Skip to content

News & opinion

1 OCT 2018

The Achilles' heel of big data

In 2015, Wired ran a terrifying publicity stunt. The magazine employed two hackers to take control of a Jeep Cherokee as it drove down the road. The driver lost control of the wipers, lights, brakes and accelerator. If desired, the hackers could have swerved the driver into oncoming traffic at 100mph.

The hackers gained access via the car’s internet connection. Fiat Chrysler recalled 1.4 million Jeeps after the stunt to fix the bug. The story illustrates the terrible security issues linked to internet-connected devices.

A year earlier, the Internet of Things Security: State of the Union survey carried out by HP revealed that 70% of IoT devices are insecure. In the meantime, the anti-virus developer Kaspersky Lab has demonstrated how to take control of a home WiFi network via a connected coffee machine. There have been hacks to make lights flash and kettles boil non-stop.

Ken Munro, founder of internet security consultant Pen Test Partners, is well known in the IoT industry for hacking pretty much everything – including a Hello Barbie doll to make her swear like a docker.

“Smart buildings [often] demonstrate a very poor grasp of security,” says Munro. “We’ve seen CCTV cameras that can be persuaded to send live images to an attacker’s server, air-conditioning units that can be taken over and used to hop on to the local WiFi network, and smart thermostats that can be remotely hijacked to escalate consumption or overload the power supply.”

The creepiest hack? Webcams can be attacked to spy on users, a practice known as “ratting”, after the Windows Remote Access Tool. The images of “slaves” are then shared on the internet. Facebook founder Mark Zuckerberg sticks tape over his laptop webcam for this reason. Building managers deploying smart sensors might want to reflect that even a billionaire tech whiz cannot be sure his network is secure.