Europol warning on the risks related to the Internet of Everything (IoE)

Pierluigi Paganini October 06, 2014

The European Police Office (Europol) confirmed that difficulties to face the menaces of cybercrimes to the Internet of Everything (IoE).

The EU’s chief criminal intelligence agency made a disconcerting revelation, the threat of “online murder” is set to rise. It isn’t a science movie trailer, but the finding that cyber criminals increasingly targeting victims with internet technology that could cause injury and possible deathsby hacking critical safety equipment.

According to the European Police Office (Europol) the rapid diffusion of the paradigm of the ‘Internet of Everything’ (IoE) is stressing the dependency of human activities from a large number of devices always connected to the Internet and with significant computational capability.

“The IoE represents a whole new attack vector that we believe criminals will already be looking for ways to exploit,” according to the Europol threat assessment“The IoE is inevitable. We must expect a rapidly growing number of devices to be rendered ‘smart’ and thence to become interconnected. Unfortunately, we feel that it is equally inevitable that many of these devices will leave vulnerabilities via which access to networks can be gained by criminals.”

Our homes, our cars, the workplaces are places crowded of intelligent devices that improve our perception of the reality, the Internet of Everything collects for us an impressive volume of information and that are used in many technological components that surround us. Soon a dozen of billion of devices will interact with us with increasing frequency enlarging our surface of attack.

Citing a December 2013 report by US security firm IID, the Europol threat assessment warned of the first murder via “hacked internet-connected device” by the end of 2014.”

IoE are invading our lives, let’s think, for example, to the family of wearable devices or medical equipment like pacemakers, hacking them it is possible to cause serious damages to the victim.

The popular hacker Barnaby Jack, before his untimely death, succeeded to hack an insulin pump, altering the administration of the quantity of insulin that the device delivers. Barnaby Jack explained that today the majority of medical devices uses a radio transmission to let the medical staff to maintain it. The attack exploited a vulnerability in the insulin pump’s radio control and its vibrating alert safety feature, similar incidents could have lethal consequences for patients. The “hacks” worked with different models of insulin pumps produced by Medtronic firm.

A cyber attacks could kill a man, unfortunately it is a reality and for this reason we must start to approach security in a different way, no matter if we hare designing a pacemaker of a remote control for our oven.

IoE

One of the most debated cases of an alleged “cyber murder”, is the car incident occurred to the Rolling Stone and Buzzfeed journalist Michael Hastings, the man died in a high-speed car crash on June 18th, 2013 and the rumors of a possible cyber attack on his car were fueled by the declaration of the Former US National Coordinator for Security, Infrastructure Protection, and Counter-terrorism Richard Clarke, which revealed that the crash was “consistent with a car cyber-attack.”

“There is reason to believe that intelligence agencies for major powers – including the United States – know how to remotely seize control of a car. So if there were a cyber-attack on [Hastings’] car – and I’m not saying there was, I think whoever did it would probably get away with it.” said Richard Clarke.

A few hours before the car crash, Michael Hastings  sent an email to the other journalists warning of an ongoing FBI investigation of  his activity.

The Food and Drug Administration (FDA) is within the agencies more careful with security of Internet-connected devices, it is stressing vendors to ensure security by design for medical devices like pacemakers and insulin pumps, “which could be hacked to send out lethal jolts of electricity, or insulin pumps, which can be reprogrammed to administer overdoses,”.

As discussed in the last 2015 Europol-INTERPOL cybercrime conference, which was attended by 230 specialists from law enforcement, the private sector and academia “to review current trends and new modus operandi used by organized crime networks.”, IoE is a paradigm that most of all could be exploited by a cybercrime syndicate in the next future.

The experts highlighted the fight to the cybercrime needs the improvement of information sharing and a joint effort on a global scale of principal law enforcement agencies.

Pierluigi Paganini

(Security Affairs – IoE, hacking, Internet of Everything)



you might also like

leave a comment