Today’s article has been written by a Mr Andrew Lockley (above) of Exponential Investor.
Pacemakers can kill people – if they’re suddenly sent haywire. Recently, hackers uncovered thousands of vulnerabilities in pacemaker software – so this is a real threat.
Luckily, there are no (known) cases of pacemaker assassinations – but Dick Cheney had his pacemaker’s wireless connectivity disabled in 2013, to prevent a potential attack. The fact that he took such a threat seriously shows that a dystopian future of lethal hardware hacking could be just around the corner.
This risk isn’t just about medical devices. Everything from domestic appliances to the power grid is potentially vulnerable. The consequences of a hack could range from the irksome, to the catastrophic. If you’d like a worst-case scenario, imagine what would happen if the Thames Barrier was lowered during a severe storm surge.
There is a man who’s made it his mission to help secure the “Internet of Things” (IoT). This is one Yali Sela, Chief Technical Officer of Nyx Security Solutions. Herewith the edited transcript of a conversation with him:
AL: Let’s set the scene… can you please explaining how the world of hardware security is changing?
YS: Nowadays, a lot of objects come with some form of connectivity – Wi-Fi, Bluetooth, and so on. The software operating them is vulnerable to hackers and viruses, in exactly the same way your computer is. Theoretically, all it takes is for a hacker to press a button on his phone to remotely shut a pacemaker off.
Similar attacks have already happened. Stuxnet, the virus that sabotaged the Iranian nuclear program, was a well-known example. It tampered with software operating the centrifuges, and destroyed a good deal of them.
To offer another example: last year, Johns Hopkins students hacked (in three different ways) into drones and made them crash. Cyber-threats for the IoT are “a thing”, and cybersecurity for IoT had better come up with something suitable to protect against them.
AL: Can you explain in a bit more depth: what exactly is the “Internet of Things”?
YS: IoT is a broad term that describes anything that’s not a computer, but still has the ability to communicate over a network. That would include routers; printers; pacemakers; drones, cars and airplanes; as well as pretty much anything in your Smart Home.
AL: What do you mean by cybersecurity, exactly?
YS: Actually, it’s a very broad field. When you mention cybersecurity, people usually seem to think about encryption – but that’s actually just a small part.
You know those Hollywood hacking scenes? They’re pretty far-fetched, but the core concept is real. Hackers exploit vulnerabilities in software – and these let them get into systems, or take control of them. A large part of cybersecurity deals in preventing these exploitation attempts.
Verifying someone’s identity is also part of cybersecurity – whether it’s a user being verified with a password or fingerprint; the website you’re connecting to being verified with a certificate; or checking that a document wasn’t modified by someone who delivered it to you.
There’s more, but like I said, it’s a broad field. It all happens in the background. This means that people don’t realise just how much security is actually involved in the simple process of, say, connecting to Facebook.
British Gazette comment: The above illustrates that in the past people had to face very real threats to their health, lives and well being. It has been the case since the beginning of time. What can change is the nature of those threats.
Two hundred years ago, in 1817, cholera was a threat to Londoners. Today in 2017, it is not. Lung and heart disease by diesel exhaust is however. Plus ça change, plus c’est la même chose.
GOTO: https://www.exponentialinvestor.com/
Expotential Investor is an online publication by Southbank Investment Research Ltd. Registered in England and Wales No 9539630. VAT No GB629 7287 94. Registered Office: 2nd Floor, Crowne House, 56-58 Southwark Street, London, SE1 1UN. Tel. 020 7633 3615