Skip to main content

Everything is Hackable, from Autos to Thermostats

English: An HP LaserJet 4200 dtns printer
English: An HP LaserJet 4200 dtns printer (Photo credit: Wikipedia)
Visalia Direct: Virtual Valley
August 31, 2015 Deadline
October 2015 Issue

Charlie Miller and Chris Valasek hacked a Jeep in July of this year. Chrysler recalled 1.4 million vehicles to fix issues with the “Uconnect” network, which used cellular Internet connections to enable features like remote access. If you’ve wondered how OnStar and similar services, like Uconnect, unlock car doors, now you know. They use the Internet.

Uber, the ride-scheduling app company, hired Miller and Valasek in August to work on security for Uber’s autonomous automobile project, since a self-driving car requires network and GPS access to function properly. Everything in an autonomous vehicle is computerized and this invites potential mischief. Uber hired hackers to identify security vulnerabilities.

General Motors, Volkswagen and other car companies have been tested by hackers. The 2016 Corvette’s braking system has been hacked. VW, and its subsidiaries including Audi and Porsche, have had their doors and security systems hacked via a $30 Raspberry Pi computer with Bluetooth wireless networking. VW sued to keep the hack secret, but nothing remains secret on the Internet. Old-fashioned keyless car entry, like garage doors and other frequency based systems, is a relatively simple hack. Newer Bluetooth systems were supposed to be harder to crack, but they rely on short numeric codes. A computer can try thousands of random codes in a minute, rendering short passcodes pointless.

The “Internet of Things” (IoT) has connected our Blu-Ray disc players, home security systems and even thermostats to the Internet. If you’re willing to let the electric company control your air conditioning, you can save some money. This resembles the OnStar model, with the power company using the Internet to check and set your thermostat. What could go wrong?

The problem with a connected home is that it might use your broadband network, though not all remote control systems do. My wife and I do have security and entertainment systems wired through our home network. Though we have a hardware firewall, hackers have already demonstrated they can work all manner of magic remotely.

One of the weaker points in a home network turns out to be a printer. Some new printers come with “remote printing” enabled, though few people use this option. To allow remote printing, the printer has to welcome incoming network traffic. Yes, hackers have taken control of computers in homes and offices via remote-printing. Your printer might be opening the door to criminals.

In 2011, researchers at Columbia University demonstrated that HP LaserJet printers were particularly vulnerable to network hijacking. There’s no fix for older printers and few people configure network printers securely. Have your computer technician or home tech guru disable “SMTP” (Simple Mail Transfer Protocol) and remote printing unless you absolutely must have this feature.

Any home network should include a good firewall, and I also suggest using network address translation (NAT) and port forwarding to hide a local network. Network techs agree that NAT is not a security measure, but it can help hide devices from less skilled hackers. Good routers, those boxes we use to connect a broadband service to a small network, include firewalls. Enable the firewall and set up any additional security you can. Our home network only allows specific hardware to connect, based on the media access control (MAC) address. When we buy new networked devices, I have to update the security table. Plus, we require passwords to connect to the network.

Phones pose a special problem, because they use public networks. To help ease our fears, tech companies are offering biometric security. Surely fingerprint ID is safe, like that used by Apple and Google for their device operating systems.

Not exactly. It turns out that scanned fingerprints are stored as simple data arrays. Fingerprint data can be stolen from Android phones, as demonstrated by hackers in August. The hackers managed to steal fingerprints by convincing users to install “malware” that transmitted the fingerprint data and a bitmap image to the hackers. Turns out, any application installed on an Android device could access fingerprints and other security settings.

Malware is software that a devious programmer designs to entice users. It might be a free game, a slideshow or something practical like a tip calculator. The malware seems like good software, yet in reality it spies on users or performs other nefarious tasks. Technically, malware is not a virus, since it requires installation by a user.

Never install software that isn’t from a trusted publisher. Free apps should raise suspicions.

Assume you never install software you cannot trust and you drive an older car. Nothing in your house is connected to the Internet of Things and your flip-phone cannot surf the Web. All is well, right? Maybe not.

