Schneier on Security
A blog covering security and security technology.
« Security Trade-Offs in Crayfish |
| Friday Squid Blogging: Vampire Squid »
June 25, 2010
Hacker Scare Story
"10 Everyday Items Hackers Are Targeting Right Now"
5. Your Blender. Yes, Your Blender
That's right: your blender is under attack! Most mixers are self-contained and not hackable, but Siciliano says many home automation systems tap into appliances such as blenders and coffee machines. These home networks are then open to attack in surprising ways: A hacker might turn on the blender from outside your home to distract you as he sneaks in a back window, he warns.
Yeah, and Richard Clarke thinks hackers can set your printer on fire.
Posted on June 25, 2010 at 1:47 PM
• 78 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
11. Your television. If those pesky neighborhood kids have the same TV as you do, they can stand outside your window with their remote control and turn YOUR tv on and off and change the channels.
Perhaps Richard Clarke has seen the Linux "lp0 on fire" error message (http://en.wikipedia.org/wiki/Lp0_on_fire) and doesn't understand that it's a joke/anachronism.
Would it not be easier to throw a stone at your door or window? That would distract you too...
12. Your refrigerator.
By tapping into the wireless connections on some new refrigerators, 1337 hax0rz can spoil all your food. Then, while you are at the grocery store, they can sneak in the back window and steal your blender.
From the article: "Cellular networks protect signals by switching base stations routinely."
I think we're done here.
@tehbar: No, why would they want to steal your blender? Obviously, they want to hack your refrigerator to make your food spoil to get you to go to the grocery store so they can break in and *root* your blender.
from a fox news site, thus I am shocked.
I hear #8, #6, and #5 are actually on the security landscape, although the details presented in that link are fairly off, from what I've been told.
What!? Hackers are gonna come through the wiring and attack my kitchen appliances?
Sounds like a movie or two from the mid-'90s...
11. Your brain, yes your B-R-A-I-N!
Networks like Fox News try to hack your brain by repeating false messages so it stalls and stops working.
Once brainless, you will be unable to ignore the Fox Propaganda Network and start believing everything they come up with.
So, does this mean I should stop storing Barbie dolls in my blender? I wouldn't want to risk Barbie getting supernatural powers from a hacker. That could be dangerous.
Well, someone made a BSD toaster, so I can see trying to make a windows blender. Hacked together to hack up your food as easily as hackers hack into it.
I've been paranoid ever since learning that my AT&T U-Verse set-top boxes are running a version of Windows.
I really do have to reboot them at least once a month which is totally sad.
More FUD from Fox. They learned well from Bush.
"You only have two choices, and they're easy to compare/ Everything is dangerous, or everything's just there."
Seems the author chose the first, at least for book sales.
Didn't Cracked.com already do this top 10?
Well... If I could burn a new firmware into a laser printer I could, conceivably, print a solid black region, put it under the fuser and let it heat until the printer catches fire.
It would be quite an accomplishment, but I have seen weird things in my career.
I remember the time you could blow an IBM monochrome monitor by messing up the timing of the 6845 CRTC in the MDA board.
oh... and if I could burn a new firmware in the printer, I could set aside some storage and make the printer transmit everything that's printed to a server of my choice. Or to keep it stored until someone can pick it up.
It's already been done with a copier ;-)
Remarkable number of movie plot threats there. The blender attack had me rolling... do the people who actually talk about these threats ever consider the sophistication of the attack versus the target? The only plausible scenario that I can think of where this would be useful is a situation like that in Eastwood's Absolute Power where he used a remote trip of the security alarm to escape, thus proving the point even further.
I have a neighbor who thinks "hackers" are sitting out there specifically targetting her computer. She installs every piece of snotware she encounters on the internet because it's "FREE!" and "EASY!", gets 500 "toolbars" to "help" her have a better "surfing experience", and then calls me up when the thing runs like a Yugo with bad plugs. Thanks, FUD News! When she hears about this, she'll be wanting me to come over every time her toaster burns an English muffin.
"12. Your refrigerator"
I think my refrigerator came with a built in virus. One time it went from nice cool 35 degrees F to a VERY WARM 105 degrees F. I had to disconnect it for 24 hours in order to reset the computer board.
Keith raises an interesting point...don't many, if not all, of these "cyber threats" have non-technological ways to get similar outcomes with less effort? The implication of articles like this is that we should be especially worried about these threats because they involve technology, but it's not clear to me why that would be the case. It seems more like a case of "technology is scary" than anything else.
Also, every time I try to bake potatoes in my microwave it "hangs" and has to be hard-reset
"10 Everyday Items Hackers Are Targeting Right Now". For sufficiently unusual values of 'everyday' and 'right now'...
Anyone contact Winn, to find out how badly he feels he was misquoted?
"11. Your television. If those pesky neighborhood kids have the same TV as you do, they can stand outside your window with their remote control and turn YOUR tv on and off and change the channels."
