“All Your Devices Can Be Hacked”
Hello and happy Spring Break! Thanks again for reading our blog.
I wasn’t certain if we’d stop for a week or if the blog would be ongoing through Spring Break, but I’ve made the Blackboard quiz due March 25 – so whatever was decided, you’ll have the following two weeks to try the quiz. There’s much more detail in the video (http://www.ted.com/talks/avi_rubin_all_your_devices_can_be_hacked.html) and it’s really interesting if you have a chance to listen to it, but here’s a basic summary.
Avi Rubin, a computer science professor at Johns Hopkins University (and director of its Health and Medical Security Lab) gave a TED talk last October detailing some of the security implications of our newest wireless devices. This is important because of the number of people it potentially affects, and it shows the importance of security in all IT-related applications.
The first example he gives has to do with recently manufactured pacemakers, with wireless capabilities. Of course, pacemakers sometimes have to be adjusted or reset, and it doesn’t make much sense to reopen the patient’s chest cavity each time that happens. Wireless communication is an excellent solution because it allows adjustments to be made as needed, with little interference in the life of the patient. However, because pacemakers can now be wirelessly controlled, reverse-engineering the wireless communication protocol can make it possible to change data on the device, such as the patient’s name, cardiac data, or the type of therapy. A denial of service attack can literally be deadly if the appropriate wireless security measures aren’t used.
In addition, automobiles now have a large amount of networking technology built in: there’s a dashboard interface reporting vital information, a diagnostic port to tell you when to check the engine, signals coming in via Bluetooth and XM/FM/AM radio, and more. Two field tests were done by other researchers; they bought two cars and simulated two different types of attacks, one on the wired network and one on the wireless network. The first test fooled the speedometer into displaying 140MPH while the car was in park. The other showed that it’s possible to apply or disable the brakes from outside any given car. That entire discussion is at 4:43 in the video if you’d like to hear more details.
One can jam P52 radios with the right tools; these are commonly used by police and secret service agents. Denial of service was simulated using “My First Jammer,” built from a texting device made by Girl Tech (which, interestingly, happens to operate on the same frequency as P52 radios).
Using the iPhone 4’s much more sophisticated accelerometer, it’s possible to determine to a certain degree of accuracy what is typed on a keyboard next to the iPhone. This is according to a project done by researchers at Georgia Tech. An article from Engadget.com explains their results this way: “…it [the software developed by Georgia Tech] can use the accelerometer to sense vibrations within three inches, in degrees of ‘near or far and left or right,’ allowing it to statistically guess the words being written — so long as they have three or more letters. It does this by recording pairs of keystrokes, putting them against dictionaries with nearly 58,000 words to come up with the most likely results.” The full article is here: http://www.engadget.com/2011/10/21/georgia-tech-spies-on-nearby-keyboards-with-iphone-4-acceleromet/ . The results say that by simply placing an iPhone 4 with this software on the desk next to your laptop, you risk transmission of 80 percent of the words you type on your laptop.
This particular talk is all about network security and how some of the same principles can be applied to such different technologies as pacemakers and P52 radio transmitters. We know that hacking isn’t easy in reality, and it certainly isn’t easy to fully protect things from hackers, but it’s clear that specialists in the security field will become very important as technology advances. There are important government jobs and others that need security people.
At ISU, there’s another scholarship available for IT majors to apply to. If you’ll be a junior or senior, or going on to graduate school, it’s worth checking out. Funding for tuition, fees, room & board, and even paid internship opportunities are available to students who meet the qualifications (a 3.0 GPA is one of them, 3.2 for grad students). It’s funded by the U.S. Department of Defense. If you’re interested, the contact is Dr. Doug Twitchell.
Once again, the quiz is available on Blackboard, and you’ll have until March 25. It looks like there are now two pages of quizzes and it will appear on the next page.
Entry filed under: Uncategorized.