Dan Swinhoe (Global) - Hijacking Your Toaster: Hacking Embedded Systems

With millions being spent on security for the enterprise and scare-mongering about mobile malware, are people forgetting about all the other ways you can be hacked? Dan Swinhoe investigates.

Remember when people thought that Macs couldn't get device? Or computer bugs were actually flies stuck in the computer? And remember when hacking and viruses weren't a constant and expensive threat that could almost kill you?

A few weeks ago my flatmate brought home a copy of Cabaret on DVD - someone had a left a box of DVD with a ‘help yourself' sign. Aside from his over-eagerness for musicals, I did think about security. Could someone intentionally infect a DVD with a virus, for some poor sap to infect his laptop or DVD player, with? After a few searches the answer generally pointed to yes, but also showed it's not worth the effort to infect DVD players - there are no details, internet connection or reward. But it got me thinking, what about Smart TVs?

And that's where things get interesting. With so many devices with embedded applications (around 10 billion according to Stuart McClure- former CTO of McAfee), many of which are internet-enabled, you'd think security would be high on the priorities list.

But you'd be wrong. Though some may have very basic encryption, it's nothing even a slightly determined hacker couldn't bypass. Internet guru Vint Cerf recently lamented this newfound connectivity, saying he was "frankly astonished" at the range of devices that now come with an internet connection. While it's true hacking an internet enabled fridge won't end the world (unless you really, really wanted that leftover pizza for breakfast), If a hacker could get control of the nation's aircon units, and cycle between shutting them down and whacking them up to full, you might be able to crash the US power grid.

While Cerf spoke about possibilities, embedded systems have already been hacked- repeatedly. Researchers found several vulnerabilities in Smart TVs, Printers, Cars, Xboxes, and even a pacemaker. Luckily most of these have been by researchers proving a point, but in 2008 a Polish teenager hacked in a tram network and injured twelve people.

It's not just Smart TVs and tram systems that are at risk. Recently an anonymous researcher found millions of insecure objects after scanning the web - printers, webcams and set-top boxes protected only by default passwords. Spending all the money in the world on anti-virus and security software gets you nowhere if hackers can abuse your internet-enabled toaster.

Seemingly for every ‘smart' device that comes out, a hack to show how insecure it is usually follows suite. In the last twelve months Smarthome meters have been hacked to fool power companies, but there's no reason it can't be turned around, and wireless NFC payments can be used to nick your banking details. When there's so much in the press recently basically saying people are struggling enough with securing their smartphones, it reduced the level of trust in every other embedded system to almost zero.

I've personally never understood the need for everything to be internet-connected, Wi-Fi enabled and able to connect to my smartphone. And after researching for this blog, I'm even more sceptical.

By Dan Swinhoe, Editorial Assistant, IDG Connect

Are internet-enabled devices safe? Do you trust them? Comment below.

Related: