Confident Cyber Security by Jessica Barker;

Author:Jessica Barker;
Language: eng
Format: epub
Publisher: Kogan Page
Published: 2020-12-15T00:00:00+00:00

Someone working in public where you can read their screen.

Magnetic lock mounted on the unrestricted side (so it could be disabled).

Someone tailgating access into an area covered by access control (eg into an office).

Physical vulnerabilities in the Internet of Things

The physical dimensions of cyber security have accelerated in recent years with the increasing connectivity of society. As highlighted by the Mirai botnet covered in Chapter 4 in relation to the Dyn DDoS (page 75), the expanding Internet of Things (IoT) means that more and more devices in our physical world are subject to cyber security vulnerabilities. In recent years we have seen internet enabled watches, fitness trackers, spectacles, fridges, kettles, smart speakers, toothbrushes, thermostats, light bulbs, locks, doorbells, children’s toys, sex toys and medical devices such as pacemakers. Security issues have been discovered with many of these devices, and the physical dimension of these can be disturbing.

In December 2019, an 8-year-old girl was in her bedroom when a criminal hacker spoke to her for ten minutes through a Ring camera that had been installed so her mother could keep an eye on her daughter for medical reasons. The digital intruder told the girl he was Santa Claus, said that they were best friends and instructed her to call her mother terms of racist abuse. Upon investigating the incident, Ring found that it was the result of credential stuffing (covered in Chapter 4), in which criminals used passwords that have been breached in the past, to access other accounts that people have, relying on their re-use of password. There have been multiple reports of other people having their Ring cameras compromised in the same way.2

Vulnerabilities have been found in children’s toys and watches, too: for example, in 2018 the security company Pen Test Partners found that they could track children’s movements, covertly listen in to their activities and make spoof phone calls to the watch that looked like they were coming from the children’s parents.3 Of course, the risk that this could pose to children’s physical security is very troubling.

For years, security researchers have been demonstrating vulnerabilities in cars. Relay theft, or keyless car theft, is one of the simpler attacks, taking advantage of a vulnerability in keyless entry systems. It is usually executed by one criminal holding a device near the doorway of a home, with the device relaying the key fob’s signal to another device, usually being held by another criminal near the door of the car. The devices trick the car into believing that the legitimate key is within range and so the doors unlock. This attack was used by criminals to steal David Beckham’s £100,000 BMW in 2006 and there have been reports of increasing numbers of relay car theft ever since.4

Relay theft is one way that cars are vulnerable to cyber insecurity, but not the only way. In 2015, Wired magazine published a video in which two hackers, Charlie Miller and Chris Valasek, remotely hacked a Jeep while journalist Andy Greenberg was driving it on a US highway (with his permission).

Download

Copyright Disclaimer:
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.