Skip to main content

Everything is Hackable, from Autos to Thermostats

English: An HP LaserJet 4200 dtns printer
English: An HP LaserJet 4200 dtns printer (Photo credit: Wikipedia)
Visalia Direct: Virtual Valley
August 31, 2015 Deadline
October 2015 Issue

Charlie Miller and Chris Valasek hacked a Jeep in July of this year. Chrysler recalled 1.4 million vehicles to fix issues with the “Uconnect” network, which used cellular Internet connections to enable features like remote access. If you’ve wondered how OnStar and similar services, like Uconnect, unlock car doors, now you know. They use the Internet.

Uber, the ride-scheduling app company, hired Miller and Valasek in August to work on security for Uber’s autonomous automobile project, since a self-driving car requires network and GPS access to function properly. Everything in an autonomous vehicle is computerized and this invites potential mischief. Uber hired hackers to identify security vulnerabilities.

General Motors, Volkswagen and other car companies have been tested by hackers. The 2016 Corvette’s braking system has been hacked. VW, and its subsidiaries including Audi and Porsche, have had their doors and security systems hacked via a $30 Raspberry Pi computer with Bluetooth wireless networking. VW sued to keep the hack secret, but nothing remains secret on the Internet. Old-fashioned keyless car entry, like garage doors and other frequency based systems, is a relatively simple hack. Newer Bluetooth systems were supposed to be harder to crack, but they rely on short numeric codes. A computer can try thousands of random codes in a minute, rendering short passcodes pointless.

The “Internet of Things” (IoT) has connected our Blu-Ray disc players, home security systems and even thermostats to the Internet. If you’re willing to let the electric company control your air conditioning, you can save some money. This resembles the OnStar model, with the power company using the Internet to check and set your thermostat. What could go wrong?

The problem with a connected home is that it might use your broadband network, though not all remote control systems do. My wife and I do have security and entertainment systems wired through our home network. Though we have a hardware firewall, hackers have already demonstrated they can work all manner of magic remotely.

One of the weaker points in a home network turns out to be a printer. Some new printers come with “remote printing” enabled, though few people use this option. To allow remote printing, the printer has to welcome incoming network traffic. Yes, hackers have taken control of computers in homes and offices via remote-printing. Your printer might be opening the door to criminals.

In 2011, researchers at Columbia University demonstrated that HP LaserJet printers were particularly vulnerable to network hijacking. There’s no fix for older printers and few people configure network printers securely. Have your computer technician or home tech guru disable “SMTP” (Simple Mail Transfer Protocol) and remote printing unless you absolutely must have this feature.

Any home network should include a good firewall, and I also suggest using network address translation (NAT) and port forwarding to hide a local network. Network techs agree that NAT is not a security measure, but it can help hide devices from less skilled hackers. Good routers, those boxes we use to connect a broadband service to a small network, include firewalls. Enable the firewall and set up any additional security you can. Our home network only allows specific hardware to connect, based on the media access control (MAC) address. When we buy new networked devices, I have to update the security table. Plus, we require passwords to connect to the network.

Phones pose a special problem, because they use public networks. To help ease our fears, tech companies are offering biometric security. Surely fingerprint ID is safe, like that used by Apple and Google for their device operating systems.

Not exactly. It turns out that scanned fingerprints are stored as simple data arrays. Fingerprint data can be stolen from Android phones, as demonstrated by hackers in August. The hackers managed to steal fingerprints by convincing users to install “malware” that transmitted the fingerprint data and a bitmap image to the hackers. Turns out, any application installed on an Android device could access fingerprints and other security settings.

Malware is software that a devious programmer designs to entice users. It might be a free game, a slideshow or something practical like a tip calculator. The malware seems like good software, yet in reality it spies on users or performs other nefarious tasks. Technically, malware is not a virus, since it requires installation by a user.

Never install software that isn’t from a trusted publisher. Free apps should raise suspicions.

