New devices vulnerable for Internet based attacks, OR: The future is here
Introduction
In our regular security articles, we have several times pointed out that security vulnerabilities and exploits are not restricted to "traditional" computers. We have predicted that several of the devices that our daily lives are filled with, may be exploited in the (near) future.
See for example our articles
Disabling cars remotely
The header may be perceived by some as a joke, but sadly this was not the case last month for a car dealer in Texas, USA. The dealer had installed a system in its cars that enabled remote access to the cars from a web-based system. The idea was that if the dealer's customers did not meet their financial obligations to the car dealer, the cars' ignition systems could be disabled remotely. This functionality would supposedly function as an incentive to pay the installments in time.
This seems like a good idea if everything functions as intended. Enter however - one of the most dangerous persons in any security setup - the disgruntled employee.
A person working for the car dealer was laid off, and as revenge (presumably) he used this system to disable the ignition system in several of the cars sold by the car dealer. Cars belonging to customers who had paid their installments. The former employee's account was said to be terminated, but allegedly he used another employee's credentials.
You will find more information about this particular incident in the news article from Wired.
Ford integrates its car models with the Internet
The huge car manufacturer Ford is in the forefront of integrating its vehicles with other devices and the Internet.
Earlier this year Ford introduced a technology named MyFord Touch, which is to be included in the manufacturer's cars in the near future. Among a multitude of features, support for USB devices and integrated WiFi capability should be mentioned. MyFord Touch is based on Microsoft’s Windows Embedded Auto platform and Ford's SYNC system, and includes firewall technology to avoid illegitimate use of the network/system.
MyFord Touch in its first version seems to be focusing primarily on enhancing the driving experience (and parking experience: a built-in browser for use while in "Park'"). However it is also integrated with car's climate control system, and the car's locks.
We may soon expect systems that integrate even more tightly with standard vehicle functionality either from Ford or other car manufacturers. This of course represents an enhanced risk if something goes wrong or if the systems are not as secure as intended.
Beware!
We have seen that whenever new communication platform's are introduced, people using those platforms are forgetting the special awareness they have acquired when using familiar platforms. This is one of topics most often discussed in our security articles in recent years.
The most important knowledge to treasure when you are starting to use a new computerized technology is the generic awareness of the danger involved in using any networked devices.
The use of common sense will protect you from quite a lot - though not all! - of the risks you are exposed to.
As we have seen above, however,
The future is already here.