The best 15 bucks I ever spent was the purchase of a TV-B-Gone. http://www.tvbgone.com Tons of fun in sports bars and airports. (Uh oh -- does the latter make me a terrorist?!)
Because, you know, nobody EVER keeps a blender by the back window.
13. You're grammer, punctuation and, speling. Virusus highjack you're email and substitute common mistakes in you're messages, making you look like an idiot.
14. Your children. Terrorist/Liberal government officials teach your kids that gay people are people and evolution is science; your kids then become totally gay marine biologists.
15. The hairs on your arms. Terrorists plot to control the world's oil supply, making home heating more expensive and forcing people to lower their thermostats. Result: more frequent goosebumps. Also something about the economy or whatever.
16. Your Nintendo Wii. Chinese intelligence agencies, in obvious league with Japan, publish wildly popular "Whack-a-CIA-mole" game. FBI recruiting is forever corrupted as future agents are unable to distinguish between counter-intelligence agents and small furry mammals.
17. Your carpeting. Islamic radicals pray to Allah, who retroactively creates the universe with static electricity.
Hey I was just as amused by the article as everyone else!
Did you read the Wikipedia article you linked?
The "lp0 on fire" error message was never a joke, and is only semi-anachronistic. Printers which can dangerously overheat under this fault condition certainly still exist and are in regular use, though they are no longer common.
Fox News might be histrionic in tone, but the gist of this article is perfectly sound.
It is that all sorts of devices have no security features because abuse used to require physical access. Many are now being networked with too little thought to providing adequate security, and none whatsoever to designing security in from the ground up.
For example, a little while ago I was considered buying an X10 home automation system. I was put off partly by the price (automating a few gadgets didn't cost much, but automating all of our lighting, which is what I wanted to do, worked out to over $2000), but also by the lousy security. Anyone with access to any power outlet on our block (not just one at my own home) could plug in a gadget that he can buy for about $40, send the "all off" command (no hacking required, it's described in the manual) and turn off all my lights. What's more, without stripping out this very expensive system, there is *nothing* you can do to prevent it. This is not some master criminal überhacker, this is just the lowest level, obvious misapplication of the tools the manufacturers provide. Maybe this would be useful to a criminal, maybe not, but it sure as heck would amuse those pesky neighbourhood kids, and it literally is something a child could do.
So, Brandon gives a specific example of blenders, which sounds absurd. What's with that? The point here is that home automation systems mostly have no security whatsoever, and yet can be controlled from outside the house. Turning on a blender might sound a bit silly, but at least it invites you to think about the implications of giving control of your appliances to random strangers. If you can't really think of any way for this to go horribly, horribly wrong, you may not be "security minded". Here's one example that occurs to me instantly: if I was intent on insurance fraud, you can bet I'd be on the other side of the continent when that coffee maker boiled dry.
Now, a thoughtful security analyst doesn't automatically go "coffee maker arson, oh my!!". He or she evaluates the risks, costs and benefits (as carefully as possible with the usually very limited information.) But equally, he or she doesn't go "remote controlled blender, snort, guffaw." That's not clever and sophisticated; it's naïve.
Roger, your example is exactly what I was talking about when I said people treat technology threats as some sort of special case. The scenario you paint seems no less of a threat than, say, the neighborhood kids throwing eggs at your house (hey, it's literally something a child could do), yet you seem to be especially concerned about the X10 problem for some reason. The thing that stops your neighbors from abusing your X10 system is EXACTLY the same thing that stops them from deciding to paint your house pink in the middle of the night...and it has nothing at all to do with technology.
That's not to say that technology shouldn't have built-in security where possible, but the way we've turned it into some catastrophic problem is just ridiculous. From terrorist hackers to buglers hacking your wireless network, these "threats" are hard to imagine as plausible concerns.
"David Perry, a virus expert at Trend Micro, notes that most cars have multiple computers on board and a network of devices that use Wi-Fi, GPS, and Bluetooth. Perry claims "white hat hackers" -- the good guys who hack into systems to prove they have security problems -- have shown that cars are at risk."
I am not that David Perry ... AS FAR AS YOU KNOW!
I think it would be quite an accomplishment to be able to turn on 760,000 blenders or TV sets across the US all at the same time and then turn them off again a minute later. All you would need to do is to warn FOX well ahead of time and then follow up with a threat that you are going to turn off 2000 power stations.
I'm less worried about hacking the blender than I am about triggering a buffer overflow in the coffee maker.
That would be messy.
"Perry said hackers already infect the human brain, using a process called social engineering."
Wouldn't the most prevalent brain-hack be 'advertising', using standard methods for bypassing rational shopping decisions, like 'reciprocation' and 'social validation'.
It's a weak scenario. How about this: Hackers hack into your son's remote-controlled car, use it to move your blender to your bed, and BLEND YOUR HANDS WHILE YOU ARE ASLEEP! IT COULD HAPPEN!
