PART 1: MORE VULNERABLE THAN WE THINK
This is the first in a two part series in which we’re exploring the vulnerability that our increasingly technological and interconnected world presents us with. This first post outlines the highly creative presentation of Avi Rubin who points to the broad “hackability” of our lives. In the following post we’ll take a step back and explore some of the ways that cyber-threats have been popping up in headlines and the resulting national conversation around the increasing threat of hacks. These two posts illustrate the sort of world we are living in and the importance not only of awareness, but of action.
Avi Rubin is a computer science professor who specializes in computer security. At a TED talk, Rubin outlined a number of various hacks that the academic research community of computer security experts have found concerning. When we think about cybersecurity and the potential threat of hacking, we tend to isolate our concern to the world of information. Rubin demonstrates, though, that the concern can, and should, be applied much broader.
The first example he outlines is the hacking of medical devices. A part of the positive advancement of medical technology has been the creation of implanted devices that can be controlled remotely by computers. Devices used to pump blood and defibrillators which control heart rhythms have been equipped with this sort of wireless technology. Though these sorts of devices have been used to save many lives, they run high risks. The vulnerability is unthinkable if a hacker was to inject a virus into the software using the wireless connection.
Rubin also looked at automobiles and the wired networks within them. Including the radio, bluetooth, wifi, or the sensors in the tires, the car is a “sophisticated multi-computer device.” Researchers have discovered ways that attackers could communicate with a car through simple radio signals. When they gained access to the software running in the car, they were able to change all of the displays in the car (speedometer, etc.), disable or apply the brakes, and install malware that wouldn’t trigger until the car reached a certain speed. Other than the obvious danger this presents, it also makes theft more likely. After having access to the car’s computers the car can be located on gps, unlocked, and the engine started.
Another research team, Rubin details, was given access to low quality video surveillance from a bus. The team created a software which stabilized the images in the footage, could pick up the reflection of a passenger’s phone in his sunglasses, and contained a language decoder which could detect what he was typing on his phone. Their intent was only to “hack” a single subject on the bus but, after they ran the software, their program picked up the typing of those around him as well.
Rubin goes on to share about radios used often by security, first responders, and military, which researches were able to block the transmission of. They were also able to listen to encrypted secure lines. A particularly interesting example Rubin shared involved a team which used the accelerometer in the iphone (which picks up vibrations). The team was able to distinguish keystrokes from the vibration picked up by the phone when it was laying next to a keyboard. Using these vibrations, they were able to recreate what had been typed. Other devices researches discovered vulnerabilities in included, car key chips, Speedpasses, and voting machines.
Some of the examples shared were more interesting than they were threatening, while others still were nothing short of terrifying. The significance of Rubin’s lecture is less in the details of the attacks and more in what these sorts of considerations say about the world we find ourselves in. We live in a world which is only growing more connected and more computer oriented. As individuals and industries in this world, it is no longer a luxury to ensure that our information and systems are secured, it has become a necessity.
You can listen to Rubin’s ~20 min lecture, here.