You may have heard a lot about hacking phones and computers through various sources but it does not stop there, hacking goes far beyond the computers and phones. Almost all the devices which have a microcontroller or microprocessors can be hacked. The situation will be far more dangerous if people started attacking the electronics present at your home.
Let's talk about your car first, almost everything in your car is connected to a computer and the system is known as ECU (Electronic Control Unit). From your steering to gas pedal everything is controlled via ECU, The wheel you steers doesn't actually turn the car it actually sends the data to a computer which in turn turns the car, same happens with the gas pedal. So, every component in your car is connected to a computer. But, this is not the end almost every modern car is equipped with GPS and internet capability which means your car is connected to a network, and once you're able to bypass the network you are inside the car, giving you full access to different controls of your car. Your car has a CAN-BUS, it is a network within the car that allows all the pieces to communicate everything can read and write to the CAN-BUS and it is always listening for commands from the CAN. To hack a car the sophistication level is pretty high each car has a different language each piece speaks different words and not all those pieces have been mapped publicly. But once you know the commands different parts speak, you can buy simple electronic devices and connect it to ECU to control almost everything. As of now, hackers can remotely track the car and listen to what was being said. This is not a terrible thing right now because the cost is high, but, as the pieces of hardware required to experiment become more readily available, people will start using it for more and more wrongdoings. In Black Hat Asia Security Conference, 2014, a group of young hackers showed a device which could be easily implanted in any car and once it is placed you have the control of the entire car. They spend only 25$ to build that tool. This device sends data packets to the ECU and worst-case scenario you can create an accident or completely control the car.
Embedded hacking is not limited to cars, Ang Cui CEO and Chief engineer of Red balloon security showcased how to hack telephones without even placing a physical bug in it. They created a device 'Funtenna' which exploits radio frequency to take control of various devices like telephones, printers, etc. Funtenna is basically using software and all the common pieces of hardware that you find in basically every embedded device to force that hardware to transmit an RF signal to exfiltrate data. So, RF frequency is radiated to push electrons through the wire in a predictable way. According to Maxwell's equations, we can induce a magnetic electric field. Basically, this device reconfigures the software control input pin to go to output which convinces the phone that it is in receiving mode. In this case, a resume rewrites the firmware on the printer to do whatever a hacker wants and finally, the printer sends an RF signal to hack the telephone. In short, email hacks the printer which in turn hacks the telephone. Ang Cui also showed that they can read whatever text is printed by a printer just by listening to the radio waves. Just think of the danger posed by this, what'll happen if someone traps you in a car asks you for ransom, this could be used to infiltrate the military or to know the secrets of an organization.
So, what is the reason behind this inefficiency?
We have so many software's to protect our PC and phones from different types of viruses and threats. Firewalls being created to avoid hackers to bypass the system but nothing of this sort is present in an embedded device. Embedded device security is very weak because it is tough to create such software with a limited amount of hardware resources these devices have. Generally, there are no antivirus or firewall present in these devices. The only thing which can protect us is to know the loopholes of these systems so that better security solutions can be implemented.
To know more about the Red balloon security: https://www.redballoonsecurity.com/
Comments
Post a Comment