“There are cell phone towers which, once you’re connected to them, the CIA can jump in and take over control of your phone,” instances Peter Dakin, Director of Digital Technology at Metropolis Business Media, “and there is malware that knows how to jump the gap when air-gapped computers are run in isolation with no cabling and no wireless or other connection. For example the Stuxnet worm via USB.”
With every government in the hacking game, every system vulnerable, cars and planes vulnerable to hacking, companies spending fortunes on IT security and hackers rampant, it seems there is no end to the hacking phenomenon.
“As a society, we’ve sleep-walked into this,” says Dakin.
On the upside, the Vault7 dump could be a positive thing for the electronics industry because companies who can now check if their equipment is compromised.
“The release showed the holes in the software of the iPhone, Android, Cisco and many more – and now businesses can address these vulnerabilities,” says Mike Sirius, Head of Development at Metropolis, “Cisco, for its routers, were one of few to utilise this knowledge.”
“It gives everyone who makes hardware and software the opportunity to take a look at their whole supply chain – especially the chip people,” says Dakin.
Governments are on notice that their defence equipment can be bugged and ordnance intended for an enemy could be re-directed to hit home.
It could explsin why some airline passengers have been banned from taking laptops into the cabins of aircraft. Avionics experts have been able to hack into an aircraft’s control using a laptop in the passenger cabin.
“The authorities could have been targeting laptops not because they’re bombs, but because they’re weapons – cyber weapons. Malware to trigger an avionics takedown could be introduced, perhaps even in a supply chain attack without the device owner’s knowledge,” says Dakin.
Are there solutions?
“Is there a way that hardware can be designed so it knows it’s been compromised?” suggests Dakin.
The lesson of the Vault7 affair is that malware can be introduced into systems without the owner’s knowledge
“Vault7 is a warning,” says Dakin, “it’s like Jurassic Park warning us: ‘Don’t mess with DNA’.”