Sometimes I think it’s a good idea to smarten up my life with smartphones, smart TVs, smart homes and smart cars. They make work easier and more efficient and help speed up tasks both crucial and mundane. But when smart, connected products fail, the results can be disastrous.
1. Brink’s CompuSafe Galileo
Many retail businesses that deal with cash found convenience and safety in the CompuSafe Galileo, an intelligent safe that they thought would keep their cash safe—until hackers found a way in.
Designed by vault and safe maker Brink’s, the CompuSafe Galileo lets store workers deposit cash, accurately count the deposits and send cash total reports to the connected bank via an Internet connection.
But an exposed USB port turned out to be an easy entry point for hackers. Daniel Petro and Oscar Salazar of security company Bishop Fox easily broke into the system by plugging in a USB stick and uploading a simple 100-line macro script for keystrokes and mouse click sequences. The deed was done in just 60 seconds. Skirting the safe’s security interface, they were able to access the embedded Windows XP system running the show. From there, they got their hands on the Microsoft Access database of precious info, including how much money was in the safe, who the system users are and other important log information.
Worse, once the hackers gained admin rights, they had the ability to wreak havoc. They could have opened the safe’s door to take cash or valuables. Or, they could have edited the database to tell the safe it contained only $1,000 instead of $10,000, leaving thieves free to take $9,000 without as much as a hint that it was missing.
The lesson? Just because you're an expert in old world security, like Brinks, doesn't mean you have a handle on security in the new, connected world.
2. TrackingPoint smart rifles
Fighter jets use various technologies for locking their missiles on target. Imagine a similar technology scaled down to a rifle and available for amateur hunters. TrackingPoint’s smart guns, smart rifles and precision-guided firearms (PGF) represent such an innovation.
How easy is it to use? Just point your gun at your target, mark the target with the tag button, squeeze the trigger while aiming at the target, and as soon as the tag is in the center of the crosshairs, the gun fires the shot. More than a few shooters would willingly part with several thousand dollars to easily nail a perfect shot like that.
Behind each accurate shot is a tracking scope that hosts a team of components and sensors that determine all the calculations so your shot hits its designated target. It even has built-in Wi-Fi so you can stream the view from the heads-up display to your smartphone or tablet. And this Wi-Fi system is where vulnerabilities were found.
Security researchers Runa Sandvik and Michael Auger found two major loopholes in the TrackingPoint PGF system: a non-changeable default Wi-Fi password and the fact that the system is always actively listening for remote instructions. Hackers took advantage of these weak spots over the Wi-Fi connection and wirelessly took control of the computer.
Once in, the test hackers were able to mess up system settings without making the changes appear on the smart rifle’s display, creating the potential for disastrous effects. They could make the rifle misbehave unpredictably or even disable the gun altogether. For example, they were able to increase the value of bullet weights in the settings, making the gun miss the shooter’s target and hitting the hacker’s intended target instead—and quite precisely, at that.
The upside to all this is that your smart-but-vulnerable rifle’s hackable computer cannot fire the gun remotely. You’ll still need to manually pull the trigger.
TrackingPoint gave Sandvik and Auger a pat on the back for their work on the security vulnerability and vowed to work with the two for a software patch that will be sent to rifle owners in a USB stick soon.
3. Chrysler cars with UConnect
“If your laptop crashes you’ll have a bad day, but if your car crashes that could be life-threatening,” says Bruce Snell, a McAfee executive who works in car security.
Yet losing control of your vehicle is a real possibility among Chrysler smart vehicles, particularly models released since 2013 featuring the infotainment system known as UConnect. UConnect enables cars to be smart and connect to the Internet, allowing the system to provide Internet-enabled infotainment and navigation services, hands-free calling and texting and controls for various vehicle functions.
The system that makes Chrysler cars smart is the same system that can be used by wireless carjackers to take over control of the car from anywhere. Vehicle security researchers Charlie Miller and Chris Valasek succeeded in remotely accessing the firmware in a Jeep Cherokee’s head unit chip and injected their own modified firmware, allowing them to control physical performance of the vehicle.
The test hackers were able to remotely reset the car’s temperature control system, change the FM radio station and turn up the volume and activate the windshield wipers while squirting wiper fluid all over the glass. More significantly, they disabled the accelerator pedal and sped up the car. All this from 10 miles away.
A software update containing the patch has been issued for the 1.4 million Chrysler vehicles affected by the security vulnerability. To find out if your vehicle is vulnerable and apply the software patch if it is, visit UConnect’s software update page.
4. IP cameras with default passwords
To tighten the security in your homes and workplaces, you rig up networked security cameras with video feeds for your own eyes only. It’s an entirely different—and scary—story to find the rest of the Web is seeing those same feeds without your knowledge.
If your IP camera is secured with a default user and password combo of "username/password", "admin/12345" or something like that, you could be opening up a digital window into your home simply by turning on your surveillance camera and connecting it to the Internet.
As the directory of insecure IP surveillance cameras on Russia-based www.insecam.org shows, many security cameras can be accessed without hacking. The list includes camera models made by Axis, Panasonic, Linksys, Sony, TPLink and Foscam, as well as many generic IP cameras. As of this writing, close to 3,000 video streams come from the United States alone, and the owners of those cameras almost certainly don’t know that their security footage is being shared with the world.
To avoid broadcasting your security footage and life to the rest of the world, simply change the default username and password on your networked surveillance camera. Choose a strong password. That ought to keep insecam.org and its followers off your back.
5. Hackable airplanes
You think hacked smart cars are scary? Try hacked planes!
One World Labs founder and security researcher Chris Roberts claims to have taken control of an airplane by hacking into its in-flight entertainment system. From there he found his way to the thrust management computer, whose code he replaced with his own. Roberts reportedly was able to instruct the plane to climb and fly sideways for a short time.
Roberts admitted that he has hacked about 15 planes in mid-flight on various occasions, although he denies doing more than explore the in-flight networks and peep into the data traffic. He penetrated the in-flight entertainment systems on those flights via a modified Cat6 Ethernet cable connection between his laptop and the seat electronic box under the passenger seat.
He was booted off a United Airlines flight last April after posting a tweet suggesting that he might try cracking the plane’s system, intended to be a joke. Authorities believed that Roberts was capable and willing to attempt hacking the in-flight entertainment system with the equipment that he had with him, possibly endangering passengers.
For years Roberts has been sending out warnings about in-flight system vulnerabilities that malicious hackers can exploit. He said that he has found weak spots in certain aircraft such as the Airbus A-320, the Boeing 757-200, the Boeing 737-900 and the Boeing 737-800.
6. Insecure medical equipment
Most modern medical gadgets are equipped with technology for quick transmission of patient data so that the medical staff can respond more quickly to patients’ changing medical conditions. Yet the very same technologies that facilitate such efficient communication can be used for malicious purposes. When their control falls into the wrong hands, medical devices could be used to cause mayhem, damage or even death.
Wireless implantable medical devices or IMDs (such as pacemakers, drug delivery pumps and neurostimulators) are vulnerable to software attacks. IMDs use communication technologies that are sometimes not secure or are not strictly regulated. Just imagine a hacker adjusting your pacemaker’s settings to make it skip a beat or drain its battery.
Software vulnerabilities in networked hospital equipment (such as drug infusion pumps and CT scanners) can also be a source of worry. A two-year study by Scott Erven, information security chief of Essentia Health, found that drug infusion pumps, defibrillators, CT scan machines, hospital freezers and medical databases can be hacked and manipulated.
Some infusion pumps, for example, can be instructed to give the wrong dosage of morphine, chemotherapy drugs or antibiotics. Defibrillators controlled via Bluetooth can be told to randomly shock the patient’s heart or not deliver a needed shock at all. Hospital refrigerator temperatures can be altered, potentially damaging stored blood and drugs. Medical records stored in electronic databases can be edited, causing doctors to give you the wrong medications or prescribe unnecessary lab tests.
The most worrisome part about all these vulnerabilities is that many hospitals seem to have little awareness of the potential security issues of these medical gadgets, although Erven says the healthcare industry is slowly starting to take notice of medical device security concerns.
[Images via Brinks, TrackingPoint, Chrysler and Shutterstock 1, 2, 3, 4)