[导读] 物联网、电子设备能够为我们的工作和生活带来极大的便利,但它们也容易受到黑客的攻击,正如研究人员所说,当你遇到一个熊孩子或者一个喜欢搞破坏的人,那你的麻烦就来了。
中国科技网8月3日报道(张微 编译)黑客不止跟踪你的电脑:连接设备,从汽车到家庭安全系统到狙击步枪,都是黑客们想要偷窃或恶作剧的目标。
物联网的快速发展为网络攻击者提供了新的机会,也为网络安全开辟了新的市场。
这是本周日在拉斯维加斯召开的黑帽计算机安全会议以及即将召开的Def Con黑客大会的一个热门话题。
预告片中提前窥见其中的一些内容,包括如何控制一些克莱斯勒菲亚特汽车或将自动瞄准狙击步枪精确地重新瞄准。
“物联网是一大新的领域,”克里斯托弗 克鲁格尔说,他是网络安全公司Lastline的联合创始人也是南加利福尼亚州立大学的计算机科学教授。
在黑客证明他们可以控制菲亚特克莱斯勒汽车的系统之后,7月份该公司宣布安全召回140万辆美国汽车和卡车。
IOActive Labs公司的网络安全专家查理 米勒和克里斯 瓦拉塞克远程控制了克莱斯勒制造的一辆切诺基吉普车,证实了汽车电子系统的脆弱性之后,公司开始召回汽车。
根据Wired杂志的报道,在家用笔记本电脑工作,两个人就能通过在线娱乐系统进入到吉普车的电子系统中,改变车辆的速度和制动能力,而且能够操控收音机和挡风玻璃的雨刷器。
报告公布之后,克莱斯勒为易受攻击车辆发布了一个免费软件补丁,但是没有提到黑客攻击事件的第一手资料。
米勒和瓦拉塞克在黑帽大会上透露了更多的吉普车黑客事件。
“汽车安全的模糊性导致了两极对立的观点:一个是我们都会死,另一个是我们的汽车是绝对安全的。”研究人员在新闻简布会上描述到。
“在这个谈话中,我们通过证实如何远程攻击一个未经改装的工厂车辆来展示汽车黑客的可能性。”
英特尔安全副总裁Raj Samani告诉法新社,有关一个早期演示的事件,黑客控制汽车的加速器,其中一辆汽车撞到墙上。
“网络威胁已经是真正的威胁了,”Samani说。
“Stuxnet病毒本该被警觉。”
容易实现的目标
伊朗在2010年被一些计算机黑客攻击,就包括这种Stuxnet病毒,这个病毒被认为是美国针对德黑兰核计划开发的。
大多数Stuxnet病毒感染在伊朗被发现,这引起了人们的猜测,这个病毒的目的是破坏核设施,打乱伊朗制造核弹的努力。
“在网络世界和现实世界之间架起一座桥梁的想法已经存在了一段时间了,”克鲁格尔说,但也指出了对于网络攻击电网、水厂和其他基础设施的一种长期担忧。
“现在提到的这些概念验证显示,这是真正的威胁。所有设备都在那里,可以获取,而且安全性堪忧。”
Stuxnet类型的病毒攻击被认为是复杂的工作,国家发动的黑客攻击,有着充足资源和时间。根据安全研究人员的说法,物联网连接设备的爆炸很容易成为贪婪恶毒的黑客们的目标。
“找到一种方式进入到Windows 10操作系统很困难,但是有了这些设备想进去就不难了,”克鲁格尔说。
“在某种方式上,这是一个容易实现的目标。”
攻击智能手表,门锁,健身带,功率计,或其他接入物联网的设备都存在很大风险,黑客通过传感器恶意获取监测人们日常生活的数据。
“当你喝一杯茶,烤面包,或你正在看什么电视节目,”他说,家庭智能电表的数据能够透露出你家里正在使用什么类型的设备。
智能但不安全
在物联网中保护电子产品是可能的,但是会增加智能设备的成本,而生产商更倾向于保持低价格。
“即使我们经常看到不安全的漏洞,但很明显这不是大多数制造商优先考虑的问题,”IOActive首席技术官Cesar Cerrudo说。
Samani开玩笑地说,作为出席最近的德国召开的传感器会议的计算机安全人员,他在黑客大会上是“最不受欢迎的人”。
“我们还没有看到飞机从天上掉下来,或者汽车瘫痪在公路上,但是我们知道,这些都是我们要面对的问题,”他说。“现实世界中的黑客就要来了。”
缺乏利益的驱动促使黑客们利用他们的技能去控制飞机,汽车或步枪,这被认为是目前为止还没有大麻烦的主要因素。
“能做这些事情的人现在对此还没有兴趣,”克鲁格尔说。
“但是,当你遇到一个熊孩子或者一个喜欢搞破坏的人,那你的麻烦就来了。”
Smart gadgets from guns to cars ripe for hacking
Hackers are not just after your computer: connected devices from cars to home security systems to sniper rifles are now targets for actors looking to steal or cause mischief.
