Cybercrime 2016: Paper-boy refrigerator revenge
- — 20 October, 2011 12:32
Crime is about opportunity and motive. In the security world of 2016, a multitude of connected, embedded devices with standardised interfaces will provide an opportunity for anyone with a motive — no matter how petty.
"The tools have gotten easy, so your motivations for crime will mirror your motivations for traditional crime," said Michael Fey, McAfee's worldwide senior vice president of advanced technologies and field engineering.
"Yeah, you'll see financial, you'll see espionage, you'll see cyberwar, you'll see all that stuff. But you'll [also] see revenge, you'll see boredom."
"You could be talking about your paper boy you didn't give a tip to," he told CSO Online. "My neighbour's have their Wi-Fi wide open. If they don't keep their grass the right way, do I retaliate with them and shut down their refrigerator? Right, is there a command I can send there?"
The key trends that could make this scenario possible are cheap wireless connectivity, the adoption of standard internet protocols for communication, and a decreasing number of embedded systems vendors.
"Many devices are using wireless connections to reduce the cost of the device, so you don't have all these wires to run around, all these things to connect. When they establish that connection approach, there's an access point. And what might that be used for? It really depends on your goal in life," Fey said.
"It was a lot harder where every device you had to look at had some bizarre connection approach, had some specific cord, and all this other stuff. For your average hacker to go in and spend the time to do that, there had to be a really big golden ticket at the end," he said.
Now, though, the embedded market is starting to be won by just a few companies. Once a vulnerability is found in one system, hackers can start looking at others from the same vendor and, as Fey puts it, "get as creative as you want".
"Gasoline pump? Maybe you could steal credit cards, maybe you could get cheap gas," he said. "The refrigerator gets a lot more interesting when it's ordering groceries and there's a payment being made there, and I can steal your payment information from that."
Multifunction printers are another good example. Most people don't think of them as a computer, let alone as a potential data exfiltration point. Yet the printer may see as much data as anything else on the network — and it comes with Wi-Fi and Bluetooth.
"A refrigerator is such a bizarre example," Fey said. "I think your alarm system would be more fun, don't you? If everybody with a big alarm company got hacked into and all of a sudden everybody's sirens were going off? That'd be a lot more fun."
"I'm always waiting for the attack where somebody targets an organisation just to mess with their stock price," he said.
LulzSec says they didn't do anything with the information they allegedly stole from Sony. And they didn't have to. The point was made. Sony suffered a massive loss of face — and a massive bill to fix the problems and compensate the victims.
"I don't have to hack you, probably, to get to your car. I hack the big cloud of cars," Fey said. "So if I want, I can drop GM's share price pretty dramatically when every GM car gets recalled because its airbags just fired off."
Stilgherrian is attending McAfee's Focus 11 security conference in Las Vegas as their guest.
Contact Stilgherrian at Stil@stilgherrian.com or follow him on Twitter at @stilgherrian
Get exclusive access to CSO, invitation only events, reports & analysis. 
Comments
Post new comment