All Tech Considered
Mon March 4, 2013
Street Lights, Security Systems And Sewers? They're Hackable, Too
Originally published on Mon March 4, 2013 6:05 pm
Allegations that the Chinese military has been hacking U.S. corporations are raising tensions. But in the case of a full-fledged cyberwar, things would look very different.
"Our enemies are also seeking the ability to sabotage our power grid, our financial institutions and our air traffic control systems," President Obama said in his State of the Union address last month.
And cyberattacks could go beyond company computer servers and advanced information technology.
Whether you know it or not, you are surrounded by a network of machines that are talking to each other. For example, downtown San Francisco's California Street is a potential target for a cyberattack.
Hacking Into Infrastructure
"It may not be easy to recognize, but almost everything around you in that area is Internet capable," says Don Bailey, CEO of Capitol Hill Consultants, a cybersecurity firm in San Francisco.
He says street lights and building security systems are controlled remotely and monitored over the Internet.
Bailey is currently working for the Defense Advanced Research Projects Agency, better known as DARPA, mapping out security holes in these kinds of systems.
But in the past, Bailey hacked into new cars using a cellphone network. He says modern sewers are also hackable. This is possible because over the past decade, the Internet and the mobile phone network have been layered on top of all kinds of technologies that weren't built with security in mind, he says.
Everyone wants connectivity and control, and that means connecting all kinds of systems, switches and machines to the Internet that were never designed to live online — devices that are fundamentally insecure.
Can Be Fixed, But Not Easily
"Sometimes that can't be patched," says Tiffany Rad, a security researcher. "It needs to be removed and replaced. And that's not an easy task to do."
She says insecure industrial switches have been built into oil pipelines, power plants and even prison doors. These switches are programmable, so they can be set to turn off if the pressure in a pipe gets too high or too low. A generation ago, switches like this weren't designed to be connected to the Internet.
"So when you see systems that are legacy like this, some of them 30 years old, it's a very hard proposition when you tell someone who is running these facilities, 'Take them offline; we got to fix this; replace that,' " Rad says.
A couple of years ago, she and some friends demonstrated that built-in vulnerabilities made it possible to hack open cell doors in federal prisons.
"If we wanted to unlock the prison doors, we could do that," Rad says. They could also trick the guards into thinking that the doors were still closed and locked while in reality they weren't.
Rad didn't bust anyone out of jail, but she proved the attack was possible and let officials know. One reason prisons were vulnerable was their Internet-connected control rooms.
"I'm not convinced it would take a nation-state and a bunch of funding to do something like this," says Dillon Beresford, a cybersecurity consultant at Cimation based in Texas.
A few years ago, he duplicated some of the most novel aspects of what's probably the most famous cyberwarfare attack in history — Stuxnet. That's the virus that caused Iran's nuclear centrifuges to spin out of control.
"When I looked at Stuxnet, I saw techniques that were being used, you know, back in the ... early 2000[s], late '90s by people in the hacking community," Beresford says.
He began looking into the vulnerabilities of the technology in his spare time.
"And what I found, at least for me, was surprisingly shocking," he says. "There were a lot of trivial bugs that could be exploited."
Switching Hacking Off?
Writing those exploits took Beresford just a few weeks and cost a few thousand dollars. Rad's team, which hacked prison doors, only had four members and a tiny budget.
Beresford says many engineers who rely on automated industrial switches now realize how vulnerable they are.
"Pretty much at this point, they're just waiting for something to happen," he says.
In the past year, close to 200 cyberattacks on critical infrastructure were reported to the Department of Homeland Security.
Today, switches made by Siemens and GE are built into infrastructure all over the world. Parts made in China end up in the U.S.
Beresford says just talking about cyberwarfare probably doesn't help. "We should be working together to solve some of these problems," he says.
He believes the only way to make all of us safer is through a type of public hacking diplomacy.
When Beresford finds a bug in a system, he says he discloses it and pushes manufacturers to find a fix. Ultimately, he hopes this kind of research will make cyberwarfare harder to wage.