Networking

08:58 AM
Lee Badman
Lee Badman
Commentary
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
50%
50%
Repost This

Hacking Everything

Here’s a puzzle for you: What do a new Dodge Ram pickup truck, a digital road sign, a young English lady’s cell phone and a modern lighting control system have in common? They’re not all necessarily made in the same Third World country, if that’s what you’re thinking. But they are all exploitable by virtue of their network connectivity, and the implications can be quite worrisome.

Here’s a puzzle for you: what do a new Dodge Ram pickup truck, a digital road sign, a young English lady’s cell phone and a modern lighting control system have in common? They’re not all necessarily made in the same Third World country, if that’s what you’re thinking. But they are all exploitable by virtue of their network connectivity, and the implications can be quite worrisome.

I was in London a few weeks back, and the scandal involving the widespread hacking of mobile phones by the media was still fresh enough that my cab driver was more than happy to share the lurid details as Londoners saw it. The technical aspects are interesting enough, but my new friend Mick said something that stuck with me: "It just shouldn’t be that easy. I mean, everybody’s got a cell phone, and not all reporters are that smart, you know?"

Then, driving home from work this week, I caught a story on NPR1 that detailed how security firm iSEC Partners was able to demonstrate unlocking a vehicle and starting its engine through the same sort of IP-connected framework that makes the likes of OnStar tick. This was a nice followup to an earlier piece dealing with same topic, but talking more about the use of texting as a command protocol of sorts and the security weaknesses that accompany the once-exotic notion of making seemingly stupid objects able to interconnect in cool and strange new ways.

And who hasn’t seen the images of digital highway signs hacked to display funny (in the eye of the prankster, obviously) messages? Instead of "Traffic Congestion Ahead," you probably saw either "Zombies Ahead" or "Poop Ahead," depending on what variant cycled through your email. Whether you subscribe to sophomoric humor or not, the fact that many such signs now get programmed remotely over cellular or satellite networks also raises the hairs on the backs of the necks of those of us who "do" security for a living.

Put simply, as the Internet of Things continues its aggressive growth and more IP-enabled consumer devices show up far and wide, the environment for those who enjoy network-based vandalism, and for those who seriously hack for a living, is also becoming proportionally more target-rich.

Attacks on modern devices can have a social engineering and a technical component. Josh Wright, of Will Hack For SUSHI fame, published a great article called "Verizon MiFi Pwned," which details his signature thorough approach to attacking a device through simple observation of product labels combined with easy-to-use cracking tools to maliciously master one of Verizon’s hottest mobile products.

The examples of devices to be concerned about from the perspective of network security go on and on: ATMs, medical equipment, lighting systems, appliances, smart grid components and network signaling devices on the road, in port and in the rail spaces. And there are plenty more potential targets as the world grows ever more connected by the amazing fruits of modern chipmakers’ labors.

In reality, not every device I've mentioned here has been hacked--yet. At the same time, common sense says it’s just a matter of time before each one of these device sets sees real trouble, whether it’s just somebody recreationally DOSing the devices or using the new distributed endpoints as ingress vectors to real high-value targets.

These are exciting times in networking, and getting more so every day. Let’s hope that all of the people putting new devices and protocols onto the wire and in the air remember to add a healthy dose of paranoia into their feature sets.

Comment  | 
Print  | 
More Insights
More Blogs from Commentary
Infrastructure Challenge: Build Your Community
Network Computing provides the platform; help us make it your community.
Edge Devices Are The Brains Of The Network
In any type of network, the edge is where all the action takes place. Think of the edge as the brains of the network, while the core is just the dumb muscle.
Fight Software Piracy With SaaS
SaaS makes application deployment easy and effective. It could eliminate software piracy once and for all.
SDN: Waiting For The Trickle-Down Effect
Like server virtualization and 10 Gigabit Ethernet, SDN will eventually become a technology that small and midsized enterprises can use. But it's going to require some new packaging.
IT Certification Exam Success In 4 Steps
There are no shortcuts to obtaining passing scores, but focusing on key fundamentals of proper study and preparation will help you master the art of certification.
Hot Topics
3
IT Certification Exam Success In 4 Steps
Amy Arnold, CCNP/DP/Voice,  4/22/2014
3
Edge Devices Are The Brains Of The Network
Orhan Ergun, Network Architect,  4/23/2014
1
Heartbleed Flaw Exploited In VPN Attack
Mathew J. Schwartz 4/21/2014
White Papers
Register for Network Computing Newsletters
Cartoon
Current Issue
2014 Private Cloud Survey
2014 Private Cloud Survey
Respondents are on a roll: 53% brought their private clouds from concept to production in less than one year, and 60% ­extend their clouds across multiple datacenters. But expertise is scarce, with 51% saying acquiring skilled employees is a roadblock.
Video
Slideshows
Twitter Feed