When you hear the term “hacker” you likely picture someone sitting in front of a black computer screen writing code to steal your personal or financial data. But there are also hackers who like to take control of things like medical devices and vehicles.
“Any device that comes online ultimately will be hacked – that’s just how the hacker community works,” says Mike Nelson, vice president of IoT security at Digicert. “It’s like a kid in a candystore. When a new device comes online, they love to go in and figure out the vulnerabilities. As more and more devices come online, we are going to see many more of these types of attacks.”
If hacking sounds somewhat like a superpower, you’re not far off. And just like in the movies, some use their superpowers for bad and some use them for good. The good guys are testing the same security systems to beat the bad guys to the punch.
Security researchers have shown they could hack into a hospital’s infusion pump system and change doses being given to patients from a remote location. That type of vulnerabilities, if not discovered and addressed in time could have dire consequences.
There are even examples of hackers finding these weaknesses and exploiting them for financial gain. About a year ago, an organization called Muddy Waters partnered with a financial group after discovering an issue with a pacemaker made by St. Jude Medical. The vulnerability essentially allowed them to deplete the battery power and render the device useless. The group purchased a short position before releasing the information to the public. When the stock price drops, the short sellers win big.
Of course, taking these threats out of the abstract is when things really get frightening.
Take for example, the two ordinary guys who figured out how to hack into a Jeep Cherokee, and they claim they can exploit the same security weakness in other Chrysler vehicles. They turned on the fan, cranked the stereo volume, activated the windshield washers and even killed the engine.
Again, these were some good guys who worked with Chrysler to fix the issue before they told anyone about it.
“We are constantly changing our encryption algorithms, making them stronger and using better technology ,” says Nelson. “As computers get more powerful it makes the hackers more powerful. We have to stay a step ahead.”
You can listen to our full conversation with Nelson in Episode 3 of the CYBER24 podcast.