In the late 1990s, General Motors began installing its OnStar technology in its vehicles. The service is powered by GPS and mobile phone data and allows drivers to communicate directly with assistance personnel, receive turn-by-turn navigation and conduct vehicle diagnostics.
OnStar is one of the first and most well known instances of the Internet of Things to hit the consumer market on a large-scale basis. The solution gives more freedom to drivers, connects vehicles to mobile networks and enables cars to act as a personal driving kiosk. Almost twenty years after its debut, OnStar has roughly 5.7 million users in the U.S. and Canada.
So what’s the catch? Well, just like any other network-connected device, OnStar opens up a portal for hackers and cyber attackers. Last year, researchers Charlie Miller and Chris Valasek conducted a study on the in-vehicle technology, funded by the Pentagon’s Defense Advanced Research Projects Agency (DARPA).
Using a MacBook to hack into a car’s mobile connectivity system, the duo could control a car’s power steering, trip the GPS and falsify the speedometer and odometer readings. Even more worrisome than that, they could lock the vehicle’s brakes, disabling the driver’s ability to halt the car before crashing into another vehicle, person or structure.
DARPA program manager Dr. Randy Garrett shared this haunting case study at GovLoop’s recent “Internet of Things: Connected Government” event to highlight the dangers of having nearly 13 billion devices connected to the Internet.
We may not think of our web cameras, home televisions or wireless routers as threats to cybersecurity, but Garrett warned differently. All of these devices act as miniature computers. The IP addresses can be scanned, hacked and denied access, just like a normal computer. “You can actually run code on them and use them to do whatever you want on them,” he said.
DARPA runs a variety of programs designed to intercept cyber attacks and defend the network from unwanted intruders. Plan X is a military program that looks at wide control of cyber operations and runs the fundamental algorithms for large-scale data analysis.
Crash employs a “clean sheet of paper design,” as Garrett explained it. The program simulates a fresh start, and enables organizations to envision what they would do differently if they could design their systems and networks differently.
A more novel approach is the Cyber Grand Challenge. In this program, teams of hackers compete against each other to develop computer systems that can defend itself automatically with software designed to fight off the world’s most malicious and advanced hackers. Like the opposite of computer chess – which took years to configure itself to beat human players at online chess matches – the Cyber challenge utilizes humans’ adept knowledge to conquer ward off attacks.
There are small steps that can protect the network against breaches, as well. Garrett recommended changing the network username and password on all of your Internet connected devices. “Even though it seems harmless, there are crafty people thinking about devious things,” he said. “Don’t just let it slide. Take simple steps and take your devices off the list.”
The Internet of Things unleashes a world of opportunity, for the private and public sectors alike. That said, it also creates endless portals of access for cyber hackers and attackers to penetrate the network and do monstrous amounts of damage. A comprehensive and agile approach to cyber security is needed if we are going to keep things secure on the Internet of Things.
View Garrett’s presentation below. And to learn more about the Internet of Things and the accompanying security concerns and measures, read GovLoop’s newest guide.