Skip the navigation

Six rising threats from cybercriminals

By John Brandon
May 19, 2011 06:00 AM ET

If you do become a victim of cyberstalking or cyberbullying, Baty advises you to report it immediately to local law-enforcement authorities; if it happens at work, report it to your HR department as well. Don't delete harmful posts or other electronic communications, she says, but instead retain all documentation of incidents, mainly as evidence but also because the headers for e-mail and forum postings can be used to track down the offender.

That said, the best defense is to protect your personal information as carefully as you can. For instance, never reveal online such details as where you live, and don't announce your movements, such as that you are on vacation or home sick and have left your workplace computer open to attack -- which rules out public "check-in" social networks such as Foursquare.

5. Hackers controlling your car

The age of the connected car is dawning. Vehicles like the Ford Edge now provide 3G network access, a Wi-Fi router in the car, and the ability to tap into your home Wi-Fi network (only while parked). In the next few years, more automakers will provide wireless access for Web browsing and streaming high-def movies. And by 2013, a new FCC-mandated wireless signal called DSRC (dedicated short-range communications) will run at 5.9GHz and provide a vehicle-to-vehicle communication network.

For anyone who follows network computing or computing in general, adding these new features to a moving vehicle should raise a red flag as yet another way criminal hackers can cause problems. Since these systems often tap into the car diagnostics and safety features, a hacker could potentially interfere with such systems and, for example, cause a car's engine to surge at just the wrong time, says Stephan Tarnutzer, chief operating officer at automotive control console manufacturer DGE.

While no real-world exploits are known to have happened, security researchers from the University of California, San Diego, and the University of Washington have hacked into the computers of several late-model cars and remotely disabled the brakes, altered the speedometer reading, turned off the engine, locked passengers into the car and more.

The research team's initial tests relied on plugging a laptop into the car's diagnostic system, but later tests identified other entry points for an attack, including the cars' Bluetooth and cellular connections. More wireless communications in future cars will create even more attack vectors.

The good news, Tarnutzer says, is that most of the forthcoming wireless technology for cars is for short-range communications -- say, from one lane to another or just as you pass through an intersection. That makes it difficult for hackers because they need to be in close proximity to the car.

Nevertheless, wireless connections in cars will undoubtedly make a tempting target for hackers. The answer, says Tarnutzer, is for the auto industry to use strong, hardware-based encryption technology.

For example, the OnStar communications and security service offers a theft-recovery feature that makes use of wireless signals. If your car is stolen, you can report the theft to the police, who then contact OnStar, which can transmit a signal over a 3G network to stop the accelerator from working in the stolen car. OnStar's transmissions are encrypted to thwart unauthorized attempts to tap into signals and interfere with vehicle operations.

DGE car diagnostic module
Modules like this one that connect to car diagnostics systems are protected by strong encryption technologies. In the future, carmakers and the DOT will need to certify devices that connect to a wireless network.

Car companies are, of course, aware of the potential for hackers to disrupt in-car wireless services. Representatives from Ford and GM, for instance, said they are developing strong encryption standards for vehicle-to-vehicle and vehicle-to-back-end-infrastructure communications.

The technology for the connected car is for the most part still in a testing phase, says Tarnutzer. The DSRC network in particular will undergo thorough testing by both the car companies and the U.S. Department of Transportation to make sure it is hacker-resistant and uses strong encryption, he adds. "This is why it takes two to three years for an OEM to qualify a new vehicle, compared to six months for a new smartphone," he says.



Our Commenting Policies