Cybersecurity

Your refrigerator is safe from cyberattack ... for now

cars

As more and more cars become network-connected, they will also become vulnerable to hackers who could take enough control to do everything but steer. (Stock image)

Think about this next time you're commuting to work or putting those left-overs away in the refrigerator: In the very near future, Internet-connected vehicles and kitchen appliances could become targets for malicious cyber-terrorists.

The Center for Automotive Embedded Systems Security (CAESS) has already shown it's possible for a remote user to take near-complete control of a vehicle through vulnerabilities in its telemetric systems, via a device connected to its onboard diagnostic systems, or even through malware embedded in MP3s.

It's scary stuff, according to Randy Garrett, a program manager for the Information Innovation Office at the Defense Advanced Research Projects Agency (DARPA), and more evidence that cyber-security challenges in the future will dwarf those of the past.

"Up until five to 10 years ago, there was no danger of someone remotely taking over your car – now somebody can take it over" and do everything but steer it, said Garrett, speaking at the Federal Cloud Computing Summit in Washington, D.C., on May 30. In separate CAESS studies, remote attackers proved they could gain access to a vehicle's integral systems, including its brakes.

The danger doesn't end in the driveway. Microwave ovens, dishwashers and other kitchen appliances are increasingly connected to the Internet. A hacker could feasibly remotely adjust a microwave's heat settings, Garrett said, though he is unsure what these new threats – some clearly greater than others – will mean going forward.

He referenced the growing importance of the "Internet of Things," a concept coined in the late 1990s that describes a world in which physical objects have virtual identities and the ability to rapidly capture and disseminate data without human interaction.

The heart of the Internet of Things is exponentially increased data production by machines, sensors, computer systems and people. DARPA, for example, studies data from sensors on aircraft. In the near future, Garrett said, that data will be meshed together with other datasets – perhaps social media or geospatial data – to produce high-value insights. It is already clear that such data sets would have significant importance in national security.

The tradeoff to these increased capabilities, though, is a new set of dangers – many of which have not yet been conceptualized, at least not publicly.

"There are many things we can do with this increased data," Garrett said. "From DARPA's standpoint, there are dangers we never had before. It makes you wonder what kind of world we'll have."

About the Author

Frank Konkel is a former staff writer for FCW.

Featured

  • Defense
    Soldiers from the Old Guard test the second iteration of the Integrated Visual Augmentation System (IVAS) capability set during an exercise at Fort Belvoir, VA in Fall 2019. Photo by Courtney Bacon

    IVAS and the future of defense acquisition

    The Army’s Integrated Visual Augmentation System has been in the works for years, but the potentially multibillion deal could mark a paradigm shift in how the Defense Department buys and leverages technology.

  • Cybersecurity
    Deputy Secretary of Homeland Security Alejandro Mayorkas  (U.S. Coast Guard photo by Petty Officer 3rd Class Lora Ratliff)

    Mayorkas announces cyber 'sprints' on ransomware, ICS, workforce

    The Homeland Security secretary announced a series of focused efforts to address issues around ransomware, critical infrastructure and the agency's workforce that will all be launched in the coming weeks.

Stay Connected