We live in a world where technology rules. From our phones to our cars, we are constantly connected to something, somewhere, at all times. In most cases, the convenience of technology enhances the quality of our lives. But as consumers, there are technology risks and threats we need to be aware (and beware) of. We don’t mean to spook you, but let’s talk about the scary side of the cyber world.
A Haunted Road
In 2015, two white hat hackers, Charlie Miller and Chris Valasek, developed a piece of software that wirelessly took control of a Jeep Cherokee – while someone was driving. Luckily, the victim was a volunteer who agreed to be a test dummy.
Using only their laptops, the hackers used a zero-day exploit to remotely control the Jeep. The hackers first took control by wirelessly adjusting the Jeep’s air conditioning, radio and windshield wipers. The driver’s attempts to disable these features were useless, as the hackers were in full control. It wasn’t until the jeep started to automatically decelerate did the driver begin to panic. While the Jeep was on the freeway, the hackers cut the transmission. Since this was an experiment, the hackers were able to communicate how to accelerate again, and fortunately, no accidents occurred. However, this is an example of what cybercriminals are capable of, and how cyberattacks can impact us in a myriad of ways.
Searching for Solutions
Electronic control units (ECUs) are a car’s various electrical components that are connected through an internal network. If hackers are able to access a vulnerable ECU, they can potentially take over a vehicle’s brakes or engine. After the Jeep’s compromise, Fiat Chrysler Automobiles recalled 1.4 million vehicles to install software to protect against future data breaches. The U.S. National Highway Traffic Safety Administration has issued cybersecurity guidelines automakers are encouraged to follow to help avoid cyberattacks on vehicles. Other automakers, including BMW AG and Tesla Motors Inc, have disclosed plans to fix potential data security gaps.
In December 2015, VTech, a Hong Kong-based children’s toy manufacturer was the victim of a data breach. The cybercriminal gained access to data stored in VTech’s Learning Lodge app store. The exposed data included five million customer accounts, storing parents’ names, email addresses, passwords, secret questions and answers used to verify account information, IP addresses, mailing addresses, and download history. Even more frightening, the hacker was able to gather information about children, such as names, gender and birth dates.
The hacker also downloaded nearly 200GB worth of photos from VTech’s Kid Connect Platform, a platform that allows children and parents to exchange messages. Audio clips of children speaking have also reportedly been found on the server.
The cybercriminal used a SQL injection attack to breach VTech’s server. SQL injection is an attack cybercriminals use to inject malicious code into forms found on websites. Typically, users will enter personal information, like passwords, into these forms.
Searching for Solutions
VTech could have used a web application firewall (WAF) to help prevent the SQL injection attack. A WAF can evaluate traffic based on its origin and behavior to differentiate between good and malicious traffic. It can also block threats, like SQL injection.
These examples highlight how cyberattacks can be unexpected and ambiguous. As cybercriminals get more creative with their attacks, it is critical we understand the risks associated with the technology we use in our everyday lives. Now that you know the risks, take the first step towards protecting yourself by learning about SiteLock’s suite of web security solutions.