A future full of loopholes
Even the USB devices can be hacked to compromise computer security. Photo from aqniu.com
People will one day connect with almost everything in their lives – the TV, the fridge, a mirror – all through the Internet.
This is known as the “Internet of things”, where the real and virtual worlds merge.
But IT security professionals fear Internet security issues will spread to every aspect of life.
Tan Xiaosheng, vice president and chief privacy officer of Qihoo 360 Technology, says this will be an age of loopholes.
At the recent 2014 Black Hat Conference in Las Vegas, Tan saw a demonstration where a team has hacked 22 devices in 45 minutes. We want an unhackable smart system, Tan says, but the flaws created in computer systems make every smart system a potential target.
“In future it is not about one device being hacked, it is about 10 being hacked. Not only your smart phone, but also your smartband, smartglasses and other wearable and domestic devices are vulnerable,” Tan told Xinhua.
He cites the example of smart TV, which is popular in China and has a camera. “Once a smart TV is hacked, the hackers will know whether TV users turn it on and off, what programs they choose to watch, or even see if anyone is home or not, with potentially dire consequences,” he explains.
At 2014 Black Hat Conference in Las Vegas, security experts show a 200 USD Dropcom camera can be hacked to download its video clips. Photo from aqniu.com
Another possible target is the set top box with audio control system. If hacked, the microphone can be turned on, he adds.
With the rise of the Internet of vehicles, some cars have software for remote control, navigation and fault fixing. But Tan says that if any part, from vehicle control system to network communication link, or from remote server application interface to cloud background system, has security loopholes, the whole Internet of vehicles will be compromised, posing safety risks to drivers and passengers.
And that is just the tip of the iceberg.
A car is equipped with smart control system. Photo from internet
In future, the Internet of things will create hazards in the microwave, fridge and water heater. “Every hacked device could become a spy or a killer,” Tan says. “Just imagine when you take shower that a hacker has breached your water heater to set the temperature at 90 degrees centigrade.”
In China, the Internet of things business is just beginning. Most business players concentrate on applications and device development, seldom on security issues.
“After those devices and systems go to the market, the cost of loophole fixing and upgrading will be enormous.” Tan says.
At the 2014 Black Hat Conference, smart devices such as a smart car panel and Nest Learning Thermostat were all hacked.
During the conference, Trusted Computing Group former president Jesus Molina showed how to control a hotel’s lighting system by hacking into its security protocols.
The security adviser once stayed at the St Regis Shenzhen, a five-star hotel where every room had an iPad for guests to control the room light. With time to kill, Molina found the iPad’s link to the lighting system through the hotel Internet service had no security configuration.
By editing the IP address, he controlled another room’s lights, and it would have been easy for him to control the lights in 200 rooms.
Molina changed rooms four times, and was tempted to hack the hotel’s lock system, but deemed it too risky. He contacted St Regis group who closed the loophole.
Last year millions of routers were hacked in China and tens of millions had security problems, says Tan.
“We sell security products, but what we really want is the safety of all devices,” Tan says. “The ultimate way to solve it is the entire business sector paying great attention to security issues, especially those smart device producers.”