by John Worrall
Coming out of Black Hat, vehicle and car hacks grabbed a lot of the attention. Some of the techniques used by the car hackers that were unveiled were detailed in a recent Forbes article.
The reporter went for a drive with the hackers – during which they demonstrated how they could hack into a car and control several functions, including blasting the horn to serious hazards like slamming on the Prius’ brakes at high speeds.
While the car manufacturer stated that the hack was relatively meaningless because the hackers had to assume physical presence in the car, Forbes highlighted that gaining wireless access to a car is old news. Researchers have shown that using backdoors through connected device like OnStar, Bluetooth bugs, rogue apps synched to he car, or even malicious audio files, can lead to a breach of the entire system, including the systems used by the hackers to assume control of the car and “violently jerk the steering at any speed.”
There are many similarities in what’s happening with cars to what happens to businesses every day. One of the big takeaways is that whether it’s a physical insider, or a malicious attacker on the outside, the threat is getting past perimeter defense. Businesses need to act accordingly and assume the threats are already inside.
To broaden the example, take the critical infrastructure industry and continued hacks to SCADA and ICS systems. At Black Hat, several experts demonstrated “Catastrophic Attacks” through SCADA systems. These attacks were caused by attackers bypassing perimeter security through simple means, and targeting privileged and administrative accounts that are hardcoded into these SCADA systems, or are secured through simple default passwords. Hackers can find these systems and passwords online. Once they gain access to these accounts – they control the system. Once they have control, they can do things such as overflow oil tanks, cause pipes to burst, and worse.
Of course, people inside critical infrastructure companies can cause just as much damage taking the same privileged pathway – just checkout what happened at Saudi Aramco or Stuxnet.
The bottom line is that it no longer matters where the attack originates – insiders and outside attackers take the same privileged pathway to gain access and control of a company’s network.
And as the car hacks show – everything that has a microprocessor is vulnerable. Whether it’s a car, or a control system for an oil rig, we need to do a better job of locking down the pathway hackers are taking to breach our systems.
