Embedded Attacks Beyond ATMs & POS Devices

When it comes to embedded devices, ATMs and POS terminals are logical targets for hackers. Increasingly though, we are seeing that essentially any type of machine or device that can connect in internet is susceptible to potential security breaches. What other types of embedded devices being attacked? Here are a few of “non-traditional” examples.

Medical Equipment

Ventilators, external defibrillators, MRI and X-ray machines all have operating systems, run software and now connect to the internet. Attacks on medical devices can put someone’s life in danger.

In June, the Wall Street Journal reported that the Department of Veterans Affairs records that malware has infected at least 327 devices at VA hospitals since 2009. Around the same time, the Food and Drug Administration and the Department of Homeland Security issued warnings to hospitals and medical device manufacturers about cyber-threats highlighting a weakness affecting approximately 300 medical devices.

ICS and SCADA

Not even on the radar of potential targets a few years ago, industrial control systems (ICS) and supervisory control and data acquisition (SCADA) devices have been increasingly popular for hackers.

A very public example occurred earlier this year when a patch to Google’s building management system in Australian resulted in unauthorized access to the building’s control panels. In 2011, a water pump at Curran-Gardner Township Public Water District in Illinois burnt out as a result of an apparent hacker attack. Furthermore, in its Q2 2013 report, ICS-CERT – which works to reduce risks within and across all critical infrastructure sectors – noted that it had responded to 198 cyber incidents across critical infrastructure.

Consumer Devices

Even unsuspected consumer technologies are being exploited. A frightening real life scenario occurred earlier this year when a hacker gained access to a Texas family’s baby monitor and harassed a 2-year old child. But there are other examples too. In 2012, 700 TrendNet users’ live-camera feeds were breached and, just last month, a man was attested for hijacking Miss Teen USA’s webcam and allegedly taking nude images of the woman.

Beyond the invasion of privacy and overall “creepiness” factor, hacked video cameras can provide a thief with information on family’s valuables, daily schedules and routines, thereby greatly aiding his criminal activities.

The evolution of technology introduces undeniable benefits to society and business, but there are always unforeseen circumstances. As the number of embedded devices continues to explode, individuals, businesses and government agency need to be overly cautious.

What steps are you taking to protect your embedded devices from security threats?

Leave a Reply