They’re nightmare scenarios. You’re driving your gadget-packed car and suddenly the self-driving system malfunctions and takes you off the road. Or your pacemaker fails due to an errant signal from the modem that connects it to your doctor’s office.
The “internet of things” concept means more and more everyday objects from fridges to the food inside them are already - or on their way - to becoming connected to the internet. And where there’s a link, there’s a way for hackers to take control or viruses to find their way in.
Of course a cyber attack on a fridge is an unlikely and at worst annoying situation. But assaults on pacemakers and cars are a very real and dangerous possibility. And it doesn’t take an intentional attack from a cyber criminal, whether they are targeting specific individuals or just bored.
One of the biggest cyber threats to the public is from the unintended consequences of attacks, according to Andrew Beckett, head of cyber defence services at Cassidian. ‘If you release a cyber weapon over the internet, you don’t know what will be affected and where,’ he says. ‘Even if the target is based on a specific hardware/software configuration, you can’t be sure it’s the only one to have that configuration.’
The Stuxnet worm, for example, was allegedly created by the US government to attack Iran’s nuclear facilities but ended up infecting computer systems around the world including those of US oil company Chevron.
Cyber warfare might seem attractive because it doesn’t involve bloodshed, but the potential collateral damage or the danger of weapons being used against their creators means the consequences could be more far-reaching than traditional conflict. If a country’s power network were disabled, for example, it would throw transport, healthcare and communications systems into chaos and ultimately be responsible for a high number of deaths.
Does such a threat really extend to everyday internet-enabled objects, though? ‘The risks and threats go across everything,’ says Beckett. ‘We were involved in some research showing it is already possible to hack some internet-enabled cars and take them over. We were able to turn off the brakes off a car in motion and there are similar things you can do. The more things you connect to the internet, unless you secure them properly, the more potential for damage there is.’
This is starting to sound scary. How worried should we be? And will the technology come along to protect us from cyber attacks? Firstly, Beckett points out, there are often simple steps people can take to keep systems secure, like not using unknown memory sticks or opening attachments from odd or suspicious emails, things that many people still do despite the well-known dangers.
Manufacturers can also build in protections. For example, if a car has two-way communication capability so a mechanic can assess whether it needs to come in for a service, the car is more vulnerable if its critical systems are also accessible remotely.
But while there are some improved encryption techniques on the horizon, it’s rare that current protection systems are broken. It’s far more likely that cyber attacks will exploit a weakness in implementation. As with many things, we can’t rely solely on technology to solve our problems.