Death by software?

WatchGuard Technologies suggests 2013 will be the year a human is killed in a malware attack.

Hackers

As regular readers know, I absolutely despise New Year security predictions. But once in awhile, someone declares something I can't ignore.

Related: "Infosec predictions for 2013? Shoot me, please"

Take this one from WatchGuard Technologies, sent to me by their PR department this morning:

A Cyber Attack Results in a Human Death: WatchGuard hopes it is wrong in this prediction. But with more computing devices embedded in cars, phones, TVs and even medical devices, digitally dealt death is not only possible, it’s plausible. Security is still often an afterthought when developing innovative technical systems. Criminals, hacktivists, and even nation-states are launching increasingly targeted cyber-attacks, resulting in the destruction of physical equipment. Most recently, a researcher even showed how to wirelessly deliver an 830 volt shock to an insecure pacemaker, proving that digital attacks can have a real-world impact.

WatchGuard isn't the first security vendor to warn us of the dangers presented by software embedded in cars, medical devices and the like. Just this past summer we ran a story exploring the possibility that modern technological conveniences in cars could be tampered with. From that story:

The menu of possibilities for hackers is extensive: Computer diagnostics to tell you if anything is wrong, systems to tell you how much pressure is in your tires, how many miles you have left in your fuel tank, whether your door or trunk is ajar, whether somebody is behind you when you put it in reverse, to manage your anti-lock brakes and your anti-theft device; an OnStar satellite system that can start your car remotely, that will notify the company if you're in an accident, including whether one or more of your airbags went off, that will let On-Star remotely shut down your car if it is stolen. In most vehicles, a computer even controls the throttle. And that is only a partial list.

There is no confirmed report yet of a serios cybe attack on an automobile. But the marketing teams for automakers are skittish about publicizing either the risks or their efforts to deal with them. Ford was one of few companies even to confirm its efforts to build security into its Sync in-vehicle communication and entertainment system.

I tend to frown upon predictions like this because they flirt with FUD. But there's no doubt that cars, appliances and medical devices have become more computerized and, as a result, vulnerable.

Barnaby Jack of IOActive demonstrated that fact when he unveiled research showing how pacemakers from several manufacturers "can be commanded to deliver a deadly, 830-volt shock from someone on a laptop up to 50 feet away, the result of poor software programming by medical device companies."

The question is how close we really are to seeing attacks like these, with fatal results.

So what do you think, readers? Could we see such an attack next year, or is this another example of vendors creating drama? Comment below.

To comment on this article and other CSO content, visit our Facebook page or our Twitter stream.
Insider: Hacking the elections: myths and realities
Notice to our Readers
We're now using social media to take your comments and feedback. Learn more about this here.