New hi-tech cyber attacks could threaten energy supplies, “wearable” computers – and even medical implants, according to a study conducted by Europol’s European Cybercrime Centre (EC3) and the International Cyber Security Protection Alliance (ICSPA).
Attacks in “virtual reality” or “augmented reality” could even be tailored to cause “psychological harm to individuals”.
The white paper, which examines emerging threat scenarios for the year 2020, also envisages bio-hacks which could allow criminals to defeat biometric authentication systems such as fingerprint authentication.
Many of the paper’s predictions are based on trends emerging now. This year, the FDA issued an alert about security flaws in 300 common medical devices made by 40 vendors.
In a detailed blog post outlining the challenges facing health care IT security, ESET Senior Researcher Stephen Cobb says, “Healthcare is a sector that has seen rapid growth in the deployment of digital systems aimed at delivering better medical care at lower cost. Unfortunately, despite an explicit regimen of rules aimed at safeguarding the privacy and security of patient data in the U.S. the sector is currently rife with security breaches.”
Attempts to defeat biometric security have also been in the news courtesy of Apple’s fingerprint sensor in the new iPhone 5S - although, at present, those “hacking” such systems are using basic and laborious methods. “Bear in mind the effort required to defeat the biometric, and also to crack your iPhone password, then ask yourself how many people want your iPhone data that badly,” says ESET Senior Researcher Stephen Cobb.
The study’s authors warn that cybercriminals will attack not only corporations and governments – but individuals – and envisage a world where, “society and second-generation digital natives depend on the secure running of deeply embedded technologies,” and the distinction between physical and cyber crimes becomes blurred.
“We don’t just have to ask ourselves ‘how can we fight these threats’, but also ‘who will fight them?’,” said John Lyons, the Chief Executive of ICSPA. “To meet the challenges of cybercrime, we need to become more creative and flexible. We must make sure law enforcement, criminal justice, governments and business pull in the same direction, but they have to do so without trampling on their citizen’s expectations of privacy and anonymity.”
“The Internet delivers tremendous societal and economic advantages to nations that have learned how to harness the significant benefits that derive from ubiquitous online computing and communications systems. With Project 2020 we don’t predict the future, but we ask the questions that need to be answered to keep us all safe,” Lyons said.
Other experts have predicted such attacks for decades. ESET Senior Research Fellow David Harley, in a paper presented at EICAR in 2002 with Andrew Lee, predicted that viruses would evolve to attack the body – or technologies implanted within it, ““There is no doubt at all that commercial interests will continue to drive technology forward. If, as at present, the security and integrity of those systems is not paramount, then we will inevitably see no reduction of the
amount of malware developed to exploit such systems,” Harley wrote. The full paper can be read here.
“It is also likely that the amount of damage, whether commercial or otherwise, will increase in parallel with this trend. There are already moves towards wearable computers ,and experimentation is underway with computers that function as an extension of thehuman body. It is conceivably possible that such systems will be the norm, even replacing today’s desktop PC’s. It seems a logical step to move from palmtop and laptop devices todevices integrated into the human body or mind, simply because it is not unreasonable to state that the slowest part of a computer is its human user.”
“ Bearing this in mind, it is interesting to speculate about the nature of malware that could exploit this technology. Perhaps the analogue with biological viruses proposed by Cohen will become an actuality,with no distinction between biological viruses and human viruses.
“For instance, Lucent Technologies have been able to create molecular scale transistors, atechnological breakthrough that will certainly have application in wearable or symbiotic computers.”
“Further speculation might lead one to wonder about the effects that such malware couldhave. Today we talk about business systems and corporate networks being ‘taken out’ bycomputer viruses. However, were the business systems to be flesh and blood humans, the effects could be far more devastating.”
“There is a perennial debate in the virus world that deals with the reality or otherwise of malware that can physically damage hardware. This debate is fairly interminable, and the evidence mainly anecdotal or received by methods comparable to the old party game of Chinese whispers. In some future reality though, where computers are an integral part of the human body,whether as enhancements to human function, or a means by which business is transacted,the spectre of malware being able to do physical damage to its host becomes ever more corporeal.”
Author Rob Waugh, We Live Security