The Different Ways Cyber Attacks Can Target Electrical Devices - NETSEC


Learning, Sharing, Creating

Cybersecurity Memo

Sunday, November 29, 2020

The Different Ways Cyber Attacks Can Target Electrical Devices

Over the years, there’s been a lot of attention around data breaches and other digital cyber attacks. And rightly so, as IBM notes how a data breach can cost individual companies an average of $3.86 million in damages.

But while the digital online route has been the most common path for hackers in recent years, let’s not forget that hardware has its inherent vulnerabilities, too. As the digital paths are already well defended by security software such as MalwareBytes, Windows Defender, Avast, and Symantec, there’s a real risk that the next wave of million-dollar hacks could directly target hardware instead.

For instance, the very printed circuit boards (PCBs) under the hood of electrical devices are good potential targets for hackers. Through techniques like X-Ray tomography and signal processing, hackers can reverse-engineer the design information from most modern PCBs, which comprise everything from CPUs to the circuitry of smart light bulbs. Even simply inspecting a PCB optically can reveal design information that can be used to create and release fake PCBs or ones that are compromised for easier hacking.

This is why the rapid development of modern PCB design software is a double-edged sword. Capable of easily extracting existing schematics, this type of design software makes both the engineering and the reverse-engineering of PCBs easier. And while they’re also designed to be more secure, there still needs to be more active development towards protecting users from potentially compromised essential hardware. This need is even more apparent when you consider the fact that everything from next-gen gaming consoles and smart refrigerators to global servers and industrial machines rely on PCBs.

One promising measure is the new Pluton security chip that Microsoft developed with help from AMD, Qualcomm, and Intel. Three of the biggest CPU producers in the world have begun producing PCBs integrated with Pluton, which in theory will make extracting data harder for hackers – even those with physical access to the CPU.

“The Microsoft Pluton design will create a much tighter integration between the hardware and the Windows operating system at the CPU that will reduce the available attack surface,” explains Microsoft’s director of enterprise and operating system security David Weston. While the security chip is likely far from being a perfect solution, it’s certainly a promising development in terms of whatever new PCBs these tech giants will produce in the future. But what about the rest of the increasingly digitized electrical world?

The modern smart home comes with built-in access to essential electronics by way of the Internet of Things (IoT)-enabled network that harness smart appliances. And the increased conveniences of smart appliances comes with increased risks, particularly because many smart products and appliances don’t come with the same PCB-integrated state-of-the-art security hardware found in the latest CPUs.

Indeed, experts in the past have warned about upcoming IoT (MadIoT) attacks, which would see hackers compromise power grids and other networks without having to break through well-developed security networks. For instance, a hacker just needs to exert control over a certain number of smart appliances in order to prompt power usage spikes and cause an automated power outage over a certain area. Through our own smart devices, hackers can bypass the government’s power grid controls. It’s basically the electric version of the digital direct denial of service (DDOS) attack, which is used for overwhelming online servers and shutting down websites.

This is just the tip of the iceberg, and there are a myriad of other ways for cyber hackers to directly target electrical devices and potentially compromise both hardware and software. Keep your security software updated, arm your computer with the latest hardware-integrated safety nets, and make sure to research the built-in security measures of any smart appliance you bring into your home.

No comments:

Post a Comment