19 Apr 11. A pair of cybersecurity reports released April 19 painted a pessimistic picture of the threat landscape, indicating that the bad guys are adapting quickly to new conditions while systems’ owners and defenders are making little headway. One example: The number of compromised records in 2010 was only about 2.7 percent of the number compromised in 2009, but they resulted from significantly more attacks aimed at specific, smaller (and often easier) targets. The nation’s critical infrastructure also appears to be vulnerable.“Overall, we found little good news about cybersecurity in the electric grid and other crucial services that depend on information technology and industrial control systems,” the second annual report from McAfee on critical infrastructure protection concluded. (Source: GCN)
20 Apr 11. A group of researchers claim that earlier this year they proved a hacker could, among other things, conceivably use a cell phone to unlock a car’s doors and start its engine remotely, so he or she could then get behind the wheel and drive away. As if worrying about the vulnerability of your PC and smart phone to hackers were not enough, could your car be the next target? Maybe not today, but engineers are transforming automobiles from a collection of mechanical devices crowded around a combustion engine to a sophisticated network of as many as 70 computers—called electronic control units (ECUs). These computers are linked to one another and to the Internet, making the car a mini mobile data center susceptible to many of the same digital dangers—viruses, denial-of-service attacks, etcetera—that have long plagued PCs and other networked devices. ECUs manage supercritical, real-time systems such as steering, air bag deployment and braking as well as less critical components including the ignition, lights and infotainment console. Software (sometimes up to 100 million lines of code) tells these ECUs what to do and when to do it. ECUs tend to share networks when they communicate with one another. This makes it easier to control more networked gadgets (GPS, MP3 players and more) from the same place, such as the center of the steering wheel. The problem comes when infotainment and other nonessential components share the same network with the brakes, steering and other safety-critical devices. So says a group of researchers who claim that earlier this year they proved a hacker could, among other things, conceivably use a cell phone to unlock a car’s doors and start its engine remotely, so he or she could then get behind the wheel and drive away. Stefan Savage, a computer science professor at the
University of California, San Diego, and Tadayoshi Kohno, an assistant computer science and engineering professor at the University of Washington in Seattle, inserted malicious software onto a car’s computer system using its Bluetooth and cell phone connections. (They decline to specify which brand of car.) They presented their work in March at the National Academies Committee on Electronic Vehicle Controls and Unintended Acceleration. Savage, Kohno and their colleagues have for the past few years studied cyber attacks against automobile networks. Earlier experiments used a laptop plugged into the federally mandated On-Board Diagnostic system (OBD–II) port under a test car’s dashboard to take control of its ECUs to (among other things) disable the brakes, selectively brake individual wheels on demand, and stop the engine—all independent of the driver’s actions. (Source: Len Zuga/Scientific American
19 Apr 11. Cyber threats such as Stuxnet pose an increasing risk to critical infrastructure but many facilities around the world are unprepared to face the danger, according to a report released on Tuesday.
“We found that the adoption of security measures in important civilian industries badly trailed the increase in threats over the last year,” said Stewart Baker of the Center for Strategic and International Studies (CSIS), releasing