Tag: hackers

Hackers Remotely Kill a Jeep

This is a very interesting development—one that’s been coming for a long time: Your car is a computer, some cars can be hacked, and now we know they can be hacked in dangerous ways.

The correct public policy response is implicit in this very good Wired article describing the whole thing. “Automakers need to be held accountable for their vehicles’ digital security,” writer Andy Greenberg says, quoting auto hacker Charlie Miller thus: “If consumers don’t realize this is an issue, they should, and they should start complaining to carmakers.”

That’s two very important consumer protection systems in a couple of brief sentences: In one, carmakers suffer lost sales if their cars are hackable or perceived as such. The market feedback system—including the article itself—causes automakers to work to make their cars less hackable.

The Lives of Others 2.0

Tattoo it on your forearm—or better, that of your favorite legislator—for easy reference in the next debate over wiretapping: government surveillance is a security breach—by definition and by design. The latest evidence of this comes from Germany, where there’s growing furor over a hacker group’s allegations that government-designed Trojan Horse spyware is not only insecure, but packed with functions that exceed the limits of German law:

On Saturday, the CCC (the hacker group) announced that it had been given hard drives containing “state spying software,” which had allegedly been used by German investigators to carry out surveillance of Internet communication. The organization had analyzed the software and found it to be full of defects. They also found that it transmitted information via a server located in the United States. As well as its surveillance functions, it could be used to plant files on an individual’s computer. It was also not sufficiently protected, so that third parties with the necessary technical skills could hijack the Trojan horse’s functions for their own ends. The software possibly violated German law, the organization said.

Back in 2004–2005, software designed to facilitate police wiretaps was exploited by unknown parties to intercept the communications of dozens of top political officials in Greece. And just last year, we saw an attack on Google’s e-mail system targeting Chinese dissidents, which some sources have claimed was carried out by compromising a backend interface designed for law enforcement.

Any communications architecture that is designed to facilitate outsider access to communications—for all the most noble reasons—is necessarily more vulnerable to malicious interception as a result. That’s why technologists have looked with justified skepticism on periodic calls from intelligence agencies to redesign data networks for their convenience. At least in this case, the vulnerability is limited to specific target computers on which the malware has been installed. Increasingly, governments want their spyware installed at the switches—making for a more attractive target, and more catastrophic harm in the event of a successful attack.