WATANI International
10 October 2010
Never before have there been quite so many computers in the average human##s life: PCs, smartphones and tablets, digital cars, digital homes, even digital organs. And practically every one of those computing instruments, in theory at least, is vulnerable to a frequently updated list of hacks and cracks that threaten your data, your privacy and even your personal well-being.
But if the cybersecurity industry has made a convincing case that consumers need to protect their PCs with software and safety rules, are the rest of your gadgets quite so prone to peril?
Analyst firm Forrester Research says that 2010 may be the “Year of The Post-PC Device,” as phones, tablets and e-readers surge past desktops and laptops worldwide in sheer numbers. But where technology goes, the risk of hacker exploitation doesn##t necessarily follow.
Installing antivirus software, for instance, is the most common sense rule for protecting your PC. But it may not be as much of a no-brainer for smartphones, says Forrester security analyst Andrew Jaquith. “With these post-PC devices, manufacturers are taking on the responsibility for security for the entire device,” he says.”Essentially, the only reason you##d need to install a third-party security product on your iPhone is if the vendor messed up.”
That##s not just because attacking iPhones, which have a smaller market share than PCs, isn##t profitable for cybercriminals. It##s also because Apple##s phones–and iPads, too–are built to run certain applications, not whatever malicious apps hackers throw at them.
Apple##s tightly controlled platform aside, smartphones may be just now entering an era where they join PCs as a primary target of cybercriminals. Fraudulent calls to premium numbers, for instance, may offer digital miscreants a business model that never existed on PCs. Several strains of pay-per-text or pay-per-call malware have hit Nokia##s Symbian and Google##s Android platforms in just the last year. (See “Android Malware Laced Into Porn Search Results”)
“The numbers today are small, but the potential is huge,” says Mikko Hypponen, chief research officer for antivirus firm F-Secure. “You don##t have to worry about mobile viruses much today, but that could change overnight.”
That means users of smartphones would be wise to start exercising the same wariness they use with their PCs: Avoid suspicious downloads and websites, keep your software updated and run antivirus. One startup called Lookout offers free antivirus filtering along with features for tracking a lost phone and locking or wiping its data remotely.
But phones aren##t the only common non-PC device that faces a real security threat. Wi-fi routers have repeatedly been attacked by malicious hackers, including those that wrote the so-called “Chuck Norris” virus that spread from router to router earlier this year. Researcher Craig Heffner presented a paper at the Black Hat security conference in Las Vegas that exposed another vulnerability in millions of routers that would allow hackers to hijack a user##s Web surfing.
The threat of an infected router is real. But the fix for both the Chuck Norris and Craig Heffner##s attack is simple enough: Give your router a decent password. Both attacks only applied to the millions of users too lazy to alter the default password used on their password when it was first installed.
The cutting edge of theoretical cybersecurity research extends further, beyond phones, iPads and wireless routers. In fact, it includes gadgets as prone to disaster as your car, and as intimate as the ones beneath your skin.
In 2008 a team of researchers from the Universities of Washington and Massachusetts showed that a pacemaker could be wirelessly hacked to give off strong–potentially fatal–electric shocks. And in May a team of researchers at the Universities of Washington and San Diego showed that the software that controls many cars could be easily compromised to allow a hacker to turn off brakes, shut down an engine or even control a car##s horn, windshield wipers and doors.
Of course, the difference between these experiments and a real-world instance of the attacks is a motive capable of inspiring a team of equally expert hackers to achieve the same feats of tech exploitation. In fact, there##s no known instance of either hack–automobile or auto defibrillator–outside of a research setting.
Forrester##s Jaquith says there##s no reason to believe that those attacks have become a credible security threat in the real world until that motive appears. “These things have a way of eventually manifesting in real attacks, but for now it##s more of a curiosity,” he says. “If they did ever appear, however, they might lend new meaning to the term, ##crash.##”
____________
Forbes