{"id":12543,"date":"2015-06-13T16:11:10","date_gmt":"2015-06-13T16:11:10","guid":{"rendered":"http:\/\/rafaelfajardo.com\/portfolio\/basic-parts-of-our-infrastructure-are-vulnerable\/"},"modified":"2015-06-13T16:11:10","modified_gmt":"2015-06-13T16:11:10","slug":"basic-parts-of-our-infrastructure-are-vulnerable","status":"publish","type":"post","link":"https:\/\/rafaelfajardo.com\/portfolio\/basic-parts-of-our-infrastructure-are-vulnerable\/","title":{"rendered":"Basic parts of our infrastructure are vulnerable to hacking"},"content":{"rendered":"

stoweboyd<\/a>:<\/p>\n

Concerns about cybersecurity are rising, but most people think about hackers stealing credit card data from corporate databases, while it may be just as critical to worry about services we take for granted, like the electric grid or air traffic control.<\/b><\/p>\n

\n

The Internet of Things (IoT) is bringing a new awareness of security vulnerabilities into broad daylight. And this isn\u2019t being driven by new technologies rolling out \u2013 like smartphone-controlled ovens<\/a>\u00a0\u2013 but mostly by researchers demonstrating how public infrastructure is dangerously insecure.<\/p>\n

Consider our traffic light infrastructure, providing vital services in every city and town across the country and most of the world. Researchers, like Cesar Cerrudo of IOActive Labs, have demonstrated that these systems can be hacked. Cerrudo flew to Washington DC last year and found he could break into the capital\u2019s traffic system, and change red lights to green: he could have,\u00a0\u2018paralyzed emergency responders,\u2019 as Nicole Perlroth put it in the New York Times<\/a>.<\/p>\n

When he approached the company that designed the traffic sensors involved, he was ignored. Apparently the traffic on the sensor network is unencrypted. Cerrado said in a recent interview<\/a>,\u00a0<\/p>\n

\n

What I found is that cities are filled with security problems that could have a very direct and physical impact on our lives.<\/p>\n<\/blockquote>\n

Yes, it does sound like a Hollywood movie, like the Italian Job<\/i> or Live Free or Die Hard<\/i>, but Cerrado and others researchers have shown it\u2019s not special effects. A team from the University of Michigan led by J. Alex Halderman found<\/a> three major weaknesses in the traffic infrastructure:<\/p>\n

    \n
  1. Unencrypted traffic<\/li>\n
  2. the use of default passwords and user names<\/li>\n
  3. a debugging port too easily attacked.<\/li>\n<\/ol>\n

    Traffic systems are designed for the convenience to traffic engineers, rather than public safety. For example, once tapped in to any point of entry, the entire system can be accessed, in many cases.<\/p>\n

    Concerns about cybersecurity are rising, but most people think about hackers stealing credit card data from corporate databases, while it may be just as critical to worry about services we take for granted, like the electric grid or air traffic control.<\/p>\n

    \n

    I\u2019m not writing about someday-in-the-future drones or the 2020 smart home: these are relatively pedestrian networked systems in place today, that we all rely on.<\/b><\/p>\n

    \n

    Another disturbing bit of research along these lines appeared this month, when security researcher Billy Rios discovered<\/a> that a popular drug infusion pump has vulnerabilities that would allow a hacker to remotely monitor and change the dosage of drugs being administered to patients in hospitals.<\/p>\n

    As Cory Doctorow summarizes<\/a> at BoingBoing,<\/p>\n

    \n

    The companies whose products Rios analyzed are in denial about their mistakes. Hospira, who have at least 325,000 vulnerable Plum A+ models in hospitals worldwide (and unknown numbers of other vulnerable models), insist that they are invulnerable because the devices\u2019 communications modules are physically isolated from the pumps\u2019 circuitry. But although these two functions are separated on two physical boards, these boards are connected by a serial cable that allows them to talk to each other, and the pumps do not validate the firmware their receive from the communications modules.<\/p>\n<\/blockquote>\n

    So, a hacker would only need access to the hospital\u2019s network, which is likely to be connected to the Internet, and boom! All the pumps are shut off.<\/p>\n

    I feel like I am drafting the screenplay of a dystopian sci fi novel, but I\u2019m not. (Or should I be?)\u00a0<\/p>\n

    These are just the most recent examples of the findings of researchers who are probing the existing<\/b><\/i> infrastructure that our world runs on. I\u2019m not writing about someday-in-the-future drones or the 2020 smart home: these are relatively pedestrian networked systems in place today, that we all rely on. And they\u2019re as full of holes as Swiss cheese.<\/p>\n

    \n

    This post was written as part of the IBM for Midsize Business<\/a> program, which provides midsize businesses with the tools, expertise and solutions they need to become engines of a smarter planet. I\u2019ve been compensated to contribute to this program, but the opinions expressed in this post are my own and don\u2019t necessarily represent IBM\u2019s positions, strategies or opinions.<\/i><\/p>\n<\/blockquote>\n","protected":false},"excerpt":{"rendered":"

    stoweboyd: Concerns about cybersecurity are rising, but most people think about hackers stealing credit card data from corporate databases, while it may be just as critical to worry about services we take for granted, like the electric grid or air traffic control. The Internet of Things (IoT) is bringing a new awareness of security vulnerabilities […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[10],"tags":[],"class_list":["post-12543","post","type-post","status-publish","format-standard","hentry","category-words"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_shortlink":"https:\/\/wp.me\/p6PWot-3gj","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/rafaelfajardo.com\/portfolio\/wp-json\/wp\/v2\/posts\/12543","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/rafaelfajardo.com\/portfolio\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/rafaelfajardo.com\/portfolio\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/rafaelfajardo.com\/portfolio\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/rafaelfajardo.com\/portfolio\/wp-json\/wp\/v2\/comments?post=12543"}],"version-history":[{"count":0,"href":"https:\/\/rafaelfajardo.com\/portfolio\/wp-json\/wp\/v2\/posts\/12543\/revisions"}],"wp:attachment":[{"href":"https:\/\/rafaelfajardo.com\/portfolio\/wp-json\/wp\/v2\/media?parent=12543"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/rafaelfajardo.com\/portfolio\/wp-json\/wp\/v2\/categories?post=12543"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/rafaelfajardo.com\/portfolio\/wp-json\/wp\/v2\/tags?post=12543"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}