Hackers have demonstrated the ability to embed viruses in computer cables, particularly Thunderbolt and the new USB C cables. This is possible because today’s high-speed cables are really small computers. The cables have more computing power than home computers did only ten years ago. Though this type of hack requires plugging a cable into the computer or a port hub, it could be a problem for businesses. Imagine a dishonest “technician” visiting a business. The technician declares that a cable is bad, so he offers to replace it. Now, at least one computer is infected.

Maybe this column has you concerned, but the actual risks are far less significant than any news report or Internet rumor suggests.

As an Apple OS X user, I have not had a virus, malware or other attack strike any of my Mac systems since 2002. I keep my software up-to-date, install only software from trusted publishers, enable all security features of the operating system and I do have an anti-virus application installed. I read SecureMac and MacRumors to track the latest security threats.

Even my last battle with a Windows virus was in 2002. That infection likely came from a floppy disk provided by a retail supplier.

I’ve always had at least one computer system with Windows. Based on experience, I trust BitDefender, PC Magazine’s 2015 Editors’ Choice winner. BitDefender not only catches viruses and malware, but warns you if a website is dangerous. This ability to block “phishing scams” is increasingly important in workplaces.

The world is not a safe place, but a little caution goes a long way.

Comments

Popular posts from this blog

Comic Sans Is (Generally) Lousy: Letters and Reading Challenges

Specimen of the typeface Comic Sans. (Photo credit: Wikipedia) Personally, I support everyone being able to type and read in whatever typefaces individuals prefer. If you like Comic Sans, then change the font while you type or read online content. If you like Helvetica, use that.

The digital world is not print. You can change typefaces. You can change their sizes. You can change colors. There is no reason to argue over what you use to type or to read as long as I can use typefaces that I like.

Now, as a design researcher? I'll tell you that type matters a lot to both the biological act of reading and the psychological act of constructing meaning. Statistically, there are "better" and "worse" type for conveying messages. There are also typefaces that are more legible and more readable. Sometimes, legibility does not help readability, either, as a type with overly distinct letters (legibility) can hinder word shapes and decoding (readability).

One of the co…

Let’s Make a Movie: Digital Filmmaking on a Budget

Film camera collection. (Photo credit: Wikipedia) Visalia Direct: Virtual Valley
June 5, 2015 Deadline
July 2015 Issue

Every weekend a small group of filmmakers I know make at least one three-minute movie and share the short film on their YouTube channel, 3X7 Films.

Inspired by the 48-Hour Film Project (48hourfilm.com), my colleagues started to joke about entering a 48-hour contest each month. Someone suggested that it might be possible to make a three-minute movie every week. Soon, 3X7 Films was launched as a Facebook group and members started to assemble teams to make movies.

The 48-Hour Film Project, also known as 48HFP, launched in 2001 by Mark Ruppert. He convinced some colleagues in Washington, D.C., that they could make a movie in 48 hours. The idea became a friendly competition. Fifteen years later, 48HFP is an international phenomenon, with competitions in cities around the world. Regional winners compete in national and international festivals.

On a Friday night, teams gathe…

Edutainment: Move Beyond Entertaining, to Learning

A drawing made in Tux Paint using various brushes and the Paint tool. (Photo credit: Wikipedia) Visalia Direct: Virtual Valley
November 2, 2015 Deadline
December 2015 Issue

Randomly clicking on letters, the young boy I was watching play an educational game “won” each level. He paid no attention to the letters themselves. His focus was on the dancing aliens at the end of each alphabet invasion.

Situations like this occur in classrooms and homes every day. Technology appeals to parents, politicians and some educators as a path towards more effective teaching. We often bring technology into our schools and homes, imagining the latest gadgets and software will magically transfer skills and information to our children.

This school year, I left teaching business communications to return to my doctoral specialty in education, technology and language development. As a board member of an autism-related charity, I speak to groups on how technology both helps and hinders special education. Busin…