Pervasive technologies and its implication on security

All of us are, to some extent, slaves to technology. Judicious use of technology is mandated. Human kind has, so far, been naïve in adopting technology with the presumption that it will always be used in the right spirit, but we have seen it being used in the wrong context over and over again. This article is about the implications of malicious use of pervasive technology.

Invasion of technology

Almost every aspect of our life is driven by technology. Consider a TV, for example. Most new TVs are IP enabled. You can undertake various activities based on the extent of IP integration with technology—with gadgets like Apple TV, you can live stream YouTube videos, access social media, and so on. There are even refrigerators with Internet access that facilitate videos and listening to audio. Technology invasion into the mobile phone, tablet and phablet world is ubiquitous. There have been reported cases of suicide due to the loss of a mobile phone. Our addiction to technology is high. Even central heating and cooling systems have programmable components in them.

It is difficult to categorise this invasion of technology into good or bad since technology has made many unthinkable ideas thinkable. There has been a profound effect from technology infiltrating our lifestyle, however, technologies are typically invented without  thought of the hackers looking to take advantage of them. Let us consider some implications.

Implication of technology on security

Playing devil’s advocate, the implications outlined here might not happened commonly yet, but they can easily happen.

  • Road Signals – Did you know that traffic signals and traffic signboards have programmable parts? It is also worth noting that most of the passwords to access programmable parts are relatively simple. We won’t discuss the process of hacking them here, but just imagine the chaos that can result if traffic signals suddenly malfunctioned or were controlled by hacking, and then returned to normal. It could certainly cause accidents. The signboards that are installed to redirect traffic can also be used to misguide traffic if hacked.

    If VIP traffic can be hampered by any of these types of attack, it could be catastrophic

  • TV – Consider a scenario where your TV channel designated as ABC24 is hacked to actually show FashionTV. If TV channels were hidden at a time when a natural calamity hits or terrorist attack happens, the viewer can be shielded from important safety information.

  • Electronic Equipment or Device Recycling – There is a lot of sensitive information residing on electronic devices like desktops, laptops and mobiles. The pace of change of technology makes it almost impossible to continue using a device after a couple of years. Soon, if not already, households will have a box of old of electronic devices with sensitive data, waiting to be recycled. You can simply delete the sensitive information on the device before recycling it to make it safe right? Wrong. A lot of sensitive data remains on these devices, the location of which is unknown to the user. The private keys for digital certificates are one example. Encrypted passwords are another. Even if you knew the location of all the sensitive information on your device and deleted it, you are still not safe. After a piece of data is deleted, it can be undeleted due to the properties of the silicon that stores it. You would need to run a secure delete function to ensure all data cannot be recovered, but even the most powerful secure delete algorithms are only partially successful at wiping data from the silicon.

  • Mobile Phone – The iPhone has been recently attacked successfully by a virus called WireLurker. Soon you may have viruses that change the phone number associated with the name, so while you might think you are calling a friend to discuss a secret, you might actually divulge this to someone else. Considering how heavily dependent we are on mobile phones, the potential for disastrous scenarios is great, to say the least.

  • Wearable gadgets – There are host of wearable gadgets already on the market. Your fitness gadget would normally monitor your heart rate, perhaps to prevent over-exercising or exceeding your maximum recommended heart rate. The consequence of an attack on this device, so that it displays an incorrect low heart rate may be disastrous. Consider the possible effects of hacking Google Glass as well.

  • Pacemakers – Pacemakers installed in the body of heart patients are also a vulnerable gadget. If the flow of electricity to the pacemaker is interfered with, it could be fatal. Similar kinds of attacks are possible on insulin pumps. Any technology used for medical purposes could be vulnerable
  • Stuxnet – Stuxnet, though well known, is the first known attack on the automation of electromechanical processes. This could be used to attack nuclear plants or other plants with disastrous effects. Following similar thinking, we may soon see attacks on Field Programmable Gate Arrays (FPGA) that are becoming the heart of most mathematically intensive computations within data centres.
  • Virtualised infrastructure – The heart of virtualised infrastructures like hypervisors have also been successfully attacked. Changes to a hypervisor can have a simultaneous effect on all virtual machines that reside on it so it can therefore affect multiple organisations that share the same hypervisor. Data centres can also be physically attacked.

There are many more exotic implications of technology use in today’s world. This list is by no means an exhaustive list.

Possible Trade-offs

It is beyond doubt that almost every aspect of our life can be compromised by a persistent and intelligent hacker. But what does that mean? Should we go back to the stone ages? Not really. If the vendors of technologies provide a method for doing sanity tests at regular intervals in addition to the preventive measures, then many problems will be detected before they cause harm, even if prevention is not possible. What does that mean? In the future, sanity testing and the ways to do sanity testing will gain importance far more than they have now.

Technology development in the future must be done in concert with appropriate security measures so that the technology’s pervasiveness does not cause harm. The security measures developed must be multi-fold so that failure on one front does not lead to compromise. Technology is so ingrained in our lives that it would be foolish for us to not have a multi-faceted approach to safety.

This article is brought to you by Enex TestLab, content directors for CSO Australia.

Join the CSO newsletter!

Error: Please check your email address.

Tags • Mobile PhonePervasive technologiessecurityApple TVIP enabledABC24 is hackedWireLurkerYouTube videosCSO AustraliaEnex TestLab

More about AppleCSOEnex TestLabGooglemobilesPossibleTechnology

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Shantanu Bhattacharya

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts