We’re moving towards a Glorious Future indeed where the Internet of Things, burbling full of useful data and talking to itself, guides and informs our decisions. And what a grand time it will be, when traffic lights automatically adjust to traffic flow, insuring tranquil driving conditions and fewer traffic jams.
Except of course, if someone hacks into the system, falsifies data, changes what traffic lights do, and otherwise monkeywrenchs the system. And that’s just for traffic. What happens if the electrical and water grids can be fiddled with?
The problem is, most IoT gadgets are woefully unprotected from hackers. Security is mostly nonexistent or an afterthought. Kaspersky Labs has found multiple vulnerabilities in traffic sensors.
Using specialist software and technical documentation, the researcher was able to observe all data gathered by the device. He was able to modify the way the device gathers new data: for example, changing the type of vehicle recorded from a car to a truck or changing the average traffic speed. As a result, all newly gathered data was misleading garbage.
Unspoken here is, if you can hack into, say, a traffic light, you can probably change its operation, like turning one light red for fifteen minutes, that kind of thing.
IBM says your “data center on wheels” AKA your car needs seriously harden protection against hacking too. This goes double for autonomous vehicles.
At this point the main threats come from white-hat researchers looking to test the security boundaries and looking for fame, as well as criminals who have harnessed technology to enable car theft by cloning entry systems or (potentially) hacking mobile phone apps to similar nefarious ends. These threats are likely to expand over time.
Security needs to be baked into the all these systems. So far, it’s not. And that’s dangerous.