Aka: tales from the malicious script.
As well as being European Cyber Security Month, October is also the time when jack-o’-lanterns begin appearing on doorsteps and children roam from street to street, demanding confectionary from people they’ve probably never met before. Yes, it’s Halloween. And when it’s Halloween, it’s time for a scary story or two. Or in this case, four scary stories. About cyber security.
The Spying Eye On Your Wi-Fi
Someone is watching you. You’ve never met them and you probably never will. But they can see you, and so can hundreds of others. They’re spying on you, and you have no idea what’s going on.
It’s getting late, so you get ready for bed. You get undressed and put on your pyjamas.
They’re still watching.
Your webcam has been hacked.
^ Your friendly, neighbourhood webcam. "No, you carry on. Pretend I'm not here."
Cold Sweat Or No Sweat?
There’s a very good reason why Facebook founder Mark Zuckerberg tapes over the webcam on his laptop: webcam hacking can and does happen.
In one high-profile instance, Miss Teen USA winner Cassidy Wolf was blackmailed after her webcam was accessed by an unauthorised user. The hacker, who was eventually jailed for 18 months, threatened to share naked pictures of her unless she sent him more explicit images.
Then there was the case of the schoolboy Blake Robbins, who discovered his school-issued laptop was spying on him through the webcam, sending photos back to teachers. Although not a hacking case per se, it’s another example of how webcams can easily be exploited to invade privacy.
Thankfully, it’s easy to cover your laptop webcam with a sticker when it’s not in use, and many new laptops offer some method of putting the camera away.
Of course, hackers can still access your microphone and listen to you, but it’s better than nothing, we guess. (Not to mention cameras on smartphones and tablets...)
Scare Score: 8 out of 10
Is Hacking Four Wheels For Reals?
Imagine driving down the motorway at 70mph (because you’re good and sticking to the speed limit, aren't you?) and suddenly having your car taken over by an invisible force. Maybe the steering wheel starts to turn on its own or the brakes slam down for no reason. Perhaps you’re driving at night and suddenly your lights go off for no reason.
But it’s not a malevolent poltergeist playing with your life; it’s a flesh-and-blood human being: a hacker.
It’s scary to think that someone could so easily put your life at risk, perhaps for nothing more than kicks, but is this fear justified?
Cold Sweat Or No Sweat?
Car hacking is a reality – kind of.
In 2015, Wired reporter Andy Greenberg took part in a demonstration that saw a Jeep Cherokee taken over remotely by hackers. As well as messing with the wipers, the air conditioning and the radio, the researchers also managed to stop the car completely.
Two years later, computer scientist Justin Cappos stated that any car made after 2005 could be hacked. After this, both Bloomberg and Forbes published their own articles about the dangers of car hacking.
So there must have been loads of accidents caused by this chilling new threat, right?
In a word, no. Not one. As far as we know, there hasn't been a single report of a car accident attributed to hacking. Demonstrations by researchers show it’s possible to hack car computers and to do it remotely if they have wi-fi connectivity, but the chances of it happening in real life seem slim.
However, just like the ending of a horror film, there’s a twist in this tale. According to Cappos, hackers may have already started causing accidents, but the authorities just don’t know about it.
Could be a good time to brush off the old pushbike...
Scare Score: 5 out of 10
Hackers Hacking Off Body Parts
Simon Phoenix, a dangerous convict in a maximum security facility in Los Angeles, was a man with few qualms about violence. Faced with a prison door that could only be opened by a retinal scanner, he killed the prison warden and removed one of his eyes using the man’s own fountain pen. With the still-bloody eyeball mounted on the pen, Phoenix fooled the scanner and walked out, to begin a crime spree that would shock the city.
Thankfully, though, Phoenix was a character in the 1993 action film Demolition Man and not a real person. But the fear of mutilation as a way of bypassing biometric security is a genuine concern that many users have. After all, many of us use fingerprint scanners every day on our laptops and phones, so what’s to stop a criminal chopping off our fingers to access our devices?
^ No one is going to chop your hand off just to unlock your laptop... Or are they?
Cold Sweat Or No Sweat?
Although plausible, it’s not likely. For a start, there are far easier and less gory ways of committing crimes that don’t involve the extreme act of mutilating people. In our Demolition Man example, we’re fairly sure the warden, if given the option, would have much preferred to open the door himself with his eye still in his head. But you know – Hollywood.
Perhaps more importantly, it might not even work. Modern biometric security can often tell if the thing it’s scanning is attached to something that’s alive or not. A fingerprint scanner, for example, may check for the small electrical signal carried by the human body, which stops when you're dead.
However, no security measure is completely foolproof. As recently as April 2019, the Samsung Galaxy S10’s ultrasonic fingerprint sensor was tricked by a 3D printed copy of a print taken from a wine glass.
There’s also good reason to be worried about older devices. In the case of older fingerprint scanners, it was often possible to fool them using nothing more than a photo of the person’s fingerprint or a copy made from glue.
Sure, the bloody, dismembered digit of your victim would also work in this case, but who’s got time for that? (Serial killers, maybe?)
Scare Score: 6 out of 10
Hacked To Death
As annoying and financially costly as it can be to have criminals hacking into your computer and causing chaos, in most cases you’ll still have your health. But what if they hack into something that you actually rely on to live?
Like just about every other type of electronic technology in existence, medical devices, such as pacemakers and insulin pumps, are increasingly benefitting from wireless connectivity. That, of course, means they can also potentially be hacked.
Millions of people rely on these devices to keep them alive, and being able to control and update these systems wirelessly is quick and convenient – but it also makes them a quick and convenient way to kill people.
Are criminals taking advantage of this, though?
Cold Sweat Or No Sweat?
In February 2018, Dr Dhanunjaya Lakkireddy of the University of Kansas Hospital said of pacemaker hacks, “Most of these are theoretical risks. There has not been a documented case of a cardiac device hacked in a real patient.”
The good news is this remains true over a year on.
The bad news is researchers have been able to show for a while that it’s possible. At two separate hacking and cyber security conferences in 2018, for example, experts demonstrated how malware could be used to take control of pacemakers and insulin pumps.
It’s this risk that has prompted engineers to look into watch-like devices that patients can wear, to control medical devices without wi-fi or Bluetooth connectivity – instead using the body’s own internal networks to send and receive signals.
As with car hacking, there's probably no need to be too worried about this at the moment, but it's also possible that hackers may have already started using this technique to kill people and we just don't know about it.
Scare Score: 6 out of 10
Don't Have Nightmares
At the end of every episode of the BBC's Crimewatch, host Nick Ross would say "Don't have nightmares" - right after a show filled with reenactments of horrible, real-life crimes.
In that grand tradition, we'd like to do something similar, by saying this: don't panic. Yes, cyber crime is a big, scary phenomenon, and having security in place is absolutely essential. But that's why experts like TMB Group exist. Although businesses have to do their part too, by being cyber aware and taking security seriously, they also have to focus on the day-to-day running of their organisation. So leave it up to us to take care of your security.
Whatever you do, don't bury your head in the sand - not unless you want to end up in a horror story of your own...