10 terrifying extreme hacks

Nothing is safe, thanks to the select few hacks that push the limits of what we thought possible

1 2 Page 2
Page 2 of 2

Extreme hack No. 6: Stuxnet

Which brings us to the world's most advanced cyber war attack to date: Stuxnet. Easily the most advanced and flawless malware program ever written, Stuxnet did not use BadUSB, but it spread via USB keys and a previously publicly unknown USB execution method, along with three other zero-day attacks.

Publicly discovered in June 2010, Stuxnet forced the previously unacknowledged cyber war to be recognized as a real battle with the ability to cause physical damage. Stuxnet is said to have been a collaboration between Israel and the United States to thwart Iran's nuclear weapons program, though neither Israel nor the United States have publicly acknowledged this.

Getting malware into Iran's high-security, air-gapped, nuclear facilities was considered impossible by many computer experts. But Stuxnet's creators purportedly infected the USB keys of foreign nuclear consultants who worked on the Iranian centrifuges. Whether the foreign workers knew they were carrying infected USB keys or not is up for speculation.

The malware launched from the USB keys, making its way into the Windows-based reactor management computers, then to the programmable logic controllers of the centrifuges themselves. Once there, the malware recorded normal operational values and fraudulently played back those values while maliciously creating fatal operational conditions that destroyed many of the centrifuges and controlling equipment.

A source code review by several companies led examiners to conclude that it would have taken many teams, composed of dozens of people each, a year or longer to write such a malicious computer worm. However, since Stuxnet's discovery, several other advanced computer worms have been discovered. As futuristic as Stuxnet was, most experts believe it is now a common baseline from which all future cyber warfare programs will begin. The digital cold war has started.

Extreme hack No. 7: Road sign hacks

Hacking electronic road signs -- aka portable changeable message signs -- is illegal and can get you in serious trouble. But it’s hard not to crack a smile at a good "Caution! Zombies! Ahead!!!" road sign hack on an otherwise unused sign that does not create a dangerous situation.

Some road sign hackers are former Department of Transportation or construction employees who programmed signs as part of their job. But the truth is, road sign manuals are readily available on the Internet, and they almost always contain built-in default passwords as simple as "password," "Guest," "Public," and "DOTS." Hackers can simply find the model of the road sign they are targeting and download the manual.

For most road signs, physical access to a locked-up panel is necessary, although often the panels are left unlocked. Once the hacker gains physical access, they use the console keyboard to log on with a default or guessed credential. Barring that, they can often reboot the sign’s computer while holding down a series of keys, as defined in the manual, and this resets the sign back to the manufacturer's defaults, including default built-in passwords. Even in the case where a road sign has distinct user and admin credentials, the sign's message can be changed without admin rights, which are necessary mainly for changing power, fan, and other equipment settings.

Extreme hack No. 8: The NSA’s order book

Anyone who has been paying attention to revelations from former NSA employee Edward Snowden knows the NSA has what is essentially an "order book" for ordering advanced hacks and advanced hacking devices. This book is nearly the definition of extreme hacking.

One such advanced hacking method, known as Quantum Insert, sees the NSA and other nation-states using readily purchasable packet injection tools to imperceptibly redirect target victims from one website to another website where they can be further manipulated. If the redirect page is rendered to look a lot like the victim's intended website, they probably won't know they've been redirected. Enforced encryption (HTTPS) can help thwart packet injection attacks, but most websites don't require encryption and most browser users don't enable it when it's optional. This hack has been in use since 2005.

Among the other hacks an NSA operative can order:

  • Malicious monitor cables for $30, which monitor and report the data sent between the computer and monitor
  • BIOS and firmware hacking to plant malicious software that survives a reformat, OS reinstall, or even a new hard drive install
  • $40,000 Stingray devices, which are fake cellphone towers that can maliciously redirect victim cellphone conversations for monitoring
  • Malware that attacks and lives in hard drive firmware
  • Persistent malware, software, or hardware for firewalls
  • Devices that can record room audio
  • 802.11 wireless network injection tool
  • Keyboard cable tapping devices

After reading what the NSA can order, it should be quite clear that the NSA (and any other nation-state entity) can pretty much spy on whatever device it wants, and there is little we can do about it -- as long as it remains legal and the agency can gain access. Many of these devices and software programs are created by private companies and available for purchase to any paying customer.

Bruce Schneier offers additional information about nation-state programs.

Extreme hack No. 9: Cryptographic attacks

Gary Kenworthy, of Cryptography Research, specializes in revealing cryptographic keys that had been thought to be highly secure, from all sorts of computing devices. He can remotely monitor a device's radio frequency or electromagnetic radiation emissions and tell you the 1s and 0s that made up its secret key. He has done this in public and private demos around the world the past few years. You can see him determine a mobile device's private key simply by monitoring its EM fluctuations.

Kenworthy’s recent advances against the very devices we are told will protect us have shaken many in the cryptography community. To be sure, Kenworthy and his company profit from providing protections against the attacks he demonstrates, but his attacks are real and essentially reduce the security of most devices running cryptography that do not implement his suggested defenses.

Extreme hack No. 10: Car hacking

Car manufacturers are racing to put as much computing functionality as possible in their cars, and it should come as no surprise that these same computers are incredibly vulnerable to attack. Early on hackers learned how to unlock cars using their wireless remote key fobs and to prevent car owners from locking their cars despite thinking they have.

Dr. Charlie Miller, who started his career hacking Apple devices and winning multiple Pwn2Own hacking contests, is among the best car hackers. In 2013, he and his fellow researcher, Chris Valasek, demonstrated how they could control the brakes and steering on a 2010 Toyota Prius and Ford Escape using a physical attack that interfaces with the car's Electronic Control Units and onboard bus systems. Thankfully, the hack didn't work wireless or remotely.

Last year, Miller and Valasek discussed wireless remote hacks against 24 different cars, ranking the Cadillac Escalade, Jeep Cherokee, and Infiniti Q50 as the most hackable. They were able to document that the car's remote radio features were linked or could be linked to the car's critical control systems. Last year the U.S. Senate concluded in a report that nearly every car produced today is hackable.

Now car manufacturers are following the lead of traditional software companies: They are hiring hackers to help improve the security of their car systems.

Think about that the next time you’re at a dealership, tempted by the model with the best Wi-Fi.

Related articles

This story, "10 terrifying extreme hacks" was originally published by InfoWorld.


Copyright © 2015 IDG Communications, Inc.

1 2 Page 2
Page 2 of 2
Make your voice heard. Share your experience in CSO's Security Priorities Study.