Networking

11:15 AM
Jim Rapoza
Jim Rapoza
Commentary
Connect Directly
Twitter
RSS
E-Mail
50%
50%

Black Hat Will Once Again Show Our Security Weaknesses

The most important thing about Black Hat is the reality check it provides on just how insecure everything really is, from computers to networks to mobile devices to industrial and other systems that are now increasingly connected and exposed. And this week’s Black Hat will be no exception, as several scheduled demos will display just how scary some of these security holes can be.

The Black Hat conference, which is happening this week in Las Vegas, has long been one of my favorite security conferences. Part of the appeal is being around all of the interesting hackers and security researchers as they demo cool new ways to exploit holes in our technology infrastructure.

But the most important thing about Black Hat is the reality check it provides on just how insecure everything really is, from computers to networks to mobile devices to industrial and other systems that are now increasingly connected and exposed. And this week’s Black Hat will be no exception, as several scheduled demos will display just how scary some of these security holes can be.

One of the most potentially dynamic demos will be from two researchers at iSec Partners, who will show how they can remotely unlock and start a car protected by a modern security system using only SMS text messages. That’s right--someone can steal your car without even being there. Maybe what we don't see in that commercial where the woman remotely controls a car while boarding a plane as two friends look on is that the three are really high-tech car thieves and the two friends are actually about to steal the car.

What's even scarier about the hack that iSec has discovered is that it isn't limited to modern cars. Many of these same GSM-enabled control systems are also found in industrial and physical security locations. So instead of just being able to remotely unlock and start a car, bad guys could potentially remotely control power plants, security systems at businesses and maybe even lock down controls at prisons.

How is this kind of thing possible? Simple. In security today, there is a constant push to enable and add cool new features that make things easy. And who doesn’t like easy?

But the problem is that, in comparison, security is barely being considered at all when adding these cool new features. Before remotely manageable components were added to sensitive control systems, didn’t anyone say, "Hey, shouldn’t we make sure that this is secure and can’t be taken over by bad guys?"

Most likely no one did. And who can blame them? In modern product cycles, the guy who brings up security issues and potentially holds up cool new features looks bad in front of his bosses (even if he does end up being right in the long run).

Previous
1 of 2
Next
Comment  | 
Print  | 
More Insights
Slideshows
Cartoon
Audio Interviews
Archived Audio Interviews
Jeremy Schulman, founder of Schprockits, a network automation startup operating in stealth mode, joins us to explore whether networking professionals all need to learn programming in order to remain employed.
White Papers
Register for Network Computing Newsletters
Current Issue
2014 Private Cloud Survey
2014 Private Cloud Survey
Respondents are on a roll: 53% brought their private clouds from concept to production in less than one year, and 60% ­extend their clouds across multiple datacenters. But expertise is scarce, with 51% saying acquiring skilled employees is a roadblock.
Video
Twitter Feed