There is a spotlight on cybersecurity like there hasn’t been in quite a while. Report after report streams into the public eye about the vulnerability of embedded health devices (such as pacemakers) as well as wifi-connected appliances, thermostats, security cameras, smart rifles...and even skateboards. The most well-known example and catalyst of public interest on this subject is Charlie Miller and Chris Valasek’s Jeep UConnect exploit. In a nutshell, the security researchers remotely hacked a Jeep Cherokee and eventually sent into a ditch…with their test subject inside attempting to maintain control of the vehicle. Don’t worry; he lived. Here’s what they found:
- They were able to hack the Jeep Cherokee via internet connection from a basement 10 miles away while it was operating on the highway.
- They were able to gain control over everything from the air vents, radio, brakes, dashboard, steering wheel and even blurred the windshield of the Jeep with wiper fluid.
- They were able to control and disable the speed of the Jeep.
- The Jeep Cherokee, Cadillac Escalade and Infiniti Q50 were ranked first, second and third-most vulnerable vehicles, respectively.
"All of this is possible only because Chrysler, like practically all car makers, is doing its best to turn the modern automobile into a smartphone. Uconnect, an Internet-connected computer feature in hundreds of thousands of Fiat Chrysler cars, SUVs, and trucks, controls the vehicle’s entertainment and navigation, enables phone calls, and even offers a Wi-Fi hot spot. And thanks to one vulnerable element, which Miller and Valasek won’t identify until their Black Hat talk, Uconnect’s cellular connection also lets anyone who knows the car’s IP address gain access from anywhere in the country. “From an attacker’s perspective, it’s a super nice vulnerability,” - Charlie Miller
These vulnerabilities have obviously shaken both the auto industry and consumers’ previous knowledge and beliefs of cybersecurity. There is now a new dimension to the caveat of introducing internet connectivity to everyday devices. Over 400,000 different car models are now being considered vulnerable, and car makers and law makers are working towards increasing defense against such attacks. Despite how troubling it is when vulnerabilities like this are discovered, cybersecurity and security technologies expert Keren Elazari believes that we need hackers. Keren is a key member of the Israeli Cyber Security Industry and has shared her expertise with government organizations and Fortune 500 companies for over fourteen years. She is also a highly sought after keynote speaker who has given presentations for Google, Microsoft, CITI Group, and DefCon about the duty hackers have to use their talents ethically. In 2014, she received the highly prestigious opportunity to speak at a TED conference for the first time. Since then, her advocacy for the positive potential of hackers has captured the attention of over a million viewers. Her perspective on this matter is a clear, concise message:
We need ethical hackers in order to locate and exploit vulnerabilities before those vulnerabilities are located and exploited by the wrong people.
Want to know more about Keren? Check out her bio, videos, reviews & more here!