Monthly Archives: July 2015

Hacking Cars: Taken Seriously?

Turn on an ad for new vehicles and you are bound to see how connected they are to our lives. Gone are the days when your vehicle is just a stand alone product. Now we are seeing cars that have internet connectivity. We are moving past the simple satellite radio or GPS systems and becoming connected to a lot of data. Security folks have been talking about vehicle security for a while now and a few researchers have been focusing on showing how serious the security of these vehicles is.

Today, a story was released on Wired “Hackers Remotely Kill a Jeep on the Highway – With Me In It” (http://www.wired.com/2015/07/hackers-remotely-kill-jeep-highway/) describing how a Jeep was remotely controlled by a laptop 10 miles away. For the full details, check out the link I just provided. Once the story hit the airwaves, it received lots of attention, both good and bad.

Lets start with the positive side of things that were shown. It is possible to actually show the capability to breach a vehicles systems (remotely) and then control many of the functions. These functions include the radio, wipers, temperature controls, transmission and brakes to name a few. It is a concern that this can be done without authorization. I certainly do not want my vehicle to be taken over while I am driving it making it unsafe for myself or my family. The highlight: Security is important for vehicles with them being more reliant on software and internet connectivity.

Rumor is that there is a patch for the vehicle to fix this issue. The issue we now have to address is how do we efficiently and effectively get these patches to the vehicles. At this point, bringing the vehicle in to a dealership to have the software updated is the only real option.

The negative reception is where it gets interesting. They decided to do this experiment on a highway with other vehicles around traveling at the speed limit (70 MPH). At one point the driver is explaining how he can’t see because the windshield wipers are going with the fluid spraying. At another point, they cut out the transmission and the vehicle slows way down on the highway where there was no breakdown lane. That is a brief and probably insufficient summary, however the point is that a lot of people are upset.

This type of testing in a public place like this puts the other drivers on that highway at risk. This is not much different than the plane hacking bonanza that happened a few months ago (http://www.cnn.com/2015/05/17/us/fbi-hacker-flight-computer-systems/) causing a huge backlash. It is one thing to look for security issues that may help make things safer, but it is critical that the testing of these theories are done in a controlled environment, not putting people at risk. They don’t test vehicle crash ratings on the highway, they do it in a secluded area where safety is a priority.

If you are going to research security issues, no matter what they are, it is critical to think about this type of stuff before you just jump on in. While I understand that this type of stunt hacking is great for advertising an upcoming talk at your local hacker conference, it is not acceptable when directly putting other people at risk. You want to hack a plane? Get an airline to get you into a hangar in a controlled environment. The other option, by a plane to test out yourself. But don’t do it on a plane full of passengers at 30,000 feet. In this case, the researchers went out and acquired the vehicle and researched in their own facilities. The issue arose when they did their testing on a highway and not on a closed course. Security research is walking a fine line and it will require the best foot forward to push it in a positive direction. If all people see is the stunt hacking they will lose sight of the real issue at hand and just see these stunts as reckless. It will have the opposite effect of what the end goal is: to increase security awareness and security of the devices or products.

If you are in the market for a new vehicle, don’t be afraid to ask questions about the security of the vehicles communication systems. The more we dig as consumers the more aware the manufacturers will be. At some point, promoting security as a feature will be critical to beating out the competition ultimately forcing everyone to get on board. Be smart and stay safe.

Ashley Madison site breached

If you are keeping up with the news you have probably already heard about the breach of the adult site known as Ashley Madison.   Here is a link to one of the articles about it: http://money.cnn.com/2015/07/20/technology/ashley-madison-hack/index.html. Like the breach at Adult Friend Finder (http://money.cnn.com/2015/05/22/technology/adult-friendfinder-hacked/) a few months ago, this type of incident is a little different than the usual breach.   This breach is less about identity information (although at the root has a lot to do with it), financial information, or even health information.   The focus of this type of site/service is on secrecy and discreetness.   It is about sharing sensitive information about an individual’s private life.

As we become more content with the Internet and the freedoms it provides us, we often start to overlook the reality that it creates.  Some people think what they do on a computer isn’t real, rather, more of a game.   That the effects are not real.   We have this notion that everything we do is anonymous, leading us to take more risks than we might have otherwise.  Take a moment and think about some things you might have said or done online that you most likely wouldn’t have done in person.  Think about how quickly that can snowball out of control.  

The breach at Ashley Madison should serve as a reminder that what we do may not be as anonymous as we thought.   That the effects of our actions may turn out to have some real life consequences.   Is it possible someone was just curious and meant no harm signing up on the site?  Maybe they got in a fight with their spouse, had a bad day at work, were just bored.   Of course those may not be acceptable excuses for joining a site that promotes adultery, but it could be something that small that led to the initial curiosity.  There are also people just looking for another relationship.  Anyone who has their name released as being a member has the same potential consequences.  You may be publicly criticized, sorry.. that is what society does now.  Your job or career could be effected. Your relationship with your significant other and/or children can be effected.  The list goes on.

We are all still learning the effects our online actions have on us over time. Our parents didn’t have nearly as much technology so many of us are learning on our own. We need to understand that, just like business, we assume a level of risk when acting online.  There is no 100% secure systems.  It doesn’t matter if we are talking online banking, adult sites, social media, or password managers.  There is always some level of risk.  We must learn to calculate that risk and determine if it is worth it.  We are often quick to blindly accept the risk for the quick reward.  Share your contacts for some coins in a game.  Post atrocious comments for a chance to feel like you stood for something.  

Is there a risk to joining an adult site like this?  Of course there is.  For many, that risk is acceptable for their own personal reasons.  Some members may had not really considered the risks, while others may have given great thought to joining.  Either way, the risk is there.   The big question in this situation is regarding what that risk now means to the individuals involved.

The media hypes this up to be devastating.  However if we look back at Adult Friend Finder, after a few days, you stopped hearing much about it.  This doesn’t mean that there were no consequences suffered by users effected by that breach, but it did quiet down a lot.  Maybe it was because of the personal nature that people didn’t want to put it out for everyone to see.  That makes it difficult to judge the real effect that this breach will have.

It will be interesting to see what types of effects this has going forward.  In the meantime, we should ensure that we are thinking about the risks. Be safe everyone.