So you’ve installed an anti-virus program on your PC, you’ve picked the best security app for your smartphone, you never click on suspicious links or open dodgy-looking emails, and you’ve made sure all your passwords are strong — you’re safe from hackers, right?
Sadly, common attack points like computers and smartphones are just the tip of the iceberg. Thousands of weak points are waiting for hackers to exploit them. Here’s a look at seven of the most surprising:
1. Child Trackers
Child trackers seem like a great idea. For most people, the sepia-toned dream of letting your children go and play with other kids from the neighborhood in the local orchard are long gone — there are just too many dangers out there. Child trackers can theoretically restore some of that innocence, letting you keep tabs on their location whilst letting them have a fulfilling youth.
Except, somewhat conversely, they might make your kid even more vulnerable.
For example, the hereO watch and smartphone app, which gives entire families a way to track each other’s location, had an API bug which allowed anyone to add themselves to a “trusted group” just by knowing the user ID of a member of the group.
The bug was eventually fixed in December 2015 — six weeks after it came to light.
Guns are pretty scary at the best of times. They’re a whole lot worse when you consider someone could hack them.
We’re not talking about handheld pistols or a farmer’s hunting rifle — instead, we’re talking about highly capable and highly dangerous computer-aided sniper rifles.
One culprit is the TrackingPoint TP750 precision-guided rifle. In mid-2015, two computer security researchers found they could cause it to miss its target, remotely disable its computer, or turn its scope off entirely.
“Using the mobile app, you can say the bullet weighs a lot more than it does, or that it’s a super windy day,” said one of the researchers, Runa Sandvik.
They reported their findings to the manufacturer, who said they would provide customers with a software update “if necessary.”
3. Low Orbit Earth Satellites
We rely on satellites for everything from communications to weather monitoring. As such, it can be disastrous if we lose their capabilities for any reason.
However, it’s worryingly simple to hack a satellite.
At the Chaos Communication Camp (a security conference) in 2015, organizers gave out 4,500 software-defined radios which were sensitive enough to intercept satellite traffic from the Iridium Satellite Constellation — a network of 66 satellites which provide voice and data coverage to satellite phones, pagers, and integrated transceivers.
As one hacker explained, “The problem isn’t that Iridium has poor security. It’s that it has no security. With just the radio and an onboard PCB antenna, you can collect 22 percent of all the packets you can receive with a proper Iridium antenna.
“You just load the software on your PC, you attach the radio and you can start receiving Iridium pager messages.”
Sounds scary. Now consider this: the network’s largest user is the Pentagon.
4. HVAC Systems
Heating, ventilating, and air conditioning (HVAC) systems are an integral part of many large buildings and offices. They ensure there is sufficient air flow, the temperature is comfortable, and air quality remains high.
They seem fairly innocuous, yet according to research by security firm Qualys, more than 55,000 HVAC systems “lack adequate security”. Most companies have no idea their HVAC systems are even network-connected.
It is thought that the infamous 2013 Target hack started after cyber-criminals stole login credentials from a HVAC supplier and used them to gain a foothold on the company’s internal network. The 2014 Winter Olympics in Sochi were also susceptible; Billy Rios, director of intelligence at Qualys, said “The Sochi system doesn’t even require a password, so if you know the IP address, you’re in. We’ve contacted the integrator to warn them of this problem”.
5. Air Traffic Control Systems
With the recent EgyptAir crash in the Mediterranean Sea, plane safety has once again been thrust to the forefront of our collective minds.
Although the number of onboard hijackings are way down from their 1980s heyday, the number of hackers taking over air traffic control transmissions and giving pilots fake instructions is growing rapidly.
According to Britain’s Civil Aviation Authority, there were three such incidents in 1998. In 2015, there were more than 25 incidents over UK skies alone. There are also issues in the United States. In April 2014, a USAir flight approaching Reagan International was instructed to divert his landing by an unknown voice.
All the hackings are conducted with a portable transmitter that can be bought online for under $450 USD.
“This is a criminal act which could ultimately result in a serious accident,” said the president of the U.K.’s Guild of Air Traffic Controllers. In the United States, it is punishable by a five-year jail term.
6. Traffic Lights
Traffic lights are the bane of any driver’s life. But did you know that they can be hacked, making that already-miserable commute considerably worse?
In late-2014, researchers in America managed to gain access to 40 individual sets of lights in the state of Michigan. Worryingly, they used default passwords and unsecured wireless networks to do the majority of the hacking. The only piece of equipment they used was a laptop.
Even more worryingly, the system they hacked is the same one used by 40 of the country’s 50 states.
“The vulnerabilities we discover in the infrastructure are not a fault of any one device or design choice, but rather show a systemic lack of security consciousness,” said the researchers at the time.
7. Power Grids
The last surprising item on our list is power grids. This may sound like the kind of doomsday scenario that you only see in the movies, but in 2015 it became a reality for residents of Ukraine.
The blame appeared to lay squarely at the feet of Russian cyber-criminals, with ongoing geopolitical tensions in the region inspiring their actions.
At least 30 of the country’s 135 power substations went offline for six hours. When that happens in the middle of December in a country whose winter temperatures regularly drop as low as minus 20 degrees Celsius (-4 F) it can quickly become an extremely serious problem.
According to experts, the Ukrainian system was vulnerable because of its age, though that also allowed it to come back online much quicker. North American and Western European systems would be much harder to crack, but by bypassing safety mechanisms, hackers could make blackouts last for weeks.
Are You Worried Yet?
As you can see, the list of surprisingly hackable systems and items is near-endless. There are lots more we could think of, for example, home automation systems, medical implants, drones, and prison cells.
What can you add to our list? Have you been a victim of hacking from an unexpected source? Does the connectivity of the Internet of things worry you?
As always, you can let us know your thoughts and feedback in the comments section below.