Tuesday, 27 May 2014

In depth: Watching the Watch Dogs: the ethical hackers protecting our smart cities

In depth: Watching the Watch Dogs: the ethical hackers protecting our smart cities

Traffic stoppers and cash printers


Until Ubisoft's Watch Dogs came along, we hadn't been this excited about a game involving hacking since Deus Ex had us honing our security terminal-cracking skills back in 2000.


Playing as protagonist Aiden Pearce, your main weapon is a smartphone that can be used to hack into (and control) surveillance cameras, traffic lights and other electronic devices connected to Chicago's central network in a bid to thwart enemies and evade the police.


While Watch Dogs' content director Thomas Geffroy claims that everything in the game is based on reality, some of Aiden's abilities are more far-fetched than others (speeding up hacked trains, for example, is still perhaps wishful thinking for many commuters). Others, however, are certainly being exploited today, and we're not going to argue with the game's creative director Jonathon Morin when he says that technology is a "wake up call".


The question is: who are you gonna call when society slips into an inevitable dystopian hackerfest ruled by offbeat vigilantes dressed in more layers than a GAP mannequin? We've picked out five security researchers who would be among the first on our list. If there's a real-life Watch Dogs exploit out there, the chances are that one of these guys has patched it.


1. Cesar Cerrudo


Occupation: Professional hacker and CTO of IOACtive Labs


Watch Dogs skill: Hacking traffic light control systems


Cesar Cerrudo


Image credit: Martin Lescano / YouTube


In Watch Dogs, Aiden can use his smartphone to hack traffic lights to turn them all green at the same time. As you might expect, this causes road rage levels to go through the roof as vehicles come together in a head-on scrum, allowing him to escape from pursuers.


Cesar Cerrudo, an Argentinan security researcher, claims that such a feat is relatively simple (worryingly so for those in control of traffic lights). In a blog post, he writes that all you need to hack into the traffic control systems of some of the world's biggest cities is $100 (to buy a cheap drone), a bit of hacking know-how and a few hours to kill.


After attaching a Sensys Networks Wireless transmitter (a type of embedded roadside sensor that sends traffic data to a data centre) to the drone, he was able to intercept and manipulate traffic light signals from a certain distance.


He could then trick the lights to cause a pile-up or even re-route traffic. Cerrudo says he was inspired by the Bruce Willis movie Live Free or Die Hard (which features a terrorist who controls traffic lights, no less), but don't worry: he reported his findings at a security conference after directly contacting Sensys about the vulnerability.


2. Barnaby Jack


Occupation: Hacker, programmer and security expert


Watch Dogs skill: Hacking ATMs


Barnaby Jack


Barnaby Jack was a computer expert and "white hat" (non-malicious) hacker famous for achieving what most people dream of one day: making ATMs gush cash like Niagara Falls (a process that became known as "jackpotting").


Before his untimely death in 2013 (an autopsy recorded a verdict of accidental drug overdose), Jack appeared at the Black Hat Security Conference in July 2010 where he hacked an ATM live on stage using a master key downloaded off the internet, the machine's IP number and a telephone, draining it of its cash reserves in the process.


The elite hacker from New Zealand spent years analysing ATM flaws, honing his skills to carry out attacks either at the terminals themselves or remotely. He began working with vendors to help them patch security holes and prevent malicious attacks, in addition to exposing flaws in peacemakers and other medical devices.


In Watch Dogs, ATMs show Microsoft's infamous 'blue screen of death' to indicate that Aiden has successfully withdrawn money from other people's bank accounts. We reckon they're probably still running Windows XP.


Vehicle hackers and city spies


3. Zoz Brooks


Occupation: Robotics interface designer and rapid prototyping specialist. Co-founder of Cannytrophic Design in Boston and CTO of BlueSky in San Francisco


Watch Dogs skill: Hacking vehicles


Zoz Brooks


Image credit: DEFCONConference / YouTube


The idea of hacking cars and other vehicles has gained considerable ground in recent years as the number of lines of software code they run on has spiraled into the hundreds of millions.


However, unlike in Watch Dogs where regular cars and trains can be easily hacked and controlled to help Aiden make his escape, a more immediate real-life threat stems from another concept to have gained traction in recent years: autonomous vehicles.


Google has voiced its support for self-driving car technology and wants to get fully-autonomous cars on the road by 2018. In the UK, plans to roll out two seater 'pods' that ferry people around the city centre are planned to be operational in Milton Keynes by 2015.


According to Australian robotics interface designer Zoz, we could be driving around in circles in our attempts to make autonomous vehicles secure - for a number of reasons. Most revolve around the unpredictable nature of the sensors that help such vehicles navigate - from GPS that can be can be jammed, causing vehicles to veer off course - to compasses that can be rendered inaccurate using strong electromagnetic currents.


4. Craig Hefner


Occupation: Security specialist, professional hacker


Watch Dogs skill: Hacking surveillance cameras


Craig Hefner


Image credit: Security Weekly / YouTube


Along with hacking and privacy, surveillance is one of the main themes in Watch Dogs. By tapping into the city's network, you can spy on certain areas of the city, and personal data can be dug up on its citizens allowing you to decide how to approach different missions.


It's no huge surprise to find out that this is already going on in the real world. Earlier this year, ex-National Security Agency employee Craig Hefner uncovered a security vulnerability found in cameras made by D-Link, TrendNet, Cisco and other manufactures that allows attackers to hack into and control them.


By changing a user string (a line in the camera's settings URL code used to access its settings), Hefner was able to gain access without a password.


Like something out of a Hollywood-style plot, the "zero day" vulnerabilities applied to cameras found in banks, businesses, hotels and casinos. Hefner revealed his findings at the Black Hat Security Conference in Las Vegas, inspiring several Oceans Eleven-style heists in the process (probably).


5. Ralph Langer


Occupation: Security expert


Watch Dogs skill: Hacking public infrastructure


Ralph Langer


Stuxnet was a deadly cyber attack that has been described by some as the "blockbuster of malware".


Launched in 2011, it targeted Windows machines running a certain type of Siemens software found in Iranian nuclear power centres. Because the attack exploited four separate zero-day vulnerabilities (ones with no known fix), it was able to cause centrifuges used to enrich uranium to spin rapidly to the point of destruction.


In Watch Dogs, Aiden doesn't quite possess such devastating abilities to disrupt nuclear operations, but he can rupture steam pipes connected to the city's network by overloading them with pressure, causing them to squirt hot water at his enemies. Ouch.


Concerns around hacking public infrastructure are growing every day, and it's down to security researchers such as Ralph Langer to make sure the world's biggest water systems and other public infrastructure are safe from hackers.


Langer has written the most in-depth analysis of Stuxnet that's available today, delving into the attack in incredible detail. If we ever needed a go-to guy to stop Aiden Pearce hacking our water pipes, Langer would be it.

















http://ift.tt/1oEUfnb

No comments:

Post a Comment