The need for safety then and now
For as long as mankind has been evolved enough to form communities, the need for the safety and protection of those communities has been paramount. From the earliest documented human tribes, the somewhat strained relationship between the demands of the population and the resources available has required that communities protect both themselves and their assets. A theft perpetrated by a rival tribe could have seen a community starve during a winter. Historians and archaeologists believe that this need for security and protection is the reason mankind evolved from simple tribes and communities into vast kingdoms, each with their own military force to protect borders and law enforcement to protect items of value within those borders.
Security evolved alongside mankind again with the introduction of electricity and computer technology. Computer-run security began to replace physical security, with electronic sensors, CCTV, access control and communications systems all being employed to protect assets. However, as technology advanced, so did associated security threats. With the birth of the Internet in the 1990’s, a global network connecting billions of devices, a whole new crop of vulnerabilities arose. Now not only were physical assets at risk, but intangible assets as well – bank details, identification documents, and purchase histories, to name a few. While there’s no doubt that the Internet is a wonderful tool for connecting people around the world, it does present its fair share of security threats.
Hackers find their way in to all devices
The biggest security threat Internet users face in the 21st century is from hackers; tech-savvy criminals looking to exploit holes in computer security to steal sensitive information, or simply cause chaos. Unfortunately, in our predominantly computerised society, very little is safe from hackers. If they’re good enough, they can find loopholes to access information in almost any device, from the smartphone in your pocket to the car you have just purchased.
Android phones at risk
These days it seems nearly everyone has a smartphone – and they are one of the devices most vulnerable to attack. In July last year, security firm Zimperium reported that Android OS had a potential security exploit in them that would allow hackers to take over the OS without the user even knowing. The potential threat, nicknamed “Stagefright”, could theoretically occur via a video sent as a multimedia message (MMS), which could be used to attack the OS through the libStageFright mechanism (which helps Android to process video files). Many text messaging apps (such as Google Hangout) automatically process video automatically so that it’s ready for viewing as soon as the message is opened – which means the attack could happen without the user ever realising it. “Stagefright” left almost 1 billion devices affected; however, Google rolled out a patch later in the year updating all of their apps to stop processing video messages automatically.
Computers at constant risks
But smartphones are not the only common device at risk from hackers; personal computers can be hacked as well. A new security vulnerability became apparent on Dell computer systems recently. The company was installing a self-signed security certificate (used to authenticate websites) alongside a private key (or password) on its customers’ computer systems. The combination allowed hackers to reverse-engineer their way into the system, spying on the users’ encrypted traffic and sensitive information. Even Apple, primarily known for the security of its devices, isn’t immune to security threats. It was revealed that hackers were exploiting a vulnerability called DYLD, which is known as a ‘zero-day exploit’ because it’s a security hole that the software creator isn’t even aware of. It allowed hackers to exploit a security hole in Apple’s latest error-logging feature in the Mac OS X 10.10, and install malicious applications on a victim’s computer. From all reports, Apple worked quickly and fixed the bug.
Cars under attack
If you think that smartphones and personal computers are the only devices you own that are vulnerable to attack, think again. In 2015 a recall of 1.4 million Chrysler products was initiated after security researchers discovered a vulnerability in their UConnect dashboard computers. This vulnerability provided an avenue for a hacker to take control of the dashboard functions, steering, brakes and transmission of a vehicle. GM experienced a similar problem with their Onstar system – a simple, low-cost device allowed hackers to access the Onstar functions to locate, unlock, and start the car. Both companies have since taken steps to rectify their security issues.
Drones can become a risk
But it’s not only the assets you own that can be a risk to your safety and security; it’s those that others own as well. Drones present a serious security threat in modern day society, due to their ready availability to the general public and their potential to be hacked remotely. Because they are commercially available, drones have the potential to be used as affordable and effective explosive devices – essentially flying bombs, ready at a moment’s notice to cause chaos and destruction in the public space. The most effective method of preventing drone attacks would be to geofence potential target areas, which would mean that drones would automatically shut down if they tried to enter the site being protected. Another method would be the government registration of drones, which would restrict access to the devices.
So security threats have evolved over time, along with technology. But the good news is, security and defence technologies are advancing as well, capable of evaluating and adapting to threats to mobile security, cloud data, and authentication weaknesses. So while there are threats out there to be aware of, it’s possible to protect yourself and your assets in our networked, computerised society.
This story was originally published in W.A.D Beyond Global Volume 66, Issue 15 | January -April 2016 by Prashin Sharma on this page.