Networking

08:58 AM
Lee Badman
Lee Badman
Commentary
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
50%
50%

Hacking Everything

Here’s a puzzle for you: What do a new Dodge Ram pickup truck, a digital road sign, a young English lady’s cell phone and a modern lighting control system have in common? They’re not all necessarily made in the same Third World country, if that’s what you’re thinking. But they are all exploitable by virtue of their network connectivity, and the implications can be quite worrisome.

Here’s a puzzle for you: what do a new Dodge Ram pickup truck, a digital road sign, a young English lady’s cell phone and a modern lighting control system have in common? They’re not all necessarily made in the same Third World country, if that’s what you’re thinking. But they are all exploitable by virtue of their network connectivity, and the implications can be quite worrisome.

I was in London a few weeks back, and the scandal involving the widespread hacking of mobile phones by the media was still fresh enough that my cab driver was more than happy to share the lurid details as Londoners saw it. The technical aspects are interesting enough, but my new friend Mick said something that stuck with me: "It just shouldn’t be that easy. I mean, everybody’s got a cell phone, and not all reporters are that smart, you know?"

Then, driving home from work this week, I caught a story on NPR1 that detailed how security firm iSEC Partners was able to demonstrate unlocking a vehicle and starting its engine through the same sort of IP-connected framework that makes the likes of OnStar tick. This was a nice followup to an earlier piece dealing with same topic, but talking more about the use of texting as a command protocol of sorts and the security weaknesses that accompany the once-exotic notion of making seemingly stupid objects able to interconnect in cool and strange new ways.

And who hasn’t seen the images of digital highway signs hacked to display funny (in the eye of the prankster, obviously) messages? Instead of "Traffic Congestion Ahead," you probably saw either "Zombies Ahead" or "Poop Ahead," depending on what variant cycled through your email. Whether you subscribe to sophomoric humor or not, the fact that many such signs now get programmed remotely over cellular or satellite networks also raises the hairs on the backs of the necks of those of us who "do" security for a living.

Put simply, as the Internet of Things continues its aggressive growth and more IP-enabled consumer devices show up far and wide, the environment for those who enjoy network-based vandalism, and for those who seriously hack for a living, is also becoming proportionally more target-rich.

Attacks on modern devices can have a social engineering and a technical component. Josh Wright, of Will Hack For SUSHI fame, published a great article called "Verizon MiFi Pwned," which details his signature thorough approach to attacking a device through simple observation of product labels combined with easy-to-use cracking tools to maliciously master one of Verizon’s hottest mobile products.

The examples of devices to be concerned about from the perspective of network security go on and on: ATMs, medical equipment, lighting systems, appliances, smart grid components and network signaling devices on the road, in port and in the rail spaces. And there are plenty more potential targets as the world grows ever more connected by the amazing fruits of modern chipmakers’ labors.

In reality, not every device I've mentioned here has been hacked--yet. At the same time, common sense says it’s just a matter of time before each one of these device sets sees real trouble, whether it’s just somebody recreationally DOSing the devices or using the new distributed endpoints as ingress vectors to real high-value targets.

These are exciting times in networking, and getting more so every day. Let’s hope that all of the people putting new devices and protocols onto the wire and in the air remember to add a healthy dose of paranoia into their feature sets.

Lee is a Network Engineer and Wireless Technical Lead for a large private university. He also teaches classes on networking, wireless network administrtaion, and wireless security. Lee's technical background includes 10 years in the US Air Force as an Electronc Warfare ... View Full Bio
Comment  | 
Print  | 
More Insights
Hot Topics
6
Guide: The Open Compute Project and Your Data Center
James M. Connolly, Editor in Chief, The Enterprise Cloud Site,  7/21/2014
4
Network Security: An Oxymoron In The Cloud Era?
Rajat Bhargava, Co-Founder & CEO, JumpCloud,  7/22/2014
4
Understanding IPv6: Link-Local 'Magic'
Denise Fishburne, Cisco Champion,  7/24/2014
White Papers
Register for Network Computing Newsletters
Cartoon
Current Issue
2014 Private Cloud Survey
2014 Private Cloud Survey
Respondents are on a roll: 53% brought their private clouds from concept to production in less than one year, and 60% ­extend their clouds across multiple datacenters. But expertise is scarce, with 51% saying acquiring skilled employees is a roadblock.
Video
Slideshows
Twitter Feed