The Warning From The Vault

The CIA are clever fellows. The Vault7/Wikileaks dump of the CIA cyber-spy tool-set shows some ingenious.tricks.

“There are cell phone towers which, once you’re connected to them, the CIA can jump in and take over control of your phone,” instances Peter Dakin, Director of Digital Technology at Metropolis Business Media, “and there is malware that knows how to jump the gap when air-gapped computers are run in isolation with no cabling and no wireless or other connection. For example the Stuxnet worm via USB.”

With every government in the hacking game, every system vulnerable, cars and planes vulnerable to hacking, companies spending fortunes on IT security and hackers rampant, it seems there is no end to the hacking phenomenon.

“As a society, we’ve sleep-walked into this,” says Dakin.

On the upside, the Vault7 dump could be a positive thing for the electronics industry because companies who can now check if their equipment is compromised.

“The release showed the holes in the software of the iPhone, Android, Cisco and many more – and now businesses can address these vulnerabilities,” says Mike Sirius, Head of Development at Metropolis, “Cisco, for its routers, were one of few to utilise this knowledge.”

“It gives everyone who makes hardware and software the opportunity to take a look at their whole supply chain – especially the chip people,” says Dakin.

Governments are on notice that their defence equipment can be bugged and ordnance intended for an enemy could be re-directed to hit home.

It could explsin why some airline passengers have been banned from taking laptops into the cabins of aircraft. Avionics experts have been able to hack into an aircraft’s control using a laptop in the passenger cabin.

“The authorities could have been targeting laptops not because they’re bombs, but because they’re weapons – cyber weapons. Malware to trigger an avionics takedown could be introduced, perhaps even in a supply chain attack without the device owner’s knowledge,” says Dakin.

Are there solutions?

“Is there a way that hardware can be designed so it knows it’s been compromised?” suggests Dakin.

The lesson of the Vault7 affair is that malware can be introduced into systems without the owner’s knowledge

“Vault7 is a warning,” says Dakin, “it’s like Jurassic Park warning us: ‘Don’t mess with DNA’.”


Comments

8 comments

  1. Wait…. what Avionics experts have been able to hack into the Avionics from the cabin? Please name one, and get your facts straight before posting rubbish, fake media.

  2. Considering the computing power of the average smartphone, restrictive devices above a certain size does not make much sense if preventing malware takedown would be the goal.

    Per the Guardian (https://www.theguardian.com/us-news/2017/mar/21/us-electronic-devices-ban-flights-tsa-airports):
    “To be honest, guys, there’s a pretty universal understanding of where we’re at,” said one exasperated official who was repeatedly asked about how large a phone could be before it qualified as a tablet and was banned. Requirements appear to be at the discretion of the airlines.

    The theory that it would be a soft “tariff” on foreign carriers seems quite appealing…

  3. How very sadly true, SEPAM, this is another fine mess we’ve all landed in.

  4. That says it all SEPAM: “It looks like the state of the art in intrusion stuff is a lot more advanced than we assumed it was.”

    • SecretEuroPatentAgentMan

      A lot of clever people with a lot of high end resources and even more moolahs over many years will indubitably have made a lot of very advanced stuff. It will take ages before this is unravelled.

  5. “Avionics experts have been able to hack into an aircraft’s control using a laptop in the passenger cabin”
    So that is it then, back to manual stick flying for the massive Boeings … at least you will never have to worry about a cyber attack … because chances of surviving a landing are negligible …

Leave a Reply

Your email address will not be published. Required fields are marked *

*