Faithful readers may recall this post highlighting my gear for Science Online: BlackBerry, iPad, Netbook, LiveScribe pen, and digital camera, all packed for North Carolina. You may have guessed that I love gadgets. And you would be correct.
Last week I received When Gadgets Betray Us: The Dark Side of Our Infatuation with New Technologies by Robert Vamosi. I was delighted to have a book to distract me from the demise of my NCAA tournament brackets, although the story does not leave you with a secure feeling. No, Vamosi points out how vulnerable all of our technologies make us.
For example, cars require more computing power than my first Mac Plus. Various modules have been added over time, and many of them communicate with each other or with a central computer wirelessly. Now, most manufacturers did not worry about security issues; why would anyone want to hack your tire pressure monitoring system?
Answer: To toss in nonsensical code that disables monitors.
Researchers from University of California, San Diego, and the University of Washington created software that can attack these systems:
More ominously, they could falsify readings from the fuel guage and speedometer, disable the antilock brakes, selectively brake individual wheels on demand, and even stop the engine. The researchers found that they could do this even while the car was speeding down a highway.
All of these electronic control units have firmware that can be renewed, but no way to authenticate the source of an upgrade:
...it ought not be possible to rewrite the firmware on a brake component - that's a safety issue - yet they found they could. Nor should it be possible to rewrite the firmware while the care is in motion; yet, the researchers found they could do this as well.
Car manufacturers are beginning to respond to these issues. Can you imagine some subversive near a major freeway, disabling braking systems at rush hour? Even if they can only access one brand of automobile, chaos and carnage would result.
Sections on ever-present radio frequency identification (RFID) tags, found in items we buy, work ID cards, and many passports, also prove frightening, especially in the realm of identity theft and workplace security.
I think my favorite story involved a team learning to hack San Francisco's electronic parking meters. The researchers wandered about with a portable oscilloscope and a special card that fit into the smart card slot on the meter, allowing them to monitor and capture all electronic communication between the card and the meter:
It looked odd, [Jacob] Appelbaum said, standing there on the curbside with a circuit board jammed into a parking meter, wires trailing out; yet, he joked, "In San Francisco, if anyone ever asks, you explain, 'It's for an art project,' and no one will think twice about it."
When Gadgets Betray Us will make you think twice about many daily activities and the free wi-fi at your favorite coffee shop. Am I ready to give up my BlackBerry or iPad? Hell, no! But I won't do any wireless banking at Panera. You never know what that dude with the muffie is doing on his laptop.