18. Your brain. By filling up your head with nonsense, attackers will keep you confused, allowing them to do whatever they want to you.
"Car hacking is so new, the auto industry has not addressed the problem fully. You can request that your dealer disable some of these computer systems and wireless networks."
Yes. Please, ask your dealer to disable important safety features because you suspect that a hacker might cause your car to crash by hacking in via your bluetooth cell phone connection instead of, say, putting something in the road in front of you.
"Perry said criminals who tap into your GPS could send you to a shady location, such as an empty warehouse, and then rob you."
So, again, please get rid of your GPS units instead of exercising a modicum of common sense and realizing that sometimes even maps that come from The Googles are out of date.
"In one deceptively simple attack, you get a free cellphone in the mail with printed materials that make it look like you can test it for a week and send back. As you test, the phone records video and audio. When you send it back, the hacker uses the personal info against you."
And you would fall for this because, as a professional product reviewer, you get these kinds of unsolicited and unexpected "try me" phones in your mail every day. In another deceptively simple attack scenario, a "free" newspaper is left on a coffee shop table, enticing you to take it with you, but inside Section C there is a small microphone and a transmitter, spying on you and sending your location and valuable conversations to Hackers.
"You bolt the door, install videocams, and add a security alarm -- and still the criminals can break in! The reason: a lock bumping technique where a master key -- designed for popular locks -- unlocks the front door. That video signal, if transmitted over an unsecured Wi-Fi signal, is easy to compromise. And, according to security expert Winn Schwartau from The Security Awareness Company, a zap from a powerful (but expensive) electro-mechanical interference device can disable some alarm systems."
Which, of course, is a less secure protection system than the simple (bumpable) physical locks you would otherwise use. Security is binary. You are either secure or you are not. Hackers are going to break into your home and steal your credit card numbers while you sleep since your home is not locked up tighter than Fort Knox. In fact, they probably already have; you just didn't notice because you were trying to figure out why the blender kept turning on.
"These home networks are then open to attack in surprising ways: A hacker might turn on the blender from outside your home to distract you as he sneaks in a back window, he warns."
Also, a hacker might cycle power on and off in various areas of your house by standing outside and flipping random circuit breaker switches. A hacker might put an emergency message on every channel of your TV by splicing in to the cable at the conveniently labeled "TV" access area in your front yard. A hacker might set off your car alarm to distract you while sneaking in the back door.
"That over-the-air signal is probably not as protected as computer connections, which often use industrial-grade encryption, such as AES."
Yes, we all know that "computer connections", by which we must mean ethernet cables, by default use AES encryption instead of sending everything in clear packets. And there's no way at all to add any level of encryption on wireless networks, so we won't even mention that.
"Any hardware gadget that has local storage, which includes video cameras, digital cameras, and even those cheap and wildly popular Flip cams, can be infected with a virus. Once you connect the cam to your computer, that virus can corrupt the device or provide remote access to spies."
Ah, yes. Given that the place that camera would become infected (if not from the factory) would be from your own computer, a Hacker would obviously choose to install a program to hack into the firmware of your Flip camera which in turn is used to hack into your home computer so it can root through your vacation photos before you upload them to Flickr and instead send them off to Hackr.
"Perry said the danger is that criminals will figure out how to steal power, use it in their own homes or businesses, and make it look like you're the consumer. Or hackers could turn off your power, or cruelly jack up the meter to increase your bill."
Hackers could also cruelly turn on your hoses to jack up your water bill and plug massive power-draining devices into the outlets outside your house. They might even recharge their rechargable batteries while you are away on vacation, leaving you to come home to an astronomical bill and no electricity left in the entire neighborhood.
"For now, most of us are safe; the smart grid is more of an idea than a reality, although there are several test deployments across the country."
Whew! At last, there's something we can do! Stop those hippie liberal environmentalists and their plans to make us less safe just so they can reduce overall energy consumption and make it more obvious to all of us when our energy is being used and allow us to see when we are on vacation that someone has plugged battery chargers into all our outside outlets and is draining the entire West Coast power grid through our home wires!
""I've given demonstrations of high power electro-mechanical interference. We had to make sure that folks with pacemakers were at least 100 meters away," Schwartau said. "
I've given demonstrations of microwave emitters. We had to make sure that folks with biological tissue were at least 100 meters away. I've given demonstrations of HF acid. We had to make sure folks with nervous systems kept well clear of any potential splash zones.
Doesn't anyone remember from "Enemy of the State" that NSA operatives have a proclivity for blenders. I think they are the more serious concern here.
I wish the database I'm on was on that list. I am praying that the patron saint of hackers targets the list I'm on!
> when I said people treat technology threats as some sort of special case.
Not technology -- networking. In security matters, networking *IS* a special case, as Bruce has repeatedly pointed out.
> The scenario you paint seems no less of a threat than, say, the neighborhood kids throwing eggs at your house (hey, it's literally something a child could do), yet you seem to be especially concerned about the X10 problem for some reason.
