Cybersecurity

Your refrigerator is safe from cyberattack ... for now

cars

As more and more cars become network-connected, they will also become vulnerable to hackers who could take enough control to do everything but steer. (Stock image)

Think about this next time you're commuting to work or putting those left-overs away in the refrigerator: In the very near future, Internet-connected vehicles and kitchen appliances could become targets for malicious cyber-terrorists.

The Center for Automotive Embedded Systems Security (CAESS) has already shown it's possible for a remote user to take near-complete control of a vehicle through vulnerabilities in its telemetric systems, via a device connected to its onboard diagnostic systems, or even through malware embedded in MP3s.

It's scary stuff, according to Randy Garrett, a program manager for the Information Innovation Office at the Defense Advanced Research Projects Agency (DARPA), and more evidence that cyber-security challenges in the future will dwarf those of the past.

"Up until five to 10 years ago, there was no danger of someone remotely taking over your car – now somebody can take it over" and do everything but steer it, said Garrett, speaking at the Federal Cloud Computing Summit in Washington, D.C., on May 30. In separate CAESS studies, remote attackers proved they could gain access to a vehicle's integral systems, including its brakes.

The danger doesn't end in the driveway. Microwave ovens, dishwashers and other kitchen appliances are increasingly connected to the Internet. A hacker could feasibly remotely adjust a microwave's heat settings, Garrett said, though he is unsure what these new threats – some clearly greater than others – will mean going forward.

He referenced the growing importance of the "Internet of Things," a concept coined in the late 1990s that describes a world in which physical objects have virtual identities and the ability to rapidly capture and disseminate data without human interaction.

The heart of the Internet of Things is exponentially increased data production by machines, sensors, computer systems and people. DARPA, for example, studies data from sensors on aircraft. In the near future, Garrett said, that data will be meshed together with other datasets – perhaps social media or geospatial data – to produce high-value insights. It is already clear that such data sets would have significant importance in national security.

The tradeoff to these increased capabilities, though, is a new set of dangers – many of which have not yet been conceptualized, at least not publicly.

"There are many things we can do with this increased data," Garrett said. "From DARPA's standpoint, there are dangers we never had before. It makes you wonder what kind of world we'll have."

About the Author

Frank Konkel is a former staff writer for FCW.

Reader comments

Wed, Jun 5, 2013

Can someone explain to me the value of having my appliances connected to the internet?

Wed, Jun 5, 2013 John Schrader DC Metro Area

The potential for harm in the "internet of things" is real. However, it is a choice. Unlike the rules and laws of physics which govern air, land, sea and space, the cyber arena is defined by rules we CHOOSE to implement. So we are hung by our own petard if we complain that the gains from interconnecting things is balanced by the vulnerability we introduce to our systems. There are real and tangible effects that can be perpertrated through cyber means far beyond the investment needed to make them. So what are we choosing to connect and why? The headlong rush to connect everything seems devoid of the questioning and deliberateness of the most important work...WHY.

Wed, Jun 5, 2013 EricE

I look forward to explaining to my family how to set up a second, secure network for all their appliances :p Or Symantec Antivirus for Kitchens. Lovely.

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above