We understand emails can get hacked. But what about solar panels? The computer security industry’s annual pilgrimage to Las Vegas this week for a trio of conferences will hash out the myriad, high-tech ways criminals can breach our increasingly connected world. Among this year’s talks: the possibility drones perched up high on buildings could link into unsecured networks; the ease with which even a bored teenager could take over an Airbnb rental’s Wi-Fi; ransomware used to hijack connected cars; and how a hacked roof-top solar array could destabilize a complete power grid.
Black Hat is the largest of the three gatherings – counting more than 11,000 attending last year – and the most prestigious. Of the two others, DefCon is more for hackers and BSides is more technical. “The bad guys communicate really, really well. They have an entire ecosystem for sharing and monetizing techniques. Our corporate security community doesn’t have those tools, but we have Black Hat and DefCon and BSides,” said Gunter Ollmann, chief security officer at Vectra Networks, a security firm located in San Jose.
Get ready: High-tech hacking coming soon
These are some of the high-tech scenarios that have cyber sleuths talking:
Wi-Fi dangers at rentals
Within the “so easy and yet so dangerous” category comes a talk Thursday by security intelligence researcher Jeremy Galloway of cloud software company Atlassian in Austin.
When on a snowboarding trip in Colorado with a few friends recently, he realized their Airbnb rental came equipped with Wi-Fi – and that the Wi-Fi router was in plain sight.
All he had to do to get into the server was grab the router, unbend a paperclip and then use it to reset the router. At that time he could have put a snooping program in place that could watch the Wi-Fi network even after he’d checked out, sending updates that could include other guests’ login credentials and passwords to multiple networks.
The danger is just not only to rentals but any home-based rental where the hosts are not tech or security savvy. He recommends home owners who have Wi-Fi in their rental space physically secure these devices, in either a closet or another secure area.
Jackware
With connected cars developing fast, researchers at ESET, a security company, see ransomware as a likely future exploit.
The nightmarish scenario is that you get into your self-driving car, the doors lock and a message pops up on the screen saying, “Pay us ransom or we will not let you out.”
Or possibly even threatens to take you somewhere you don’t want to go.
“Everything I see points to jackware as a logical development. It’s not inevitable, but it’s up to the people who make cars to prevent it from becoming a reality,” said Stephen Cobb, a senior researcher for the firm based in San Diego.
Solar
Installing solar panels can open homeowners up to high-tech hackers, according to a presentation set for Friday by security researcher Frederic Bret-Mounet.
After installing solar panels on his home near San Francisco, Bret-Mounet noted the array was connected to the cloud. It took him a single weekend to compromise into his own system. Then, he realized that had he been malicious, he could have overridden the safety limits within the system, causing it to overheat and then be knocked offline. He could also have remotely triggered the solar array’s emergency shutdown protocol. He also realized he could have potentially compromised devices in thousands of homes.
California has set a goal of 50% of the state’s power coming from renewable sources by 2030. “These lightly-protected systems could be all too easily infiltrated, possibly with catastrophic effects on the state’s power grid,” he said.
Drones
To Jeff Melrose, a strategist for cyber security at engineering services supplier Yokogawa U.S., drones are a terrifying threat to industrial installations. “In the old days, a fence kept people out of your plant. Now a drone can just fly right over it,” he said.
A drone can almost silently creep in, perch and watch for days. It may find its way to a hidden corner of a building and serve as a connection to any open Bluetooth or Wi-Fi networks, even a wireless mouse or keyboard.
Drones also are near to risk-free to the attacker. “You can put up an untraceable drone and if it gets caught, it gets caught,” said David Latimer, security analyst at Bishop Fox, a security consulting firm in Tempe, Ariz. Latimer sees a tidal wave of attacks coming. “This Christmas, almost every hacker wants a drone,” he said.
Disclosure key to security
Speaking about areas of our home and infrastructure vulnerable to attack might seem dangerous since it could give hackers ideas. But security workers say it’s essential to staying a step ahead of the criminals and necessary for a healthy security system.