Honk if You’re Hackable

https://i1.wp.com/yoursecurityadvisor.co.uk/wp-content/uploads/2013/03/camaro_hacker2.jpgComing out of Black Hat, vehicle and car hacks grabbed a lot of the attention. Some of the techniques used by the car hackers that were unveiled were detailed in a recent Forbes article.

The reporter went for a drive with the hackers – during which they demonstrated how they could hack into a car and control several functions, including blasting the horn to serious hazards like slamming on the Prius’ brakes at high speeds.

While the car manufacturer stated that the hack was relatively meaningless because the hackers had to assume physical presence in the car, Forbes highlighted that gaining wireless access to a car is old news. Researchers have shown that using backdoors through connected device like OnStar, Bluetooth bugs, rogue apps synched to he car, or even malicious audio files, can lead to a breach of the entire system, including the systems used by the hackers to assume control of the car and “violently jerk the steering at any speed.”

There are many similarities in what’s happening with cars to what happens to businesses every day. One of the big takeaways is that whether it’s a physical insider, or a malicious attacker on the outside, the threat is getting past perimeter defense. Businesses need to act accordingly and assume the threats are already inside.

To broaden the example, take the critical infrastructure industry and continued hacks to SCADA and ICS systems. At Black Hat, several experts demonstrated “Catastrophic Attacks” through SCADA systems. These attacks were caused by attackers bypassing perimeter security through simple means, and targeting privileged and administrative accounts that are hardcoded into these SCADA systems, or are secured through simple default passwords. Hackers can find these systems and passwords online. Once they gain access to these accounts – they control the system. Once they have control, they can do things such as overflow oil tanks, cause pipes to burst, and worse.

Of course, people inside critical infrastructure companies can cause just as much damage taking the same privileged pathway – just checkout what happened at Saudi Aramco or Stuxnet.

The bottom line is that it no longer matters where the attack originates – insiders and outside attackers take the same privileged pathway to gain access and control of a company’s network.

And as the car hacks show – everything that has a microprocessor is vulnerable. Whether it’s a car, or a control system for an oil rig, we need to do a better job of locking down the pathway hackers are taking to breach our systems.

via Cyber-Ark | Security That Empowers People.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of the author. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided "as-is". The author shall not be liable for any damages whatsoever arising out of the content or use of this blog.
%d bloggers like this: