August 1, 2014 1 Comment-
Kristian A. Bognaes, Director, Norman Safeground Development Center
– One would think that as the summer heat is upon us, things would quiet down a little in the computer security field. Not so – as it turns out, it is business as usual.
The home automation attack surface
Most of us are familiar with home alarm systems. Home automation is a broader term for devices that not only manages your alarm system, but also lets you turn lights on and off, adjust the temperature, and do many other things in your house over the networks. For the last few years, several new systems have appeared in the field of home automation. The company Lifex, for example, has introduced a remote-controlled light bulb that contains a WiFi network node as well as a traditional home-automation radio transceiver. When several Lifex devices are installed, they join up and create a ‘mesh network’ that can be used for all kinds of home automation. Inside the device is no less than two complete ARM controllers with 25 times the combined processing power of an old 386 PC – in a light bulb! The technology consulting company Context published an article this month about these bulbs. They were able to obtain WiFi credentials by exploiting the light bulb data protocol. So there we go – your living room lamps may be the next hacker attack surface!
Anti-malware for your car?
The annual hacker conference Defcon takes place in Las Vegas next month. One paper that will be presented has received a lot of press coverage in July. The information, researched by Charlie Miller and Chris Valasek, talks about how you can detect that the computer networks in your car are being attacked. A paper they published last year showed how various automotive systems are vulnerable to tampering and can potentially cause very dangerous situations. Most systems in modern cars are controlled using commands over a so-called CAN-bus (Controller Area Network). These commands can be tapped, duplicated, and spoofed through, among other places, the diagnostics port that you commonly find underneath the dashboard. This year, their new paper presents methods to detect that someone is messing with your CAN network. Does this mean that you will need to add anti-malware products to your car in the future? I plan to attend the conference this year, and will try to obtain more information about this issue.