Internet of Things is going to affect more and more our everyday life. All kinds of devices have got or are getting network connectivity. It seems that the IoE is inevitable. We must expect a rapidly growing number of devices to be rendered “smart” and thence to become interconnected.
Internet of Everything’ (IoE) – the dawning era of technological interconnectedness represents a whole new attack vector for criminals. The rapidly evolving Internet of Everything will leave us more vulnerable to cyber criminals, according to a worried Europol. EU law enforcement outfit Europol, in its Internet Organised Crime Threat Assessment (iOCTA) report, predicts that the rise of the Internet of Things (IoT) – where internet enabled physical devices such as heart monitoring implants, self-driving cars, home surveillance systems, smart thermostat systems, and fridges – will create new attack vectors for serious crime.
This connectivity includes also many medical devices. Medical device cyber security issues seems to be coming to spotlight. Connecting medical devices have many benefits, but can have dangers if the devices are not secure: Even if the devices are normally connected to network separated from public Internet, someone can accidentally or intentionally connect a hostile PC to it or arrange connection to Internet. Medical devices security is in a big question, because malfunction in medical device can be very dangerous (in worst case can lead to someone dying) and traditionally cyber-security issues have not seem to be high on the medical device development priority list.
US ‘probes hackable flaws’ in medical devices article tells that US officials have revealed they are investigating about two dozen suspected examples of medical equipment vulnerable to hack attacks, potentially putting patients’ lives at risk. The products include heart implants and drug infusion pumps, according to a report by the Reuters news agency. Reuters discovered that the devices under investigation include implantable heart devices made by Medtronic and St. Jude Medical.
Feds are examining medical devices for fatal cybersecurity flaws: Investigators were concerned that flaws in the kit could be used to cause heart attacks and drug overdoses. The inquiry is reportedly being co-ordinated by the US Department of Homeland Security’s Industrial Control Systems Cyber Emergency Response Team (ICS-Cert). It is said to also cover medical imaging equipment and hospital networking systems. The Department of Homeland Security’s (DHS) Industrial Control Systems-Cyber Emergency Response Team (ICS-CERT) works directly with the Food and Drug Administration (FDA) and medical devices manufacturers, health care professionals, and facilities to investigate and address cyber vulnerabilities.
Without naming companies, the Industrial Control Systems-Cyber Emergency Response Team announced last year that a vast array of heart defibrillators, drug infusion pumps, and other medical devices contain backdoors that make them vulnerable to potentially life-threatening hacks. The advisory said some 300 medical devices were affected from 40 vendors. Situation has seen so bad that FDA issues new rules on medical device cybersecurity: The rules are technically nonbinding, but experts say companies could face consequences for ignoring them if devices are later hacked or infected with malware.
Hackers don’t appear to have exploited such cyber vulnerabilities in medical devices so far. The EU’s chief criminal intelligence agency warms that the threat of “online murder” is set to rise, with cyber criminals increasingly targeting victims with internet technology.
The idea of cyber muder was widely popularized by the US spy TV drama Homeland, in which terrorists hacked into the pacemaker (computer security researchers managed to hack to pacemaker in 2008). The former US vice-president Dick Cheney revealed last year that the wireless function had been disabled on his implanted defibrillator because of security concerns. US security firm IID that predicted the first murder via “hacked internet-connected device” by the end of 2014, and based on that the Europol threat assessment warned of the first murder via “hacked internet-connected device” by the end of 2014.
IoT murder does not have to come though medical devices. The European Police Office (Europol) said governments are ill-equipped to counter the menace of “injury and possible deaths” spurred by hacking attacks on critical safety equipment. Different There are very many Internet conected device controlling critical infrastructure. agents such as terrorists, state-sponsored hackers or hacktivists could be interested in attack control systems within a critical infrastructure, the possible impact could be considerable under different perspectives (governments, homeland security, society). Public health, energy production, telecommunication are all sectors exposed to serious risks. Article titled “Shodan Search Engine Project Enumerates Internet-Facing Critical Infrastructure Devices” tells on the possibility to use the public available info to identify Critical Infrastructure devices.
Electrical power distribution is very important to the modern society – messing with it can lead to direct or indirect deaths. U.S. power grid is quite defenseless from physical and cyber attacks. Infracritical remotely identified over 2.2 million unique IP addresses linked to industrial control systems at energy-related sites including electrical substations, wind farms, and water purification plants. Electric, natural gas and major water companies and regional distribution systems in Connecticut have been penetrated by hackers and other cyber attackers. Water distirbution has already been damaged with cyber attack.
Other potential dangers are in transportation: many new cars are Internet connected and potentially vulnerable, SCADA Systems in Railways Vulnerable to Attack and Airline bosses ignore cyber security concerns at their peril. In all of those fields there are lots of areas to address when it comes to cyber security. For example the airline industry relies on computer systems extensively in their ground and flight operations. Some systems are directly relevant to the safety of aircraft in flight, others are operationally important, and many directly impact the service, reputation and financial health of the industry. In car attacker can take advantage of a vulnerability in a vehicle’s infotainment system or exploit the telematics system and wirelessly compromise the vehicle, including safety critical systems like the ABS and Engine Electronic Control Units (ECUs).
While I have not yet read about a confirmed IoT murder, death by internet” was already a reality from online extortion and blackmail that has led to suicide.