CIA chief says internet-connected appliances are ‘worrisome’ new threat

3
2059

Rob Waugh
WeLiveSecurity.com
Febuary 28, 2014

fridgey

CIA Director John Brennan says that connected appliances and networked vehicles will make the agency’s job harder – with more systems to protect, and more platforms which could be used to launch attacks.

Network World reports that Brennan, speaking at President Barack Obama’s Associates Dinner at the University of Oklahoma said that cyber issues were becoming increasingly central to the CIA’s mission, and that Brennan said, “We also are concerned that new vulnerabilities will develop as cars, home appliances, and other physical objects become more integrated into information networks.”

“As we move closer to what some are calling an “Internet of Things,” there will be more devices and systems to protect—and, equally worrisome, more that can be used to launch attacks.”

As part of a wide-ranging speech, Brennan said that the rapid pace of change in technology made the job of the CIA “challenging”. The CIA’s official transcript of the speech can be read here.

“Cyber security was part of my portfolio when I served at the White House, and I must admit that after a while, just hearing the word “cyber” was enough to make my head hurt,” Brennan said.

“Part of what makes cyber so challenging is that technology is changing so rapidly—and society along with it,” Brennan said,. “In many respects, the world is transforming itself before our eyes, as more and more human activity migrates to the Internet.”

“This has profound implications not only for how each of us conducts our daily lives, but also for the way CIA carries out its mission. Terrorists, criminal networks, weapons proliferators, state actors—all of them are entrenched in the digital domain.”

Various cases have shown that devices belonging to the so-called ‘internet of things’ are vulnerable – this month, it was revealed that Belkin’s WeMo home automation systems contained multiple vulnerabilities which could allow attackers to remotely control devices attached to a WeMo system – for instance, blacking out lighting in a home, or remotely monitor devices such as security cameras, as reported by WeLiveSecurity here.

Several security researchers have shown off ‘hacks’ which can remotely take over the software in vehicles – and CNBC described such attacks as potentially forming a new “global cybercrime wave.”

At this year’s Consumer Electronics Show (CES) in Las Vegas, ‘smart homes’ were clearly a big trend on the show floor – and much debate was ignited about their security.

The normally sober BBC warned, “In the future, it might not just be your smartphone that leaks personal and private data, it might be your smart fridge too.”

But ESET Senior Research Fellow David Harley said in a commentary post at the time, “It may be a little early to worry too much about what your fridge or your medicine cupboard is able to reveal to a hacker about your eating habits and the state of your health,” Harley says.

“After all, there are all too many more direct ways for retailers, insurance companies, and pharmaceutical companies to get that sort of information. (And those are issues more people should be worried about.)”

3 COMMENTS

  1. Was looking up something for Corporate here yesterday – vPro chips, by Intel.

    Interesting tidbit: Intel’s chips – including EVERY i3, i5, i7, and the vPro line – have EMBEDDED 3G NETWORK ACCESS. Even when the machine is OFF, Big Brother can read your hard drive – without turning the machine on. And it bypasses (ignores) encryption, too. It uses “pantom power” (IE, the power that’s running to the system even when the power is off.)
    Don’t we feel safe, with the option to be remotely audited (or HACKED) by ANYONE, ANY TIME…

    But if you have nothing to hide…? WE’LL PUT SOMETHING THERE!!!
    (I shit you not, people have been busted for “kiddie porn” when they’ve never looked at it and didn’t know it existed – it was cached in the system. And these images can be a 1X1 pixel image in a web page, which you don’t know exists… But guess what’s found – and held against you – if TPTB think you’re an issue? For that matter – if TPTB put out these images, say, on a .gov site? Like irs.gov? And you go there at tax time…? It’s not entrapment, you aren’t FORCED to go there… but you’ll never know you got “contraband”. And since you also can’t DELETE these things – the data remains on the disk even after you wipe the disk – the possibilities are virtually ENDLESS. )

LEAVE A REPLY

Please enter your comment!
Please enter your name here