Assume you never install software you cannot trust and you drive an older car. Nothing in your house is connected to the Internet of Things and your flip-phone cannot surf the Web. All is well, right? Maybe not.

Hackers have demonstrated the ability to embed viruses in computer cables, particularly Thunderbolt and the new USB C cables. This is possible because today’s high-speed cables are really small computers. The cables have more computing power than home computers did only ten years ago. Though this type of hack requires plugging a cable into the computer or a port hub, it could be a problem for businesses. Imagine a dishonest “technician” visiting a business. The technician declares that a cable is bad, so he offers to replace it. Now, at least one computer is infected.

Maybe this column has you concerned, but the actual risks are far less significant than any news report or Internet rumor suggests.

As an Apple OS X user, I have not had a virus, malware or other attack strike any of my Mac systems since 2002. I keep my software up-to-date, install only software from trusted publishers, enable all security features of the operating system and I do have an anti-virus application installed. I read SecureMac and MacRumors to track the latest security threats.

Even my last battle with a Windows virus was in 2002. That infection likely came from a floppy disk provided by a retail supplier.

I’ve always had at least one computer system with Windows. Based on experience, I trust BitDefender, PC Magazine’s 2015 Editors’ Choice winner. BitDefender not only catches viruses and malware, but warns you if a website is dangerous. This ability to block “phishing scams” is increasingly important in workplaces.

The world is not a safe place, but a little caution goes a long way.

Comments

Popular posts from this blog

Slowly Rebooting in 286 Mode

The lumbar radiculopathy, which sounds too much like "ridiculously" for me, hasn't faded completely. My left leg still cramps, tingles, and hurts with sharp pains. My mind remains cloudy, too, even as I stop taking painkillers for the back pain and a recent surgery.

Efforts to reboot and get back on track intellectually, physically, and emotionally are off to a slow, grinding start. It reminds me of an old 80286 PC, the infamously confused Intel CPU that wasn't sure what it was meant to be. And this was before the "SX" fiascos, which wedded 32-bit CPU cores with 16-bit connections. The 80286 was supposed to be able to multitask, but design flaws resulted in a first-generation that was useless to operating system vendors.

My back, my knees, my ankles are each making noises like those old computers.

If I haven't already lost you as a reader, the basic problem is that my mind cannot focus on one task for long without exhaustion and multitasking seems…

MarsEdit and Blogging

MarsEdit (Photo credit: Wikipedia) Mailing posts to blogs, a practice I adopted in 2005, allows a blogger like me to store copies of draft posts within email. If Blogger, WordPress, or the blogging platform of the moment crashes or for some other reason eats my posts, at least I have the original drafts of most entries. I find having such a nicely organized archive convenient — much easier than remembering to archive posts from Blogger or WordPress to my computer.

With this post, I am testing MarsEdit from Red Sweater Software based on recent reviews, including an overview on 9to5Mac.

Composing posts an email offers a fast way to prepare draft blogs, but the email does not always work well if you want to include basic formatting, images, and links to online resources. Submitting to Blogger via Apple Mail often produced complex HTML with unnecessary font and paragraph formatting styles. Problems with rich text led me to convert blog entries to plaintext in Apple Mail and then format th…

Screenwriting Applications

Screenplay sample, showing dialogue and action descriptions. "O.S."=off screen. Written in Final Draft. (Photo credit: Wikipedia) A lot of students and aspiring writers ask me if you "must" use Final Draft or Screenwriter to write a screenplay. No. Absolutely not, unless you are working on a production. In which case, they own or your earn enough for Final Draft or Screenwriter and whatever budget/scheduling apps the production team uses.

I have to say, after trying WriterDuet I would use it in a heartbeat for a small production company and definitely for any non-profit, educational projects. No question. The only reason not to use it is that you must have the exclusive rights to a script... and I don't have those in my work.

WriterDuet is probably best free or low-cost option I have tested. It is very interesting. Blows away Celtx. The Pro version with off-line editing is cheaper than Final Draft or Screenwriter.

The Pro edition is a standalone, offline versio…