Sorry, I think you're quite wrong. The situations are not analogous for several standard reasons that apply to most networked attacks:
1. Remoteness: kids throwing eggs at the house stand a very high chance of getting caught and punished. This risk rises rapidly if the attack is repeated. In contrast, someone abusing my X10 connection is almost impossible to find. Even if the attack is repeated many times, there is almost nothing I can do about it.
2. Penetration: the whole social security philosophy of houses understands that there is only so much you can do to prevent external attacks, but the house itself provides a barrier to protect your inner sanctum. If you are really concerned, or live in a particularly bad area, you go further with high fences, dogs and so forth, all of which force the attacker to stand-off even further. In the networked attack, however, an attack launched from a great distance penetrates directly to your most private spaces. And because X10 has been designed with absolutely no security in mind, there is *nothing* you can do about it. If you thought the risk of tampering was low, but it later turns out that someone does start tampering with it, there is no analogy to the fence and dog that you can add; there is no X10 firewall.
3. Scalability: what has made network attacks on the internet so severe is that you can often scale up an attack from a targeted attack to a global one at very little cost. In this respect, X10 isn't anything like as bad as TCP/IP, but the attack still scales much more cheaply than egg throwing.
> The thing that stops your neighbors from abusing your X10 system is EXACTLY the same thing that stops them from deciding to paint your house pink in the middle of the night...and it has nothing at all to do with technology.
I disagree utterly. My neighbours don't do that sort of thing because we are friendly and get on well with each other. But on the other side of this town there were some folks who sneaked over to their neighbours in the middle of the night and set fire to their house, while they were asleep in bed.
The reason X10 attacks aren't common is not that there aren't a***s around who would do that sort of thing. X10 _attacks_ are rare because currently, X10 _systems_ are rare. (And they are rare because for whatever reason, they are massively overpriced for the modest convenience they provide; that is an extremely brittle security model.)
1. In principle, you could install a filter at your power meter, that filters out all incoming X10 signals without disturbing the power supply. Then the attacker would have to find an exposed socket at my house instead of one anywhere in the neighbourhood, which takes out the networking effect. However no such filter is commercially available, it would be non-trivial to design (both because of the high current loads, and because X10 operates at the same frequency as the power supply itself), and in my local jurisdiction it would currently be illegal to install such a device.
"Perry said hackers already infect the human brain, using a process called social engineering."
"Wouldn't the most prevalent brain-hack be 'advertising', using standard methods for bypassing rational shopping decisions, like 'reciprocation' and 'social validation'."
Actually I think politics has advertising beat for hacking the human brain.
May or may not work for you.
After that, it's back to the kids putting your hose in the basement window and turning on the water.
Someone else claimed security was binary (you were or you weren't). Growing up in the Bronx, I learned security was relative. If yours was the easier house to break in to, you got robbed. If your house was tougher than your neighbor's, they got robbed.
(of course, grudges, relative value, etc eventually factor in)
I can think of lots of "smart grid" hacks BUT stealing electricity and charging it to your neighbors would be fairly low on my list of likely system hacks. It is too hard to implement and too easy to detect.
A much better idea would be to simply "time shift" your reported power usage. Since most smart meter systems are installed to facilitate peak period usage cost premiums, you use at peak but report at discount usage time. The systems that I've seen have no easy way to detect this mode of theft. Especially not at a residential powergrid level.
"In principle, you could install a filter at your power meter, that filters out all incoming X10 signals without disturbing the power supply"
Have you looked at an off line UPS (AC-DC-AC) or the equivalent powerfactor correctors.
As far as I'm aware they are alowed in all jurisdictions beyond the demarc, (and in the case of powerfactor corrrection mandatory if you have large motors etc in your "home workshop").
I don't know how your "house" is wired up but usually the power is brought in through the meter and then to the "consumer unit" or fuse panel/box (or whatever they call it where you live).
Thus your house lighting circuits come back individualy to the fuse box (either as a pair from a ring or singly from a spur). All you would need to do is disconnect the circuit from the fuse box and insert your UPS and connect the lighting ring to it's output (there are a few other niceties you should do such as a 20mA RCD on the output) but that is essential all that is required).
Now you have your lighting running on a backup system so it's effectivly immune from brown outs and short term black outs, and thus fully independent of the vageries of the external grid. Pluss if you know what you are doing you can modify the UPS's DC circuitry very slightly so the batteries can also be charged from Photovoltaic cells on your roof etc (a nice little energy saving "green" addition).
For those of a DIY mind set the info is all up on the Internet and some of it has appeared in the O'Rielly magazine.
@ Doug C,
I suspect you will have done similar at some point or another for your "remote" setup. As will many people living in the "less reliable grid" areas where either Sunlight or Wind are plentiful.
I once built a low power "sterling engine" generator as a battery charger. Being a simple "heat engine" it would run off of most fuels.
