In the good old days, a cyberattack meant the loss of data. Sure, a hack could be crippling, but its effects were largely confined to 1's and 0's. But now, as the digital sphere is melding more totally and seamlessly with the physical one, the reach of hackers has grown.
Today, a hack can do much more than steal your information or shut down your computer system. It can commandeer your car or send whole cities grinding to a halt. Here's a quick overview of how hacking has moved from the digital to the real world, turning everyday objects into potential security threats.
The Internet of Things and Security Vulnerabilities
Cybersecurity risks are coming to traditionally non-digital objects largely because of the expansion of the Internet of Things. For the unfamiliar, the IoT refers to Internet-enabled devices, like thermostats that can be adjusted from your smartphone or street lights that wirelessly relay efficiency data back to city headquarters.
The Internet of Things has been rapidly growing; some forecast that there will be more than 40 billion IoT devices by the year 2020. If those devices are unsecure, they can pose huge cybersecurity risks.
Much of the worry is about data. If your devices are tracking and relaying information about you, who will have access to -- and protect -- that info on your sleep patterns, temperature preferences, and gym schedules?
But another worry is growing: that the devices themselves will be hijacked. Techie burglars can already hack into your garage doors, for example, and a year-end report by McAfee found that almost half of all cybersecurity experts surveyed believed that hacking of critical infrastructure would lead to loss of human life within three years.
What Kind of Malpractice Would Hacked Pacemakers Be?
If you want hacking that kills, medical devices are a good place to start. Medical manufacturers are adding wireless capabilities to a host of medical devices, from neurostimulators, to pacemakers, to insulin pumps.
In July of 2015, the FDA called for medical providers to stop using the Hospira Symbiq Infusion System due to "cybersecurity vulnerabilities," though the warning came more than 400 days after the risk was first discovered. The infusion system is a pump that delivers medications or nutrients to patients and could be hacked to alter the dosage amounts, with potentially fatal consequences.
The Rise of Carhacking
Consider it carjacking for the modern age: carhacking occurs when outsiders exploit vulnerabilities in a car's electronic controls, allowing them to gain control of some or all of the vehicle's functions. The risk isn't reserved just for newfangled self-driving cars, either. Carhacking has been possible in all types of vehicles.
Vulnerabilities in G.M.'s OnStar devices, for example, allowed white hat hacker Sam Kamkar to easily hijack the system in August. Radios, too, have lead to vulnerabilities. Last summer hackers were able to hijack a Jeep Cherokee through its radio, allowing them to change the car's speed and take over its breaks. Over a million cars were recalled as a result.
Lights Out: Hackers Take Down a Power Plant
Thankfully, the automobile and medical device vulnerabilities are spotted by experts before they were exploited in the real world. (As far as we know.) That's not the case with attacks against major infrastructure, however. At least not anymore.
In December, an attack on a Ukrainian power company cut power to 80,000 customers for six hours. The outage was a result of Sandworm malware, which exploits a vulnerability in PowerPoint to infect computer systems. It's a favorite of Russian hackers and a U.S. cybersecurity firm recently identified the Ruskies as being behind the power outage, though it's still unclear if Russian hackers were acting on instructions from the government.
Will the next big vulnerability be in our Twitter-enabled toilets, our Facebook fridges, or our WiFi-ready water supply? Who knows. But one thing is certain: as the Internet of Things grows, so does the risk that everyday objects could be exploited.
- CIA Eyes Russian Hackers in 'Blackout' Attack (The Daily Beast)
- The 6 Most Newsworthy Data Breaches of 2015 (FindLaw's Technologist)
- FTC Chairwoman Raises Concerns Over the Internet of Things (FindLaw's Technologist)
- The Internet of Insecure Things: Hacking 'Smart Devices' (FindLaw's Technologist)