Industry-changing technological advancements occur in waves. Mobile, the cloud, big data, IoT – are all examples of major technological advancement waves. The latest wave is Artificial Intelligence (AI). Quantum and nano waves are yet to fully arrive. While the technology of previous waves is still very relevant, often it is the latest flavour-of-the-month which commands front-page attention.
IoT heralds a quantum leap in the number of devices connected through a Wi-Fi router. In the home for example, devices such as lights, electric plugs, cameras, alarms, kettles, refrigerators, etc. communicate with each other on the local Wi-Fi network, and to the internet through the home router/modem. If one device on the Wi-Fi network is compromised, the attack could compromise the router itself, as well as data from other devices on the network. An example is a recent vulnerability discovered in a connected kettle which is able to steal router passwords.
Stefan Esser is an iOS security researcher based in Cologne, Germany. Last month when returning to his Frankfurt hotel room after dinner one evening, he noticed that his laptop had been tampered with in his absence. On investigation he concluded that the hard drive had been removed and then improperly replaced. It appears Stefan may have become victim of an Evil Maid attack. A bit of a give-away indication was the hotel room door handle which also appeared to have been the target of tampering.
So everyone knows about the VW emissions scandal. Software in the car’s engine management system can detect when an emission test is being carried out (a give-away clue is when the vehicle is on a dynamometer), and reduce engine performance in order to provide better emissions test results. Malware developers use a similar technique to evade file-based sandbox detection methods.