You can make simmilar devices these days with the Peltier devices from those "portable fridges" and get a good 70W of power with as little as a 20C temprature difference, which means you can use the hot water from other solar heating etc units.
There used to be a company called "Sun Power" of Ohio that made sterling generators for third world countries etc I used them a long time ago when putting in Radio Stations in remote places (where the locals used to steal any overhead power cables etc). You would be very surprised at just how much power you can get with a large night cooled "cold water sump" and day time solar hot water supply.
I must admit with these cheap CPU water cooling kits I'm tempted to make another Peltier generator as a "fun project".
I heard someone had his electric toothbrush hacked so that it swirled counter-clockwise instead of, yes, you guessed it...clockwise.
His dentist noticed from the rare counter-clockwise swirls on the plaque. The NSA took the toothbrush apart and also found that its battery worked even though it hadn't been plugged into a wall socket for months (earth months). The hacker somehow modified the battery so it could charge through the magnetic field of the user's body, especially the field vortex within the orifice known as the "mouth," which the OED states derives from an old English acronym: "Magnetic Orifice Undulating THusly."
I want my own show on Fox. See the above paragraph for a hint of my oeuvre. I'd like the 7pm-7:30pm slot if it isn't too much trouble.
Although most of the things described (and many more besides) are possible you need to sanity check it.
The first question is "Why would you?"
There are two basic answers,
1.1, Because you can.
1.2, Because there is profit in it.
Because of the "Ego Food" asspect of 1.1 it is safe to assume that at some point it will be (like the defacing of harmless charity web sites etc).
The "profit" option gives rise to the obvious realisation of it's opposit "loss".
Thus the second and perhaps more important question "What is the loss potential?"
Potentialy it's unlimited for any individual risk but in most cases any particular risk its actually not going to make it out of the noise floor of a risk analysis (but that class of risk may well do so).
Which gives rise to the the idea of mitigating specific high value risks directly and also some medium value risks. Likewise with some "Classes of Risk". Traditionaly the rest you externalise by such things as insurance.
Now there is a specific problem with externalising risk onto a third party and that is the "assumptions of a physical universe" which gives rise to the notion of risk probability being spread against time.
Unfortunatly as we are seeing with the likes of botnets the information universe does not have the constraints of physical forces except where it interacts with the physical universe in things like storage and communications.
So information attacks are not subject to force multiplier or locality constraints just the cost of communications and storage which are effectivly zero for the attacker with the Internet etc.
Thus you need to find away of mitigating the risk arising from "zero cost". If you do this correctly then the likes of "ego food" attacks goes down not just to the cost but due to the tracability the cost gives.
Also the cost metric and it's attendent traceability means that the profit motivation equation tipping point moves significantly in the defenders favour.
The question thus arrises how do you raise the cost metric and get best advantage of the tracability metric that arises.
It is actually better to view it as two orthagonal domains with four limits,
(0,0) no cost, no tracability.
(0,1) no cost, full tracability.
(1,0) full cost, no tracability.
(1,1) full cost, full tracability.
Any proposed solution can then be viewed on this two dimensional matrix.
For instance AES encryption has a small direct cost to the defender but a very high cost to the attacker, but the attackers cost has low tracability.
Each mitigation can thus be assessed and a suitable choice made.
For instance even if you have full tracability does it actually stop an attack?
The simple answer is it depends on the jurisdictions the attacker and defender are in, and less obviously the time element involved.
Therefour you need to have a third dimension to your matrix and that is one of response time.
Thus it may be that your mitigation involves trivial cost increases and minimal or zero tracability but very very fast response times.
However an attacker on viewing such a system might go for a "delayed payload" attack.
What is clear however is that we cannot afford to deploy systems with a 25year or more life expectancy (which is the only way these proposed "smart grid" devices will pay back) unless we build in the appropriate mittigation directly...
And more importantly they need to be built in before the design process starts...
I remember once when my Nutramatic Drinks Dispenser tapped into Eddie, the shipboard computer, to figure out why I like tea.
It turns out I'm an ignorant monkey who doesn't know any better.
Networked devices being controlled from a remote location are a real potential threat. Most people do not properly implement security ... period. Morons poking fun at (even trivial) examples only goes to show how vulnerable they are. The Cloud is watching, lurking, waiting.
It's maybe a stretch today, but if the smart grid takes off, you'll have an IP control channel connection coupled to electricity delivery, all the way down to the device (washer/dryer, dishwasher), for the purposes of enabling the optimization of power delivery. With all those network-connected devices, I don't see it as unrealistic to believe that these devices have the potential to be turned into a botnet, or worse, to be used as an attack vector against the electric grid itself.
After seeing Major General Vautrinot's (Cyber Command) talk last week in Washington, this isn't quite as crazy as it sounds. Coupled with some of the Gartner Security and Risk Management Summit speakers' notes on the new ways malware is becoming more targeted and capable of circumventing advanced authentication mechanisms, I wouldn't be so quick to dismiss the potential threat.
I can vouch for the accuracy of this. Just last week, I used an exploit to remote-dial into my neighbour's blender and installed evil Linux-based piracyware on it. He still hasn't figured it out.
I used that blender to spy on him and managed to acquire the PIN for his refrigerator so now I regularly leech off some of his milk.
I 0wn your kitchen appliances!
Well, the part with the blender and the sneaking-in-a-back-window might be complicated - but once the Hacker is inside the house, setting the printer on fire seems quite easy to me.
Watch out for meteors. There's no stopping those, either.
Oh come on now: you did much more than that. You ruined every drink he blended. Turned his refrigerator off long enough to spoil the food, leaving him bed ridden for days in one case. You turned lights and appliances off in a meaningful way while playing strange noises through his MediaCenter PC when he wasn't in the room. If he had only avoided X10, he wouldn't be in the mental hospital diagnosed with severe schizophrenia.
You... sick... bastard...
Ooops, late to this thread.
I can't believe I just read 60 comments and not a single one mentioned that this would be a clear case of a "blended threat"
Hacking home appliances is not as far fetched as it may seem.
In essence "smart grid" cannot function without remote controllable appliances. It is also not simply ON OFF control that is needed. The electricity system needs parametric control especially for things like refrigeration and air conditioning systems. There is also tremendous value in Dimming lighting systems as well as TV and Monitor displays.
The real vexing question is which part of the system controls everything and exactly HOW.
Today there is a push in some circles for autonomous control, each appliance has its own IP address and is independently controlled and part of the WWW. This IMHO is a disaster waiting to happen.
Others suggest that a local "residential gateway" will master the Home electricity system. Most believe this is a function of the smart meter, others want it as a homePC function and still others want TV's or separate discrete dedicated home electricity control and monitor systems. Put succinctly Today it's a huge **** fight.
Interestingly while the US companies patent all possible approaches, I personally feel that China is showing the greatest leadership in this emerging area. I'm not sure if this is this troubling or reassuring, especially when you consider intentional power systems hacking!
i am relieved the author of the scary article didn't know of the zyliss onion chopper, called "zwiebelhacker" in german, which is the true mother of all hackers.
My first thought was of Blender 3d, not the one in my kitchen...
"In essence "smart grid" cannot function without remote controllable appliances. It is also no simply ON OFF control that is needed. The electricity system needs parametric control especially for things like refrigeration and air conditioning systems"
I take the security threat of the likes of the "smart grid" very seriously.
However untill recently I have not taken the threat to "home applances" very seriously (over and above the failings of the likes of X10 etc) which can be mitigated).
But my viewpoint on them is chahging.
Well untill recently the firmware in most appliances was "masked programed" and there was very little executable RAM (or none in the case of strict Harvard architecture microcontrolers). So although it was possible to "smash the stack" it did not realy gain you much (primarily the greatest risk was a "factory reset" that cleared out the master passwords etc).
However the manufactures of microcontrolers have moved on and Flash ROM updatable via a communications port has become the norm. As has large amounts of RAM which can be executed.
Thus malware attacks on home appliances is rapidly becoming viable.
However the old crime triad of "means motive and opportunity" still apply.
If we ignore for the moment "motive" the attacker has to have the "means" to exploit any "opportunity". It is reasonable to say that due to the number of "zeroday" attacks there have been that the chances are that one or more attackers will have the "means" to attack if an "opportunity" presents it's self.
Thus the first protective/mitigation strategy would be to vastly reduce the "opportunity" surface to the minimum.
Effectivly there is a short list of ways an attacker can get in but all revolve around gaining a connection either directly or indirectly (note that air gaps can and have been breached due to the use of removable media).
Thus from a security design point of view it is best to assume each appliance is connected to an untrusted and thus hostile network at all times. This is especialy true of those appliances that use "mains signaling".
Unfortunatly a number of manufactures of equipent neadlessly force inbound "command and control" onto the end user (the prime example being TV and Satellite boxes) often as part of the user agrement. Thus the user has little legal choice other than to not take the service.
Of recent times we have actually seen utility companies actually trying similar tricks whereby a user is required to have a "land line" phone by which "the meter reading" is made. However even if it does an E.T. (phone home) at the users expense it is still a major security risk.
Often these devices use identical protocols to those "street meter" posts that use VHF or UHF radio signals so that a technician has "drive by" control. As is known in some areas of the industry the scurity of these systems is mainly by "obscurity" which is not good.
Sadly we are now seeing clueless politicians jumping on the "green bandwagon" puting forward the idea of legislation to make the control of "certain" home appliances a legal requirment and this is to be part of the "smart grid".
Ask yourself the question as to if they are going to consider "end user security" in the legislation?
The Politicos have made it abundantly clear that they want to "control your PC" and have full access to it at any time they chose "for the sake of the children" or "to stop terrorism".
Ask yourself how many "wanabe patsies" have been "entraped" as terrorists just to "keep the number up". Then ask yourself if you realy want people with that sort of mindset "owning your home"...
We already know that one effect of the "smart grid" will be decreased resiliance to predictable events. We also know that most of the utility providers reach for lawyers faster than gun slingers at the OK corral. Likewise we know the modus operandi of the legal proffession is to pick on the people least able to defend themselves then "strip them of their rights" before "ripping their guts out like sharks in a feeding frenzy".
So what better defence of "shareholder value" than that used by the banks and major software companies "blaim the customer" and "hide the security faults"...
Unfortunatly I can see a time where individual people will be blaimed for "not updating the firmware in their air con and thus being responsable for the point of origin of a cascade failure that takes out all of Southern California".
Target: Create instability in the Power grid
Motive: Terrorist, Economic just for fun..
Basically you create a Botnet that can decide to turn-on lots of devices at the same time and thereby create GAmp transient loads.
Anyone who has ever had a house with multiple independent Air-conditioning units knows better than to turn them all on at the same time. "Instant main fuse blower" this is the same thing but at a city wide level.
Or how about this:
Power Generator wants a power retailer to go above their limit so that they will have to pay extra for the "emergency extra power. The generator guy conveniently creates this additional spike at the peak of some natural cycle.
Warfare: Unfriendly country systematically disrupts power in enemy country to create production problems at critical "war effort" factory.
My personal favorite motive: Porn on appliances.
Imagine your refrigerator control panel displays some crude porn that infected the appliance from the internet, I can offer the effected person an anti-virus package which removes the offending image....for a little while...
Actually I've heard that there is a scam going on in China at the moment where a porn image is loaded as your phone background and you can't remove it by any means, except of course paying $10 for the Cell phone anti-virus package.
"Ask yourself the question as to if they are going to consider "end user security" in the legislation?"
This brings to mind a mantra I heard a lot at a recent conference: when you start regulating security, then people will mistake being compliant with being secure.
I haven't yet read enough about "smart grid" proposals to speak with any level of authority or confidence, but from the blog posts here it looks like it is going to be done really backwards.
Is it like some central authority would switch on/off or just configure power preferences of individual devices (maybe grouped into classes/geographical locations)? I agree with Clive and others that it could only go wrong. Universal access credentials (aka backdoor) to everything WILL get abused. Forget viruses and porn, when (not if) someone figures the "authentication" method he's going to melt the grid with a click of a button.
What about an idea just out of the top of my head - variable power prices (much more variable than it is customary today):
1. Make short term predictions of power demand (that should be wholly possible today).
2. Calculate future power prices based on the predictions and publish them on the Internet.
3. "Smart" devices monitor and download the price lists and make locally optimized decisions to lower their owner's bill (e.g. waiting for a local price minimum if the task to perform may be delayed, like dishwashing). The owner may configure their parameters (e.g. wash the dishes at low demand time, but I need them before 7 am tomorrow, so don't wait for this week's lowest price timeframe) or even disable the feature if he is willing to pay for it (wash NOW, this is what I pay for!).
4. Old devices just work as before. The owner pays the bill.
5. In near-emergency situations prices could be set much higher (but not to exceed some upper limit and for limited period), so the devices could react in near real time by temporarily going into powersave mode until the price drops again if it is OK for them, but can stay in normal mode for reasons of efficiency, safety, user preference or whatever other reason locally determined.
Just some thoughts...
Folks, the blender threat is serious. Colleagues at campuses around the world have maintained carefully monitored blender 'honey-pots' for the last five years in anticipation of this home-security hole. Unauthorized access has increased to alarming levels; many of our colleagues have arrived at their labs to find disasters - empty margarita glasses, sticky tables from improper blender containment, Jimmy Buffet playlists on the lab computers, and other outrageous violations of lab use. That could be your home! Please, keep your blenders locked and securely behind firewalls, and their firmware updated!
Holy crap, hackers are targeting the human brain RIGHT NOW! Thank you Fox News, I'll go turn on my brain's firewall (tin foil hat) immediately.
> 11. Your television. If those pesky neighborhood kids have the same TV as you do, they can stand outside your window with their remote control and turn YOUR tv on and off and change the channels.
This is more true than you think for those of us who have TV remote control watches...
I've had sooooo much fun with semi-public TVs. I wouldn't bother, but they're always tuned to the worst stations. And nobody seems to know what's going on, so long as you join them in looking around the room in a confused manner.
@ Peter A,
"5. In near-emergency situations prices could be set much higher (but not to exceed some upper limit and for limited period), so the devices could react in near real time by temporarily going into powersave mode until the price drops again if it is OK for them, but can stay in normal mode for reasons of efficiency, safety, user preference or whatever other reason locally determined."
