Where Will Hackers Strike Next: Transportation?
Practically every industry these days needs to be prepared for some kind of cyber threat, but the nature of the attacks and how the hackers carry out their assaults is ever-changing. Two news stories that popped onto my radar this week point to the different kinds of potential hacks that might occur, and both have to do with the transportation industry.
The first, as reported by Reuters, shows the vulnerabilities of railways, which increasingly use wireless technologies (GSM-R, which is more secure than the GSM used for phones) to control train switching systems. The potential threat, identified by professor Stefan Katzenbeisser of Technische Universität Darmstadt in Germany, speaking at a hacking conference in Berlin is a denial-of-service (DoS) attack. By overwhelming the systems, trains would literally have to halt in their tracks. A DoS hack of this kind couldn't cause trains to crash, added Katzenbeisser, "but service could be disrupted for quite some time." The major reason the vulnerability exists is because the software encryption keys used to secure the communication between trains and switching systems, are stored and distributed on physical media, which could be stolen.
The second story, from San Jose Mecury News, points to a potential vulnerability in cars. With all the on-board systems, Bluetooth, and other kinds of computers and wireless connectivity in automobiles, automakers and U.S. security officials now fear that hackers could remotely access a car's controls. The article points to pretty extreme (perhaps outlandish) scenarios, like terrorists groups disabling the braking systems of a highway full of speeding vehicles simultaneously. Nevertheless, plenty of more realistic threats abound—spying on in-car phone conversations, using GPS to target luxury cars for theft or hijacking—enough to cause Chrysler, Ford, and the National Highway Traffic Safety Administration to comment.
That the railway system might be the target of a cyber attack is nothing new—it's the how in that case. As for automobiles, which are all disparate systems on the road rather than one networked bunch, I think the point may be for automakers to not skimp on security when it comes to kitting out their goods.
Source http://securitywatch.pcmag.com/security/292240-where-will-hackers-strike-next-transportation
The first, as reported by Reuters, shows the vulnerabilities of railways, which increasingly use wireless technologies (GSM-R, which is more secure than the GSM used for phones) to control train switching systems. The potential threat, identified by professor Stefan Katzenbeisser of Technische Universität Darmstadt in Germany, speaking at a hacking conference in Berlin is a denial-of-service (DoS) attack. By overwhelming the systems, trains would literally have to halt in their tracks. A DoS hack of this kind couldn't cause trains to crash, added Katzenbeisser, "but service could be disrupted for quite some time." The major reason the vulnerability exists is because the software encryption keys used to secure the communication between trains and switching systems, are stored and distributed on physical media, which could be stolen.
The second story, from San Jose Mecury News, points to a potential vulnerability in cars. With all the on-board systems, Bluetooth, and other kinds of computers and wireless connectivity in automobiles, automakers and U.S. security officials now fear that hackers could remotely access a car's controls. The article points to pretty extreme (perhaps outlandish) scenarios, like terrorists groups disabling the braking systems of a highway full of speeding vehicles simultaneously. Nevertheless, plenty of more realistic threats abound—spying on in-car phone conversations, using GPS to target luxury cars for theft or hijacking—enough to cause Chrysler, Ford, and the National Highway Traffic Safety Administration to comment.
That the railway system might be the target of a cyber attack is nothing new—it's the how in that case. As for automobiles, which are all disparate systems on the road rather than one networked bunch, I think the point may be for automakers to not skimp on security when it comes to kitting out their goods.
Source http://securitywatch.pcmag.com/security/292240-where-will-hackers-strike-next-transportation
Comments