Crisis Scenario or Movie Plot

A recent article I read described the workings of two teams of computer scientist looking into the security vulnerabilities in our modern automobile industry. You see, the new generation of networked vehicles conveniently connects to the internet and all kinds of tech gadgets known to men or so it’s projected. The proverbial tradeoffs of convenience vs. security immediately start to play out.  I like to take creative license from a security guru, who I have come to admire, to develop the following movie plot—crisis scenarios; which I hope would spark interest among my readers; followed by a healthy dose of skepticism about the risks we’re thrusted into in our ever more connected world. Bear in mind that I’m no Luddite; in fact I’m an avid user and fan of technology in the general sense, but I’m also a realist and recognize risk when I see it.

The Research

Two teams of computer security specialists at the University of Washington and the University of California are presenting their research describing how internet connectivity could render modern automobiles vulnerable to hacker attacks.  In other words they claim to be “able to remotely control braking and other functions” using the same exploits that have been deployed effectively for so long in the PC industry.  Their findings describe how access to software that runs the on-board computers for most late-model cars can be taken over, to wrestle control from the driver; while in motion, over critical driving functions like braking (individually or selective wheels) and even shutting off the engine itself.  These vulnerabilities exist despite the complex safeguards that have been programmed into the vehicle’s computer systems—once again “little thought has been given to the potential threat of hackers who may want to take over the networks that increasingly control modern cars.”      

Crisis Scenario

Worldwide, there are close to1 billion late-model cars on the road today; add to that our increasing appetite for cars that offer the latest and greatest in network connectivity; this alone is enough reason to be concerned about any potential vulnerabilities even hypothetical one.  The recent Toyota crisis demonstrated just how unprepared the automobile industry has been to manage major safety defects in their vehicles. Let’s extrapolate from that ordeal experience by this car manufacturer, to illustrate the potential dangers that the study above reveals. Let’s just say for argument sake that some time in the not-so-distant future cars are in their third generation of internet connectivity; and hackers have figured out how to introduce malicious code to the cars’ onboard computer or Electronic Control Unit (ECU) via wireless (“wide-area cellular connections”) networks. 

A wave of suspicious car accident reports have made it to the local press and word has started to quickly spread of a possible DoS attack or similar exploits; which has given hackers remote control over vehicle controls through “distributed internal connectivity and telemetric interfaces”.  Breaking news flash informs the general public that the accidents have been caused by so-called involuntary breaking; which coincides with several other accidents around the country, including several cargo trucks that have veered off the road.  The incidents have provoked major collisions on I-95 North, as well as on Route 280 South. There are no confirmed reports of fatalities, but people have begun to flood the car manufacturer’s toll free number.

You receive an anonymous email (Blackmail) from the Hackers Liberation Front, an unknown organization up until then, which threatens to destroy your car brand, through these deliberate remote vehicle safety device tampering, unless you pay a ten million dollar ransom. Your crisis management team springs into action….   

The question hangs in the air, is this realistic crisis scenario or just a movie plot far removed from our current reality? Sometimes reality could be estranger than fiction.  Over the last few years we have seen a dangerous fusion of organized crime groups with terrorist organizations under the umbrella of the global illicit economy. So far they’ve shown incredible adaptability integrating technology into their criminal operations and dexterity in the recruitment and employment of hackers to exploit weak network systems to extract huge profits. Since much of our society depends on mobility, the terrorist could perhaps seize the opportunity to disrupt our interstate supply chain by attacking the ECU technology inside our cargo trucks through their telematics systems. Just imagine that the very same safety and security (systems invented to make the driving experience safer (vehicle theft recovery, value-added features such as automatic crash response, and remote diagnostics) could be used against us in a manner tantamount to kids playing a warped video game in some far off place; all because of our shortsightedness, and yet another failure of imagination. That cannot stand.  

What are we to do?

One thing is clear to must security-conscious individuals, whether you have conceptualized it this way or not; security is this complex tradeoff between convenience and loss of privacy, which we attempt to control based on our tolerance for risks. The majority of us has a very ingrained love affair with our cars and increasingly with high tech gadgets; therefore in some ways is logical that master marketers would combine those too, always with profit as the main motive. Security and safety are merely secondary, if at all. But it doesn’t have to be that way. The proposed “App Store” for automotive applications, as well as, “vehicle-to-vehicle (V2V) and vehicle-to-infrastructure (V2X) communications systems” are not yet realities, which means that there is still time for car buyers to advocate or outright demand that security protocols (encryption technology, updated firmware with secure algorithms, that would in turn strength access control etc.) are built into the systems. Otherwise we would be buying anti-virus not only our burgeoning gadget collections, but also for our vehicles. Unless we are ready to accept having nefarious actors turn our thrill of the road into the nightmare of the road, we should demand that the car manufacturers assume their duty of care to protect ECU’s for all cars and trucks.

The Global Illicit Pharmaceutical Business; A Scourge of the 21st Century

“As much as fifty percent of the medicine sold on the Internet is counterfeit” – WHO

“Counterfeit medicine sales will reach seventy-five billion dollars worldwide this year” – CMPI

Have you consumed fake prescription drugs?  Odds are you have purchased and ingested these concoctions at some point or another, especially if you live in a developing country; with their lax health regulatory environment and acutely corrupt institutions.

“The World Health Organization says the problem with counterfeit medicines is especially bad in Africa, Asia, Latin America and the Middle East. The W.H.O. estimates that up to thirty percent of the medicines on sale in many of those countries are counterfeit.” Up to know industrialized nations, like the United States, Canada, Japan and New Zealand, have kept the problem relatively under control, restricting fakes to approximately one percent of the total prescription and over-the-counter drug’s market. But that is no solace, judging from the effectives of counterfeiters to innovate their packaging and overall appeal online, as huge profits would provide the incentive to continue injecting these often deadly products into the drug supply chain, and in the process grabbing market share (competing as low cost substitutes, effective in a down economy) from legitimate drug companies.

The best weapon in the fake drug profiteers’ toolkit happens to be consumer’s ignorance of the real source of drugs they think will cure them or alleviate an ailment. Product that could be in reality a toxic mix of chemicals; that end up being expensive (cost in human lives/livelihood) placebos.  The stakes are high for the pharmaceutical industry; these companies have had to come up with ways to make fake drugs easy to spot. After all the most effective prevention and eradication method is to disrupt the consumer’s propensity to be duped by worthless and deadly knock-offs, whether they’re in the developed or developing world.

Combating counterfeit medicines is no walk in the park, as small, yet nimble organized crime groups (A loosely federated collection of manufacturers, distributors, and even marketing operations) are dedicated to this racket. They often use new media and social networks (for their anonymity and mass reach) which allows them to hawk their dangerous products while skirting the risk of ever getting caught. To make affront to this global illicit business the pharmaceutical industry would have to go beyond the technology solutions it has implemented and try the true and tested awareness campaigns to make consumers worldwide sensitive to the issue. In closing, I’d advocate bringing these campaigns to the criminals’ own turf, online and through social networks.

Learn More:

Privacy Matters

“But even the most stringent security precautions suffered from a fatal weakness: the human factor.”—Freedom

I sat down recently to analyze the issue of personal protection and safety. I write about various issues that impact our ability to defend our assets and reputation through this forum, but in light of my lack of subject-matter-expertise I tend to neglect writing about information protection matters. Yet very few things in our modern society of hyper-connectivity are as important as protecting our data, identity, only transactions—you pick the term that best suits this important task.  That is the reason I’ve decided to share with you links to privacy articles that in my view, have a high level of significance to our personal asset protection and security awareness. I will continue posting on this topic every month or so; therefore, visit this blog from time to time to see the latest “privacy matters”.  

Disabling cars by remote control: who didn’t see this coming?

E-waste: Criminals comb hard drives looking for personal data to use in scams  

Game Consoles at Work Threaten Corporate Security  

Privacy in a mobile world: The Massachusetts data privacy law     

“Storing documents on the cloud. Is Security a priority? Is it a secure proposition? Loosing connectivity can send documents flying into Cyber-space…” BBC’s Click — My own two cents: Is it cloud computing or fog computing? It all sounds nebulous to me…

How to Stay Safe on Public Wi-Fi.  Wi-Fi makes it easier for you to work on the go–and easier for other people to sneak a peek at your data. We’ll show you how to remain secure on public wireless networks.  

Legal spying via the cell phone system

CBS Investigation Finds Personal Info on Copiers, Including Buffalo Police Copiers (Whose information gets copied on police precincts machines…that’s right yours, John Doe Public)

Google And Facebook’s Privacy Illusion –By Bruce Schneier  

Hancock Breach Reveals New Trend

Former Con Man Helps Feds Thwart Alleged ATM Hacking Spree