Hackers and malware have shut down nuclear centrifuges in Iran and severely damaged a German steel mill. Could the same approach cause physical damage to your computer?
It’s almost impossible, whatever you might read in The Weekly World News.
Let’s be clear: your computer can’t become a bomb – there’s nothing in it that could explode. The worst case scenario is a small fire, but even that is so unlikely it’s not worth worrying about.
Let’s go over why.
Hacking Can Cause Real-World Destruction
A lot of people missed it in the midst of the Sony/Seth Rogan/North Korea hackstravaganza, but December saw a piece of shocking security news: hackers causing significant damage to a German steel mill. Someone found a way to control the plant’s equipment, preventing people on site from shutting down a blast furnace. There was “massive damage”, according to the German government.
And then there’s Stuxnet.
This intricate virus is widely believed to be the creation of US and/or Isreali intelligence agencies. This piece of malware spread throughout the Middle East on flash drives, before hitting its intended target: Iranian nuclear centrifuges. The virus spun these so fast that they broke. Reportedly, one out of five centrifuges in Iran was destroyed by Stuxnet.
Stories like this show it’s possible for cyberattacks to have real-world consequences, if the computers in question are connected to vulnerable infrastructure.
But what about home computers themselves? Could they be physically damaged?
How Could Software Cause Physical Damage?
It’s easy to understand how, say, a sledge hammer could cause physical damage to your computer. But a piece of software?
It’s possible, in theory, but it would mean bypassing a number of levels of security. Here are a few things that could work (though note that none have ever happened on a modern computer).
- Over-Exerting the CPU could spike temperatures, which can eventually damage the CPU. Of course, fans in your computer help cool the CPU down, and most CPUs are designed to shut off when they reach a dangerously high temperatures (thermal shutdown). Any such attack would need to be pretty sophisticated, to say the least.
- Over-Exerting the GPU could also work in theory, with the same caveats as the GPU.
- Flashing the BIOS and/or firmware could effectively brick your computer’s motherboard, making your computer impossible to turn on (but otherwise leaving it undamaged).
There are other possibilities, most even more remote than these. If all of this sounds scary, don’t panic: none of this has ever actually happened.
Could This Happen to You?
To repeat: so far as we know, no malware or cyberattack in the wild has aimed to physically damage home or office computer systems. This is not something you need to spend a lot of time worrying about.
Having said that: is such an attack possible, even in theory?
CrowdStrike, a security vendor, says yes. At this year’s RSA Conference that company demonstrated a way to disable cooling fans while spiking the CPU of a Mac running OS X. (Windows fans, I’m sure you’ll have fun with this in the comments, but note that this is theoretically possible on PCs as well.)
“We can actually set the machine on fire,” said Dmitri Alperovitch, CrowdStrike CTO.
Again, don’t panic. This is an effective demonstration that’s likely to get a lot of attention, but it’s also pretty unlikely to happen to home computer users. The exploit requires completely replacing the Mac’s firmware, which controls every aspect of the hardware. This meant offering a fake Mac firmware update and convincing the user to install it (though I’ve had trouble finding details either way).
But even if someone figured out how to pull all of this off, it’s hard to work out a motivation for doing so.
Why Would Anyone Bother?
The people who create malware, and hack computers, generally aren’t doing it just to spread chaos. At this point in history, most of them are hoping to take advantage of your information for profit.
Maybe they want to turn your computer into a zombie, as part of a botnet for their own purposes. Maybe they want to steal your identity, by digging through your files and finding personal information. Maybe they’re hoping to steal BitCoins.
Whatever it is an attacker is hoping to accomplish, they can’t do it if your computer is broken. This, combined with how difficult any attack causing physical damage would be to pull off, means we’re unlikely to see anything like this in the wild any time soon.
Threat to The Internet of Things?
Stuxnet didn’t destroy computers – it exploited computers that were attached to centrifuges, and destroyed them. In the same way, it’s really unlikely for any virus to attempt to destroy your computer, but hackers might someday go after the objects connected to it. This is why The Internet of Things could turn out to be a security nightmare. For example: we’ve already seen attackers create malware for toy quadcopters.
Targets like these are probably more likely than your computer, at least in my opinion. But I want to know what you think: are you worried about security problems resulting in physical damage? Let’s talk about it in the comments below.
Image Credits: burning laptop Via Shutterstock