The rapid growth in the "Internet of Things" has opened up new opportunities for cyber attacks and new markets for cyber defenders.
This is among the hot topics at a Black Hat computer security conference that kicks off in Las Vegas on Sunday and an infamous Def Con hacker gathering that follows.
Early glimpses have been provided of scheduled presentations about how to commandeer control of some Chrysler Fiat vehicles or accurately retarget self-aiming sniper rifles.
"The Internet of Things is definitely one of the big new frontiers," said Christopher Kruegel, co-founder of cyber security firm Lastline and a professor of computer science at a state university in Southern California.
Fiat Chrysler Automobiles issued a safety recall for 1.4 million US cars and trucks in July after hackers demonstrated that they could take control of their systems while they are in operation.
The recall came after cybersecurity experts Charlie Miller and Chris Valasek of the firm IOActive Labs remotely commandeered a Jeep Cherokee, made by Chrysler, to demonstrate the vulnerability of the vehicles' electronic systems.
As reported in Wired magazine and elsewhere, working from laptop computers at home, the two men were able to enter the Jeep's electronics via its online entertainment system, changing its speed and braking capability and manipulating the radio and windshield wipers.
After the report, Chrysler issued a free software patch for vulnerable vehicles even while saying it had no first-hand knowledge of hacking incidents.
Miller and Valasek are to reveal more about their Jeep hack at Black Hat.
"The ambiguous nature of automotive security leads to narratives that are polar opposites: either we're all going to die or our cars are perfectly safe," read a description of a scheduled briefing by the researchers.
"In this talk, we will show the reality of car hacking by demonstrating exactly how a remote attack works against an unaltered, factory vehicle."
Intel security vice president Raj Samani told AFP of an earlier demonstration of using hacks to take control of accelerators of cars, one of which was crashed into a wall.
"Cyber threats have been real threats for a while," Samani told AFP.
"Stuxnet should have been the wake-up."
Low-hanging fruit
Iran was hit in 2010 by several computer attacks including the Stuxnet virus—widely believed to be developed by the US government—targeting Tehran's nuclear program
Most Stuxnet infections were discovered in Iran, giving rise to speculation it was intended to sabotage nuclear facilities there to derail efforts to make a nuclear bomb.
"The idea of bridging the gap between the cyber world and the physical world has been around for a while," Kruegel said, referring to long-standing fears of possible cyber attacks on power grids, water plants, and other infrastructure targets.
"Now, these proof-of-concepts show that it is a real threat. All these devices are out there and reachable, and security is terrible."
Stuxnet-type attacks were seen as the work of sophisticated, state-sponsored actors with ample resources and time. The explosion of connected devices in the booming Internet of Things has created easy targets for independent hackers motivated by greed or malice, according to security researchers.
"It's hard to find a way into Windows 10, but now you have these devices that are not hard to get into," Kruegel said, referring to latest generation Microsoft computer operating system.
"It is low-hanging fruit, in a way."
Hacking smart watches, door locks, fitness bands, power meters, or other devices woven into the Internet of Things also carries the risk of villains tapping into rich troves of data gathered by sensors monitoring many aspects of people's lives.
Samani told of shopping for a kettle recently only to find he could buy one with Wi-Fi connectivity.
Data from a home smart meter could reveal what types of devices are being powered inside as well as "when you have a cup of tea, make toast, or in most cases what TV show you are watching," he said.
Smart but not secure
Protecting gadgets in the Internet of Things is possible, but increases costs of smart gadgets while manufacturers prefer to keep prices low.
"Given the insecurity we see regularly, it's evident that for most makers that it isn't a priority," IOActive chief technology officer Cesar Cerrudo told AFP.
Samani joked that as the only computer security person presenting at a recent sensor conference in Germany, he was the "most unpopular guy" there.
"We haven't seen planes drop out of the sky or cars run off the road, that we know of, but these are the issues we face," he said. "Real world hacks are coming."
Lack of a profit motive for hackers with the right skills to commandeer control of planes, cars, or rifles was considered a prime factor for the lack of trouble so far.
"The guys who can do it don't have an interest now," Kruegel said.
"But, when you get the bored kid or the person who like to create havoc you will have a problem."
我也说两句 |
版权声明: 1.依据《服务条款》,本网页发布的原创作品,版权归发布者(即注册用户)所有;本网页发布的转载作品,由发布者按照互联网精神进行分享,遵守相关法律法规,无商业获利行为,无版权纠纷。 2.本网页是第三方信息存储空间,阿酷公司是网络服务提供者,服务对象为注册用户。该项服务免费,阿酷公司不向注册用户收取任何费用。 名称:阿酷(北京)科技发展有限公司 联系人:李女士,QQ468780427 网络地址:www.arkoo.com 3.本网页参与各方的所有行为,完全遵守《信息网络传播权保护条例》。如有侵权行为,请权利人通知阿酷公司,阿酷公司将根据本条例第二十二条规定删除侵权作品。 |
主办单位:江西省林业科技培训中心 运营:江西林科网
京ICP备05067984号-13
基于E-file技术构建