All your Devices can be Hacked – IOT needs EOT
In this Ted talk, computer science professor, Avi Rubin takes us on a journey of hacking that will astound you.
Implanted medical devices
The pacemaker was invented in 1926 but the real interest from a computer security perspective started in 2006 when they were given networking capabilities.
Now what a research team did was they got their hands on what’s called an ICD. This is a defibrillator, and this is a device that goes into a person to control their heart rhythm, and these have saved many lives.
This device was made to be able to communicate wirelessly, and what this research team did is they reverse engineered the wireless protocol, and they built the device with a little antenna, that could talk the protocol to the device, and thus control it.
What could they do?
The researchers launched many, many successful attacks.
They managed to change the patient’s name and they were able to change therapies, including disabling the device — and this is with a real, commercial, off-the-shelf device — simply by performing reverse engineering and sending wireless signals to it.
We certainly need a much better understanding of the vulnerability of these medical devices.
Today’s cars and we are not even talking about the self-driving ones have a lot of components, a lot of electronics in it today. In fact, it’s got many, many different computers inside of it, as well as a connected wired network. There is also the FM and XM radio as well as Bluetooth.
In the video, you can check what the hacking team managed to do. They identified two areas of attack. One is short-range wireless, where you can actually communicate with the device from nearby, either through Bluetooth or wi-fi, and the other is long-range, where you can communicate with the car through the cellular network, or through one of the radio stations.
What the hacking team managed to do:
They were able to take over a bunch of critical computers inside the car: the brakes computer, the lighting computer, the engine, the dash, the radio, etc., and they were able to perform these on real commercial cars that they purchased using the radio network.
They were able to compromise every single one of the pieces of software that controlled every single one of the wireless capabilities of the car. All of these were implemented successfully.
The rest of the video looks at vulnerabilities of our smartphones amongst other things.
Be sure to watch the whole talk here: