Look, I'm not trying to freak you out here. Well, OK, maybe a little. But think about it: We have computers all over the place. Your laptop or desktop PC; maybe you have a tablet too, maybe a smartphone. And it doesn't stop there. Your car might be computerized, your kitchen, the toys your kids got for Christmas. If any of those computers are connected to any kind of network, there exists an issue of security.
This isn't so far out of the realm of possibility, either. Yoshi Kohno is an associate professor of computer science and engineering at the University of Washington. He and his team figured out how to break into a car's internal, computer network. They were able to control the brakes and turn the car on and off. They also fiddled around with a commercially available toy robot. "One of the things we found is that as soon as we turned this toy robot on, it advertises a wireless ad hoc network that anyone can connect to," Kohno says. "And if they connect to it, they can look through the video camera attached to the robot to see what's happening in the child's room and control the robot, move it around the room, and so on."
Kohno's team has been looking into something far more serious than a toy robot: implanted medical devices. "We found that a person using their own equipment could wirelessly communicate with a pacemaker or defibrillator and change its settings, turn on and off therapies, and in fact make it issue a large shock," he says.
And how hard would that kind of a hack be? Kohno says, "For the work that we did, it was fairly sophisticated. This is not something where a teenager in their garage is going to develop the capabilities. And because of this is one of the reasons why we say the actual risk to patients today is fairly small."
Kohno says the challenge in improving device security is higher because of how crucial the device is to the person using it. "So for most computers, if you think about a security problem with my laptop or a desktop, one of the things is that, if a problem arises, I can turn it off. I can put it in the side of the room and forget about it for a while. We can't necessarily do that with medical devices," he says.
As for what can be done, he says, "There's a broad spectrum of defenses from a security perspective. And security is often times about risk management, and so there's no such thing as absolute or perfect security. Instead what we try to figure out are what are the actual risks and according to those risks, what can we do to improve the security? And so there are a number of things that can be done to significantly improve security which is adopting industry best practices, encryption technologies, access control technologies, and so on. There are still, of course, a number of challenges, which is why the research community is trying to focus on uncovering new defensive techniques."
And in that regard, says Kohno, things are improving. "I think that two or three years ago, one of the things I would often talk about with people is that fact that the government and the manufacturers really need to focus on this before any real issue arises. And I think that now government and manufacturers are actually turning a significant amount of attention to this issue."
Also in this program, University of Illinois scientists say they've developed a circuit that can heal itself through the automatic release of liquid metal. I've seen THAT movie before.
“I think the best compliment I can give is not to say how much your programs have taught me (a ton), but how much Marketplace has motivated me to go out and teach myself.” – Michael in Arlington, VABEFORE YOU GO