Not sure if other folks have noticed but there is a "stability" issue with this and it will almost certanly exhibit oscillatory behaviour due to the different response time lengths (price setting and reaction to price by appliances).
If you imagine that demand has gone up due to some event after a delay the utility company starts to increase the price. Depending on the consumers their smart devices will after another delay adjust their ON/OFF/USAGE status. Demand drops and after a utility company decided delay the price drops. So after another consumer decided delay the devices will turn themselves on again.
What you would expect to see is oscillitory behaviour around a price point which in feedback control systems is known as "hunting".
Now there are a couple of issues,
The first being the "startup surge" you identified would put in a significant over current on the network and as you have identified you get a fuse blowing/tripping.
As I identified further up the page this can give rise to a cascade failure and it will be "good night southern California".
The second problem is more subtal and it is due to "phase delay" caused by the Utility company price change delay and the consumer appliance delay.
In a "servo loop" or "feedback delay" system it is known that if you have sufficient "response time" delays then it is possible for the "hunting oscillation frequency" to get sufficiently out of phase such that the negative feedback becomes positive feedback. Which means that the oscillation can fairly quickly build up to the point where it enters catastrophic self resonance and dies (anybody remember "the narrows" suspension bridge footage). Or worse the servo loop can "chase it's tail" which builds up not to ocillation but a rapidly rising current demand which would quickly reach the "end stopps" and again cause fuses to trip giving the same effect as a cascade failure.
Engineers usually "tune" systems by controling the bandwidth and time delay of both the feedback loop and that of any "gain stages" in the loop. As a general rule of thumb the bandwidth of the overal control loop is kept well below that of any gain stage within the loop. And the total delays of gain stages kept very much less than the feedback loops "natural frequency".
Now when you look at the feed back loop for the "smart grid" you have a real issue as there is not one feed back loop but as many as there are appliances out their. Irespective of how much control you have over the appliances you still need a very low bandwidth around the utility price setting to avoid loop instability.
Due to "economy" appliances (washing machines in particular) their inherant time delays are measured in hours not minutes or seconds. The result is that utility suppliers loop bandwidth would need to be five to ten times less than this or measured in 10 to 20 hours time steps...
When you then take into account how long it takes to "bring on line" extra capacity to adverse demand (think rapid onset adverse weather in places like Montreal in Canada), or respond to "solar flare" activity then you will realise,
1, The only utility grid of any use that will not damage it's self is one using prediction not feedback.
2, There are major events that the a grid cannot predict.
That is a "smart grid" is not going to work any better than the current predictive grid, unless it has very fine control on each and every appliance.
Such fine control requires a lot of computing grunt which is only feasable to do in the appliance.
The appliance is beyond the "reliable" control of the grid operator, thus the smart grid is a "hostage of fortune" to those who can "zero day" even just one or two appliance instances such as just one leading brand of washing machine or air con...
Thus you can see that the smart grid offers no improvment to National Security in any way, in fact the exact opposite. Further it can be seen that it would be less environmentaly efficient than the current predictive grids.
Oh and as I said earlier some of the appliance equipment would have a life expectancy up in the 25year range.
Ask yourself a simple question,
Has any IT based technical security system without any change since first deployment lasted 25years, or even a reasonable fraction of that time?
The answer if you are honest is no, not even DES lasted that long, and think of all the cracks appearing in AES systems due to not considering "side channels" in the design requirment (even though they where known to be a significant attack vector even in the academic community let alone the "proffessional community" such as the NSA/GCHQ et al).
So take a leaf out of "Nancies" book,
"Just say no to" Smart Grids.
There is a lot written about smart grid and the inherent benefits BUT IMHO the only real beneficiary will be the Retail Electricity providers. Smart grids will give them the tools to convince Gov'ts that Residential electricity should be sold on some sort of competitive biding basis, maybe with a fixed individual load + some variable priced "excess load". Inherently this concept rewards scarcity, (or even just the appearance of scarcity) so at a Retail distribution level they are financially rewarded for creating a shortage of supply (some might say Instability). I don't think you need an Engineering degree to predict ways that this will all end in disaster.
As Clive points out an adversary also does not need to control that many brands of appliances before he can wreak havoc upon the best intended and planned electricity systems. Especially if they trim the generation / system "headroom".
In the end I'm always a pragmatist, so I can foresee a very lucrative career consulting in Smart Grid appliance security, and that'll be just fine with me....
Ah! Now I understand why my blender doesn't work any longer - It's been hacked! And here I thought it was just broken...
Hack my brain? I don't think so. I update my firewall with Miller Light downloads at least once a week. Maybe I'll switch to hard Apple cider, I hear it's impervious to malware...
A scare article on Fox is not even worthy of refutation.
You shouldn't be making light of this. I just saw a documentary made in the early eighties which detailed real-world examples of these kinds of threats, from phones to lawn mowers to blenders.
I think it was called Maximum Overdrive.
Schneier.com is a personal website. Opinions expressed are not necessarily those of BT.