This is an exciting time to be on the bleeding edge of security. With the paradigm shift from the Internet of information, to the Internet of things (IoT) coming about, object security is going to be a whole new ball game.
Just today I got wind of a story where someone had managed to hack into a baby monitor connected to a home network. As the story goes, an Ohio couple was awakened, in the middle of the night, to the sound of a man screaming, “Wake up baby!’”
The mother was connected to the baby monitor via her smart phone, which streams the camera feed from the monitor on the baby’s crib – apparently, via an unsecured or weakly secured wireless link. Someone had hijacked the wireless baby monitor in their daughter’s room and was watching their little girl sleep – scary stuff!
Wake up everybody…this is just the tip of the iceberg as the IoT takes shape and everything and everyone becomes a virtual object on that platform.
I recently penned an article about spread spectrum…something I know well, since I was the editor of such publications as RF Design, Wireless Design and Development, Satellite Communications, and other telecom publications over the last 20 or so years. If you’re involved in this area, I’d really like to hear from you.
Another edge-of-the-seat story (well, for us geeks, anyway) involves how the world will go about securing the IoT. And then there was heartbleed. Old news now, but it is a classic example of how something free and open (UNIX code) may not be the best default OS for running one of the world’s most ubiquitous and important information infrastructures. This is a tough one. How is the world going to secure an open source code…any ideas?
One thing I came up with while digging around security issues is something called Focused Ion Beam (F.I.Bing) probing. It sounds cool but it is an extremely sophisticated hacking method. This is fascinating, and for those of you who may not be familiar with it, fibing is the term used to describe a physical method that extracts information from secure areas of chip structures. Wow…when I came across this, it floored me to think of the extreme measures to which hackers will go to steal security keys and other critical data.
While fibing is interesting, it isn’t nearly as eloquent as the next method. We’ll talk more about this in the upcoming article.
But the one that is most interesting to me is what is called simple power analysis/differential power analysis (SPA/DPA). DPA is the more powerful of the two. It’s a tool that allows cryptanalysts to extract secret keys and compromise the security of semiconductors and tamper-resistant devices by analyzing their power consumption. Simple Power Analysis (SPA) is a simpler form of the attack that does not require statistical analysis but takes a lot longer.
I hope that whets your appetite. If have any horror stories about this, let’s chat.
On a final note, not all threats come from the outside. A while back, there actually was a documented case of a back door integrated into the Actel/Microsemi ProASIC3 chips – on the silicon itself!
This is scary stuff too. Using this back door, the hacker can easily disable all the security on the chip, regardless of any security layers, firmware, or software, on the chip. This hole allowed full access to the chip’s access keys, the ability to modify low-level silicon features, access the unencrypted configuration bit stream and even permanently damage the device. Basically, this hole laid the chip wide open, all the way to the bone. Nothing in it is safe. The fix? Redesign. Look for an article on this subject soon.
For now, that about wraps it up. Lots of fodder for discussions…join me, I look forward to waxing technological philosophy – geek style.