BB posted an excerpt from Marc Goodman's new book, Future Crimes, which detailed a 2012 incident where an ex-employee hacked the remote-kill "repo switch" used by one Texas car dealership to shut down dozens of cars.
Though the incident was initially dismissed as a “systemic mechanical failure,” something much more nefarious was at play. An intruder illegally accessed Texas Auto Center’s Web-based remote vehicle immobilization system and one by one began turning off their customers’ cars throughout the city. Attempts by the dealership to turn the cars back on were stymied because the hacker had also altered the records in its database, changing vehicle identification numbers and replacing the names of legitimate customers with those of celebrities, such as the long-dead rapper Tupac Shakur and the pop star Jennifer Lopez.
Clearly something was amiss, and eventually suspicions fell upon twenty-year-old Omar Ramos-Lopez, who had been fired from the dealership in the days prior to the widespread vehicular paralysis for “not meeting company standards.” Law enforcement officials alleged Ramos-Lopez used his knowledge of his former employer’s system and the password of a former co-worker to exact revenge for his firing by disabling cars en masse throughout Austin. The police investigation showed that the former collection agent logged in to Pay Technologies’ servers in Ohio from the AT&T broadband network leading to his home. Ramos-Lopez was arrested and charged with felony breach of a computer system.
This incident was relatively easy to resolve because the hacker's cunning did not match his technical skills, but the next case might not be.
There are whole communities devoted to hacking smart devices, and it's a hot topic at security conferences. While most of the methods discussed on those sites focus on hacking a device while in its physical presence, that doesn't necessarily mean you're safe from an attack.
That Nest you bought off on Craigslist, or the open box (returned) Android TV on the shelf at Best Buy could each come with a special gift from its previous owner.
And it's not just smart devices; cars can be hacked as well. Due to the need for physical access to the car, it's a relatively minor problem now. But with so many car makers so excited over the idea of loading up cars with an excess of computers, it won't stay that way. (How do you think they're going to push out firmware updates, if not wirelessly?)
And let's not even talk about the possibilities for hacking medical implants.
If this post is turning you into a luddite, I wouldn't blame you. That wasn't my intent, and I certainly don't plan to give up on my gadgets.
But I will be making a note of which devices I own are smart enough to need to be secured, and how to do that.
It's the only way to be safe (aside from not having any of the gadgets at all, that is).
image by Alexandre Dulaunoy