TrainACE - IT and Cybersecurity Training Blog

Hacked Cars and Hotel Rooms: Time to Rethink Security for a Technological Age

[fa icon="calendar"] Aug 6, 2013 4:02:44 AM / by Ryan Corey

Criminals have been breaking into websites and electronic databases for many years. Although this can result in huge monetary losses, it rarely injures anyone or causes physical damage. However, hackers are gaining more destructive power as manufacturers add network interfaces and microprocessors to mechanical devices. This is a security threat that we cannot afford to ignore.

One example is the hacking of hotel card locks. During 2012, a programmer created an inexpensive device that could open the doors of 4 million hotel rooms that have Onity card locks. Forbes reports that burglars used it to steal items from numerous hotel rooms in 2012 and 2013. The technique became especially popular among thieves in Arizona, where nine different motel chains were targeted.

Onity locks have a design flaw that makes it easy for hackers to circumvent the security system without supplying a room-specific access code. Criminals were able to find information about the hacking device on the Internet and purchase the components needed to build it. This put hotel guests throughout the world at risk of burglary, kidnapping, assault and other crimes.

Another new security threat involves motor vehicles. Most cars contain sophisticated devices called electronic control units. Manufacturers have connected them to major automotive systems in recent years. For example, some vehicles have ECUs that automate parallel parking. Automakers continue to install more communications equipment in cars as well.

In July 2013, two men demonstrated that they could hack into Ford Escape and Toyota Prius vehicles. National Public Radio reported that they were able to control the steering wheel, brakes, accelerator and horn. Fortunately, this type of hacking remains very difficult to perform. It can be accomplished by using cellular communications or connecting a computer to the vehicle.

Card locks and ECUs aren't the only "smart" devices at risk. Many other items use network connections that create opportunities for hackers, such as security cameras, appliances, electric meters, garage door openers and medical devices. Some experts predict that the number of network-connected objects will reach 50 billion within seven years, according to Harvard Business Publishing.

Most of these machines provide relatively little security. As the Kaspersky blog points out, they lack the sophisticated anti-virus software that people install on desktop computers. Manufacturers need to start designing such equipment with security in mind. They ought to conduct extensive testing and ensure that compromised devices don't give hackers access to other systems.

People should research the security of network-connected machines before purchasing them. It is seldom wise to sacrifice safety for convenience. Old-fashioned metal keys may secure homes more effectively than costly locks or garage door openers that accept commands from smartphone apps. Be sure to take secondary security measures, such as locking cabinets and adding password protection to computers.

Individuals and large organizations both need to make security a higher priority. One simple tip could prevent many instances of hacking: If a device comes with a default password, remember to change it as soon as possible. Nonetheless, there is relatively little that the average person can do to make these new machines more secure. The "cutting edge" may be just as dangerous as it sounds.
_______________________

Go here for advanced cyber security training information or download the free certified ethical hacker study guide.

Topics: advanced ethical hacking, advanced penetration testing, advanced persistent threat, advanced security, certified ethical hacker, Cisco, cyber war, cybersecurity, hacking, penetration testing, security training

Ryan Corey

Written by Ryan Corey

Need IT Certifications?
Want more info?

Call (301) 220-2802


or

TrainACE Catalog

Lists by Topic

see all