need to realize our adversaries are advancing in their capabilities and common devices can easily be compromised. Real hackers are not limited to any given threat model, making it necessary to think outside the box when developing new technology. As Rubin points out, anything that has software is going to have bugs that can be exploited.
Rubin’s presentation was recorded at the TEDxMidatlantic conference. TED conferences bring together leading thinkers and doers for talks and presentations. If you want to see more presentations, go to http://tedxmidatlantic.com/2011-talks/.