Is There Anything That Can't Be Hacked?
By Samuel Greengard
One of the painful realities of the digital age is that we have to deal with hacking. Although intrusions into enterprise and government systems steal the spotlight, there's a less obvious but increasingly serious side to the problem: the risk to consumer products.
Forbes reports that two security researchers have learned how to hack into the computers on automobiles. They can switch brakes on and off at will, control the horn on a vehicle, kill power steering, jerk the steering wheel, and spoof the GPS system so that it provides false readings on the speedometer and odometer. The researchers achieved these results using a standard laptop with software they built through reverse engineering processes.
Meanwhile, The Economist reports that medical devices are prone to hacking. More than half of all medical devices now rely on software. A Pacemaker contains more than 80,000 lines of code, and an MRI has upward of 7 million lines of code. Vulnerabilities also appear in everything from insulin pumps to defibrillators, security researchers say.
So far, there have been no documented attacks on these devices. But we all know the situation won't stay that way for long.
Some security experts say that manufacturers too often display a lackadaisical attitude about testing software and securing vulnerabilities on their products. Not surprisingly, they're more interested in getting a product to market and into consumers' hands than they are in testing the software for vulnerabilities.
All of this makes me feel uneasy. Cars veering off roads, insulin pumps gone crazy and hijacked IP phone systems (already a growing problem) aren't the utopian vision we imagined at the dawn of the digital age. While the business world is beginning to take notice, the problem is probably going to get worse before it gets better.
Ironically, the use of open-source code could provide at least a partial solution. One of the problems with today's systems is that they're mostly proprietary, which means that security experts can't examine them for flaws.
Manufacturers must pay attention to the potential problems and spend more time and resources protecting their products. Otherwise, the next generation of consumer devices isn't going to compute.