A Hacked Jeep Is Just The Tip Of A Very Scary Iceberg

My favorite new MediaPost publication is the IoT (Internet of Things) Daily. They haven’t asked me to talk about this at all; I promise. But it’s so cool. It’s the one talking about all the bright shiny things, like residents at a senior community wearing sensors so they don’t go wandering off, or a male grooming service adding virtual reality to its offering.

On Wednesday, though, there was a headline that really stopped me in my tracks. Or rather, a headline about somebody stopping something in its tracks: the specific someone being hackers, and the thing they stopped in its tracks being a jeep going 70 miles per hour.

This story is terrifying -- and the substance of it isn’t even that bad. These weren’t “14-year-olds-in-their-parents’-basement” hackers playing the most heart attack-inducing prank ever; they were well-known hackers specifically “conducting car-hacking research to determine if an attacker could gain wireless control to vehicles via the internet.” The driver wasn’t some unsuspecting dupe; it was Wired writer Andy Greenberg, the hackers’ self-described “digital crash-test dummy.”



No, it wasn’t the event that was so scary; it was the implications. It’s bad enough when your MacBook gets hacked. It’s worse when the computer being hacked is the one you drive in, or fly in. Networked machines control every piece of critical infrastructure we have, from air traffic control to sewage treatment, and we are shockingly unprepared to protect their vulnerabilities.

Way back in 1997, a teenage boy was able to hack into the Worcester, Mass. airport and disable “phone service at the control tower, airport security, the airport fire department, the weather service, and carriers that use the airport. Also, the tower's main radio transmitter and another transmitter that activates runway lights were shut down, as well as a printer that controllers use to monitor flight progress. The hacking also knocked out phone service to 600 homes in the nearby town of Rutland.”

Our security has gotten more sophisticated since then, but the risks have also gotten exponentially greater. By the end of this year, 13 billion things will be connected to the Internet. 13 billion possible access points. 13 billion vulnerabilities.

Two years ago, Dick Cheney revealed that he had the wireless functionality of his pacemaker disabled because it could plausibly have been hacked. In a Washington Post piece on the topic, Andrea Peterson summed up the issue: “Security Researchers have long warned that the IT security on medical devices is lacking and malware runs ‘rampant’ in hospital environments. Often, medical software tends to be older and more vulnerable than consumer tech because updating the software might risk running afoul of their Food and Drug Administration approval. So somewhat ironically, regulation in place to ensure the safety of medical devices ends up being an excuse for those systems to remain static, and thus less secure. That is especially worrisome because more and more of the medical devices people depend on to stay alive are becoming networked into the so-called ‘Internet of things.’”

So what should we do about this? At Singularity University in March, Marc Goodman, the author of "Future Crimes,” laid out a series of challenges:

  • To Silicon Valley, to stop with the culture of “Just ship it” and start being accountable when insecurity approaches negligence.
  • To data management folks everywhere, to encrypt everything. There is no reason not to encrypt patient records, employee records, and the like.
  • To government, to create a National Cyber Reserve Corps, bringing in and training 100,000 people to be prepared for disaster so we’re not training them during a disaster.
  • And to someone like X-Prize Foundation, to create a $20 million cash prize designed to crowd-source cybersecurity solutions.

It’s doubtful there’s any one answer. But it’s clear that, if we don’t take this stuff seriously, a hacked Jeep may just be the least of our worries.

Next story loading loading..