With technology becoming integral to our daily lives, more and more tech is getting vulnerable to hackers. It’s a problem that seems to be getting worse and anything with a microchip is at risk, some things you wouldn’t even think about.
Any electronic device in your body
Your heart belongs to you . . . unless you have a pacemaker. Then it can be hacked. In fact, any medical device in your body that is connected to the Internet is vulnerable. It’s not a matter of speculation, either, because it’s already happened.
At the 2011 Black Hat Technical Security Conference, security expert Jerome Radcliffe hacked his own insulin pump to demonstrate the device’s vulnerability. He remotely disrupted the wireless signals sent to his pump, swapped the data being captured about his condition with fake data, and sent it back. Radcliffe obviously didn’t tamper with his device enough to put his health at risk, but changing the dose of insulin could have easily put him in a coma or even killed him.
A top-of-the-line Japanese toilet has been found to be extremely vulnerable to even the most basic attempt at hacking. Advertised in the US as defining “toilet innovation,” Satis toilets use a smartphone app called “My Satis” to control them. But in a mind-numbingly obvious oversight, the app uses the same Bluetooth PIN to link to every toilet.
So what can a toilet hacker do to you? The most basic hack would cause your toilet to flush constantly and send your water bill sky-high. The toilet also has an air purifier, automatic lid, in-bowl spotlight, and built-in sound module to cover up the sounds of doing your business. If a hacker catches you on the commode, they could manipulate these features, which Satis has admitted may cause “discomfort and distress to [the] user” as well as increase your electricity bill. However, the toilet costs $4,000, so anyone who can afford one can probably also pay skyrocketing water and electricity bills.
The Emergency Broadcast System
Montana’s Emergency Alert System once warned its television viewers that “the bodies of the dead are rising from their graves and attacking the living.” The alert was quickly pulled, and the TV station apologized, explaining that their Emergency Alert System had been hacked.
The prank happened in several other places, too, including one in Michigan during an airing of the children’s show Barney. These were the first hacks of the system because it used to be telephone-based. But within a year of launching a web-based system, hackers saw it as a potential target and broke in.
Almost everything in a hospital
If you’re in the hospital and there’s an Ethernet cable connecting your equipment to the Internet, that equipment is probably extremely vulnerable to hackers. By searching for simple medical terms on Shodan, a search engine for finding Internet-connected devices, researchers were able to locate machines like MRIs, X-ray scanners, and infusion pumps. In fact, just about anything connected to the Internet in the hospital is at risk, whether by design or configuration error. But what the researchers discovered next was even more startling.
Much of the medical equipment was using the same default passwords throughout different models of the devices. In some cases, manufacturers warned their customers that changing default passwords could make the equipment ineligible for support because the support teams use those passwords for servicing purposes. Cyber security experts were easily able to make a cloud of most frequent logins and passwords.
To see how many medical devices were compromised, the researchers set up 10 computers that looked like medical systems to lure hackers. They got 55 successful login attempts, 24 exploits, and 299 malware samples.
The hacks can be used for many things. The scariest would be hackers changing medication dosages remotely, which a few patients have already done on-site. Medical records can be altered, which could lead to patients not receiving the proper treatments. Phishing scams would also be easy to craft. Even using internal health provider networks, the researchers were able to access host names, descriptions and locations of equipment, and the physicians assigned to that equipment.
With the smart home industry in its infancy, a lot of the technology just isn’t up to modern cybersecurity standards. In 2015, a security company tested 16 home automation devices and found only one that they couldn’t easily hack. Things like cameras and thermostats lacked the most basic security measures. It’s worrisome for a number of reasons, including cyber criminals using your patterns of behavior to put your safety at risk.
Homeowners using smartphone apps to control their houses from a distance are especially vulnerable to breaking and entering. One Forbes reporter found that a string of keywords that could be crawled by search engines led to the systems of some residents winding up on the Internet’s search results for anyone to control.
A hacker could easily open the person’s garage door to enter their home. The particular model that allowed this exploit was recalled, but other systems had a security oversight that let them be controlled by anyone on the same Wi-Fi network.
Fearing that petrol pumps connected to the Internet could be vulnerable to hacking, cyber security researchers set up fake petrol pumps to lure hackers. The researchers quickly found that their fears were justified. Within six months, there were 23 different attacks.
Studies show that there are already pumps that have been modified by hackers. So far, the changes haven’t been harmful, but they could have been. The research turned up two denial-of-service attacks that could have disrupted inventory and led to shortages. Four others were pump modifications, and 12 were identification changes, which could alter pump names and cause the wrong type of fuel to flow into a tank. In some instances, this could ruin a car’s engine.
Cybersecurity experts are now warning that an airport’s security network could be completely shut down by hackers. Many of the security machines, such as X-ray scanners and itemisers (explosive detectors), have passwords built into their software. Anyone with the username and password could log on and get access to an airport network. Hackers could also manipulate an X-ray machine to hide weapons or steal data on how to bypass security. Itemisers could likewise be compromised.
Groups like ISIS have already hacked the website of Hobart International Airport, defacing it with a statement supporting the group. Polish airline LOT was forced to cancel or delay flights after their computers that issued flight plans were hit with a distributed denial-of-service attack.
Even if airport security fixes its vulnerabilities, an actual airplane can still be hacked. To search for backdoors, one researcher bought original parts from an aviation supplier to simulate the data exchange between passenger jets and air traffic controllers. He demonstrated that security is so weak that a smartphone equipped with a self-made app is enough to gain access to a variety of aircraft systems. Terrorists don’t need a bomb to crash an airplane because they can take control of the plane’s steering and direct it into the nearest building.
In 2015, researchers used a “zero-day exploit” to target a Jeep Cherokee and give them wireless control of the vehicle while it was on the road. The exploit sent commands through the Jeep’s entertainment system into its dashboard functions.
The Jeep’s driver, a reporter who volunteered to be part of the experiment, was driving down the road at about 115 kilometers per hour (70 mph) when the researchers set the cooling to maximum, changed the radio station, and began blasting music at full volume. The windshield wipers turned on, and wiper fluid started spraying, blurring the glass.
Though the driver manually tried to stop all of this, there was nothing he could do. The researchers even playfully put their image on the car’s digital display and shouted, “You’re doomed!” Then they cut the transmission, effectively killing the vehicle and forcing it off the road.
All of this happened when the reporter was on a highway. Though he knew in advance what was going to happen, it was still a nerve-racking experience for him. The researchers warn that it could have been far worse. Later in the test, they cut the brakes, forcing the reporter off the road and into a ditch. They could have also made the Jeep stop suddenly, leading to an accident. They say they haven’t mastered steering control yet, but they’re working on it.
A new PC should be safe from hackers, but some Chinese computers were sold with preinstalled malware. The malware was embedded into counterfeit versions of the Windows OS. It was being used to spy on users and conduct denial-of-service attacks.
Microsoft’s investigation of the supply chain found that the command-and-control system of these computers was infected with malware called “Nitol.” The malware spread via removable drives, so it’s estimated that millions of computers were infected. When investigators purchased 20 laptops and desktops from “PC malls” throughout China, each one had a counterfeit copy of Windows. Three had inactive malware, and the fourth had a live piece of malware that became active as soon as the PC was connected to the Internet.
The investigators believe that the computers were infected sometime after they left the factory. The Nitol botnet was controlled through the domain 3322.org, which contained more than 500 strains of malware. Microsoft shut down the malware and took control of the domain. It is now allowing legitimate traffic from the site’s subdomains.
This article was originally on Listverse.com