Is Your Fridge Giving Away Your Personal Data?
You could lose your personal information through your refrigerator, and there’s nothing the government can do to protect you.
That’s if you aren’t killed by a hacker remotely cutting your engine while driving.
“If it’s connected, it can be hacked,” said IOActive CEO Jennifer Steffens. Her company gained fame in July after two of her employees hacked into a Jeep Cherokee and remotely cut its engine while the driver was on the highway.
Even though more devices are being connected to the Internet, including refrigerators that can order groceries for you, the government can’t set broad cybersecurity requirements.
“We can’t tell you how to solve the problem,” Steffens said.
By breaching a smart refrigerator or any other Internet-connected device, a hacker can steal an owner’s personal identification data like their Social Security number.
But without a solution, the government isn’t in a position to require manufacturers to defend against digital attackers, Steffens said.
Instead of new policy or legislation, Steffens hopes that IOActive’s Jeep hack will open a dialogue.
“We hope it’s more discussion — so we can understand the impact” of such breaches, she said.
Manufacturers need to find their products’ cyber weaknesses proactively, Steffens said.
“Manufacturers are starting to get the message, but the transformation isn’t overnight,” said Institute for Critical Infrastructure Technology fellow Stan Wisseman during a congressional briefing.
ICIT, a cyber think tank, co-hosted the briefing with Texas Democratic Rep. Sheila Jackson Lee.
But ultimately, even proactivity isn’t an impenetrable cybersecurity defense. Even though Chrysler recalled 1.4 million vehicles and updated its software with a security update, owners are still vulnerable.
“I guarantee you that’s not the only mistake,” Steffens said. “Your adversaries are very patient and are very well funded.”
She said attackers say: “Give us time, we will hack it.”
But who’s at fault in the case of such hacks?
“It’s very difficult to determine who’s accountable,” Steffens said.
Obviously the hackers are, but often they’re typically impossible to trace, Wisseman said.
If a manufacturer made all the necessary efforts to establish cybersecurity, it shouldn’t be responsible, Steffens said.
Additionally, there’s often not a way to prove that a driver’s accident was caused by a hack, Wisseman said. A driver could theoretically crash their car and blame it on a nonexistent hack.
Automobile manufacturers could add a black box similar to those found on airplanes to trace and prove hacks, but realistically, that would just open another channel for attackers to breach, he said.
Copyright 2015 The Daily Caller News Foundation