Avatar photo

August 4, 2015

Download

Lithium-Ion batteries. A guide to the fire risk that isn’t going away but can be managed

Smart Rifles, Airplanes and 8 Other Things Hackers Could Hack into (or Already Have)

From cars to sniper rifles to medical devices the rapid growth of internet-connected devices has exposed the public cyber threats on multiple fronts.

Here are 10 surprising vulnerabilities that hackers are now able to exploit, cutting across many products and industries.

[mk_blockquote style=”quote-style” font_family=”none” text_size=”12″ align=”left”]How safe is your business? Take IFSEC Global’s  interactive Cyber Security Assessment to benchmark your business and get a free report.[/mk_blockquote]

Smart rifles

Smart Rifle Hacker

Hackers can disable or change the target of smart rifles

Rifles with in-built computers can help the user to be a better marksman – but they also make the weapon vulnerable to a cyber attack.

Once the rifle has been infected a hacker can then use software to manipulate a scope’s calculations, disable the scope completely or just prevent the gun from firing entirely.

“You can make it lie constantly to the user so they’ll always miss their shot,” said Sandvik, one of the researchers demonstrating this vulnerability at the Black Hat conference in Las Vegas this week.

37 million adulterers’ details stolen

Ashley Madison Hack

Ashley Madison: The ‘trusted security award’ now looks fairly ironic

Last month Ashley Madison, the social network for extra-marital affairs, was hacked and the personal details (email, credit card and physical addresses) of 37 million users stolen. Whether these details will be used for blackmail or other purposes remains to be seen.

The screenshot of the site above highlights how websites may carry all the necessary security certification certificates, but these often prove an inadequate defence against a committed hacker.

1.4 million Fiat Chryslers recalled


Hackers have shown this week that they can take control of a moving Jeep Cherokee. This vulnerability affects not just the Jeep Cherokee, but the rest of the 14 Fiat Chrysler cars, prompting the manufacturer to launch a safety recall of 1.4 million recent car models that could be remotely exploited and controlled by hackers. Read more here.

90% of cargo ships vulnerable to attack

With ships increasingly computerised with integrated control systems cyber-security watchdog CyberKeel recently indicated that 90% of the top 20 container lines would be vulnerable to cyber-attack, encompassing both land or ship-based.

The risk to the maritime industry is significant. For example: a ship could be run aground or diverted to a location that favours pirates, or systems that control the ship’s engine could be shut down, leaving passengers and crew stranded.

CCTV and access control hacks

https://www.youtube.com/watch?v=Q3Hs1XIgJv8

Physical security and access control systems increasingly run on IP networks maintained by IT departments.
By being part of the network, it is now possible for hackers to remotely penetrate a building’s security systems, disable them, or to feed false information.
As James Willison explained in a recent article for IFSEC Global, “Cyber is on the door of Physical Security and many of us are just not prepared” – urging physical security managers to work closely with colleagues in IT to test the resilience of their network to cyber attacks.

Smart buildings

Smart homes and smart buildings put businesses at great risk when it comes to cyber attacks.

By getting inside your building management system an intruder can control your lighting, air con and heating which could cause huge destruction. Hackers could destroy data control centres simply by turning up your heating.

And it’s not only the buildings themselves that can be the target, but also the intellectual property of the organisation inside the building itself. Criminals will use building management systems as a stepping stone to get into IT networks and access personal data, which can be sold at a high price.

Hacking a Plane’s steering

The aviation industry has become heavily reliant on information and communications technology (ICT) systems to manage data and communications, leaving airports and airplanes vulnerable to hacking.

Last year a hacker named Teso claimed his android app called PlaneSploit which made it possible to take over a plane’s steering system.

Whether these vulnerabilities are exploited or not, any suspected breach has potential of causing airports and airlines huge reputational damage.

Medical devices vulnerable

FDA says not to use Hospira infusion pump

FDA says not to use Hospira infusion pump

The value of personal health information is ten times that of financial data such as credit card numbers, with personal information used for identity fraud to financial exploitation. Yet the healthcare sector is ill-prepared for the cyber attacks with hospitals, clinics and medical devices themselves vulnerable to attack

Last week hospitals worldwide were advised by the U.S. Food and Drug Administration (FDA) not to use Hospira’s Symbiq blood infusion system after a security vulnerability was discovered that could allow unauthorized users “to control the device and change the dosage the pump delivers, which could lead to over- or under-infusion of critical patient therapies.”

The is the first time the FDA has advised healthcare providers to discontinue use of a medical device because of a cyber security vulnerability.

Banking under attack

The billions of pounds in online transactions banks process is an attractive target to hackers.  Only last week, NatWest bank suffered last week from a series of deliberate attacks, known as a distributed denial of service (DDoS), which caused traffic to surge to the site and many customers being unable to use the system.

While the bank has said there was no risk to customers DDos attacks against financial institutions are becoming more frequent with more than 100 banks and brokerages have been targeted by such attacks in the United States since April, according to the FBI.

According to a BBC report some banks have paid large sums of money to have the attacks stopped.

How safe is your business?

Benchmark how vulnerable your business is by taking IFSEC Global’s Cyber Security Assessment.
This free interactive tool is based on the Cybersecurity Framework developed by the NIST (National Institute of Standards and Technology), assessing your performance in five critical areas of cyber security: identify, protect, detect, respond and recover.

Take the Cyber Security Assessment

Take the Cyber Security Assessment

Take the Cyber Security Assessment here

Listen to the IFSEC Insider podcast!

Each month, the IFSEC Insider (formerly IFSEC Global) Security in Focus podcast brings you conversations with leading figures in the physical security industry. Covering everything from risk management principles and building a security culture, to the key trends ahead in tech and initiatives on diversity and inclusivity, the podcast keeps security professionals up to date with the latest hot topics in the sector.

Available online, and on Spotify, Apple Podcasts and Google Podcasts, tune in for an easy way to remain up to date on the issues affecting your role.

IFSECInsiderPodcastLogo

Related Topics

Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments