By Carl Weiss
It is said that the only sure things in life are death and taxes. While this pearl of wisdom has stood the test of time, in the not too distant future there could be an addition to that list: Cyberattack. That's because cyberattacks on businesses and individuals are up nearly 50% in the past year alone. Where cybercriminals used to almost exclusively target big businesses with deep pockets, now that ransomware has become so prolific, small businesses and even individuals are finding their online assets and machines being hijacked. And why not, since most individuals and small businesses offer little in the way of resistance.
Enter the Cyber Sharks
|
Image courtesy of worth1000.com |
Who can forget the opening music to the movie Jaws. In it’s day, the novel and subsequent blockbuster motion picture was enough to keep people on the beaches and out of the surf. But as paranoid as many moms became about letting their kids frolic in the waves back in 1975, forty years later we should all be hearing the strains of da-da-dum-dum every time we surf the web. That’s because while Jaws was a work of fiction, the arrival of schools of Cyber Sharks is all too real.
Just like the real deal, there is no 100% reliable cyber shark repellent that can keep someone from putting the byte on your computer, tablet and/or smartphone. Even worse is the fact that while individuals are woefully unprepared to be hacked, what’s even worse is the fact that many of the devices connected to the Internet of Everything have absolutely no protection whatsoever.
Literally everything from appliances to medical devices to automobiles are rapidly becoming web-enabled. While this provides the public with even more interactivity, it also provides hackers with more ways to get to consumers and business owners. Just as most people make the mistake of thinking their smartphone is a phone instead of a computer that you can talk on, nearly everyone doesn’t realize that the average automobile being built today have 100 lines of code onboard. Many are now Wi-Fi enabled as well. You don’t have a car with q computer onboard. You have a computer that drives. Soon, these computer cars will do most of if not all of the driving. So if a hacker can take control of your car, what does that mean for the passengers and driver? (On a recent 60-Minutes telecast, hackers gained access to the car in which Leslie Stahl was driving, turning on the lights and windshield wipers. So this is not a hypothetical possibility.)
Who’s Watching Who?
|
Courtesy of Samsung.com |
Smart Houses and appliances are also becoming more and more commonplace. They’re also becoming easy pickings for hackers. If a hacker can crack your home’s security system, this makes breaking and entering child’s play. Don’t even get me started on what a hacker can do to your web-enabled Nanny Cam. The same smart TV that you just installed in your living room can be hacked with ease, since most contain little or no security.
What’s really scary is the fact that last year alone more than 10,000 smart appliances were hacked, according to leading US security firm Proofpoint. Once inside your smart TV or refrigerator, hackers can then gain access to other web-enabled devices. Believe it or not, your refrigerator can spam your smartphone, laptop or tablet once infected. Even if your device does come with some semblance of security, unless the protection is updated on a regular basis, it’s only a matter of time before a hacker will prevail.
How Do I Hack Thee? Let Me Count the Ways.
So many smart devices…So little time. Everything from wearables to medical devices are becoming vulnerable to hacking. Symantec reported on March 12 that: “All of the devices failed to check whether they were communicating with an authorized server, leaving them open to man-in-the-middle attacks. One out of five devices did not encrypt communications and many did not lock out attackers after a certain number of password attempts, further weakening their security. All of the potential weaknesses that could afflict Internet of things systems, such as authentication and traffic encryption, are already well known to the security industry, but despite this, known mitigation techniques are often neglected on these devices”
|
Image by culturedigitally.org |
While Symantec’s report was referring to smart appliances, in October of 2014, the US government told the FDA to start taking medical device security seriously while citing the same problems that smart appliances were facing. The next time you go to the hospital for a dialysis treatment or to get your pacemaker checked out, you might like to ask your physician about the inherent hacking vulnerabilities of these systems.
The number of ways that hackers can get into your devices is staggering. Below are some of the most popular tools of the hacker’s trade:
1. Sniffers are programs or device that monitors all data passing through a computer network. It sniffs the data and determines where the data is going, where it's coming from, and what it is. In addition to these basic functions, sniffers might have extra features that enable them to filter certain types of data, capture passwords, and more.
2. The Hex Dump (aka Voodoo) - When an electronic device is manufactured, it is programmed with firmware. Hacking firmware is simply a matter of buying a programmer that can receive the memory dump and transmit it to a computer where the code can be altered. Then transmit the modified code back to the device.
3. Attacking Defaults – Virtually every piece of hardware on the market comes with a set of standard defaults, including username and password that provide access to the system. Since most people do not change these default settings, this is the easiest way to exploit a system.
4. SQL Injection – While it sounds like a medical procedure, what an SQL Injection attack are conducted by entering unexpected entries into a database and then probing the returned error messages to reveal information that can be used to hack the system. For instance, by entering metacharacters like #$%^ into a field that processes only alphanumeric information, the database could be tricked into revealing the contents of the database, or in some other way compromise an SQL server.
5. DDoS Attacks - Directed Denial of Service Attacks occur when hackers flood a targeted website with so much bogus traffic that it brings the victim's server to a halt. This is usually followed by a demand for payment in order to restore service.
6. Data Extortion - Most people aren't aware that their data can be hijacked and held for ransom. This can take a number of different forms, including threatening to release sensitive information stolen from a machine, to locking a legitimate user out of their own website or machine by changing the password. Just as with DDos attacks, all too many extorted users don't realize they've been hacked until a ransom note appears demanding payment. Even worse than DDos attacks, non-payment in this case can result in your website or data being erased. (Lately, online extortion has also extended to threats of having one's reputation smeared online unless payment is rendered.)
7. Ratting - Remote Administration Tools are an increasingly popular and insidious means of hacking everything from laptops to tablets and smartphones. Once successfully deployed, a ratted machine is literally under the control of the hacker. Ratted machines can not only be rifled for information, but their webcams and built-in microphones can be surreptitiously turned on, allowing the rat to become the equivalent of a cyber peeping Tom. (There have been a number of high profile celebrities who have been ratted, resulting in compromising photos and videos making the rounds online.
|
Courtesy itunes.apple.com |
While all of the abovementioned tactics require a bit of technical knowhow, there are many other hacking programs and devices that can be bought online. There are also online forums, hacking blogs and clubs that teach hackers the tools of the trade. There are also annual hacker conventions and hackathons such as the one held yearly in Las Vegas. If you don’t believe me, simply google, Hacking devices available online.”
The real danger is that the Cyber Sharks have the upper hand since detection, much less prosecution is hit and miss at best. Meanwhile hacking continues to proliferate nearly unchecked. CNN recently reported that in 2014 hackers exposed the personal information of 110 million Americans, roughly half of the nation’s adults.
So the next time you turn on your Smart TV or start your web-enabled car, don’t be surprised if the sound you hear emanating from your surround speakers is something like, “Da-da, dum-dum.”