our cars are perfectly safe,” read a description a scheduled briefing by the researchers.
“In this talk, we will show the reality of car hacking by demonstrating exactly how a remote attack works against an unaltered, factory vehicle.”
Intel security vice president Raj Samani told AFP of an earlier demonstration of using hacks to take control of accelerators of cars, one of which was crashed into a wall.
“Cyber threats have been real threats for a while,” Samani told AFP.
“Stuxnet should have been the wake-up.”
Iran was hit in 2010 by several computer attacks including the Stuxnet virus — widely believed to be developed by the US government — targeting Tehran’s nuclear programme.
Most Stuxnet infections were discovered in Iran, giving rise to speculation it was intended to sabotage nuclear facilities there to derail efforts to make a nuclear bomb.
“The idea of bridging the gap between the cyber world and the physical world has been around for a while,” Kruegel said, referring to long-standing fears of possible cyber attacks on power grids, water plants, and other infrastructure targets.
“Now, these proof-of-concepts show that it is a real threat. All these devices are out there and reachable, and security is terrible.”
Stuxnet-type attacks were seen as the work of sophisticated, state-sponsored actors with ample resources and time. The explosion of connected devices in the booming Internet of Things has created easy targets for independent hackers motivated by greed or malice, according to security researchers.
“It’s hard to find a way into Windows 10, but now you have these devices that are not hard to get into,” Kruegel said, referring to latest generation Microsoft computer operating system.
“It is low-hanging fruit, in a way.”
Hacking smart watches, door locks, fitness bands, power meters, or other devices woven into the Internet of Things also carries the risk of villains tapping into rich troves of data gathered by sensors monitoring many aspects of people’s lives.
Samani told of shopping for a kettle recently only to find he could buy one with Wi-Fi connectivity.
Data from a home smart meter could reveal what types of devices are being powered inside as well as “when you have a cup of tea, make toast, or in most cases what TV show you are watching,” he said.
Protecting gadgets in the Internet of Things is possible, but increases costs of smart gadgets while manufacturers prefer to keep prices low.
“Given the insecurity we see regularly, it’s evident that for most makers that it isn’t a priority,” IOActive chief technology officer Cesar Cerrudo told AFP.
Samani joked that as the only computer security person presenting at a recent sensor conference in Germany, he was the “most unpopular guy” there.
“We haven’t seen planes drop out of the sky or cars run off the road, that we know of, but these are the issues we face,” he said. “Real world hacks are coming.”
Lack of a profit motive for hackers with the right skills to commandeer control of planes, cars, or rifles was considered a prime factor for the lack of trouble so far.
“The guys who can do it don’t have an interest now,” Kruegel said.
“But, when you get the bored kid or the person who likes to create havoc you will have a problem.”