Imagine you're groggily driving to work one Monday morning when you're abruptly pulled out of your sleepy state by an unexpected spray of washer fluid across your windshield. You quickly turn on your wipers to rescue you from blindness when your music suddenly starts playing at a deafening volume. You can't get either distraction to stop, so you start to panic — what else could go wrong, and why is it happening?
The above scenario is child's play compared to what a hacker sitting at home with a laptop can do. Imagine if they'd decided to lock up your steering wheel or disable your brakes? The fear is all too real.
For many of us, getting hacked is our worst nightmare. We live in fear that someone will get ahold of our credit card information, Social Security number, or proprietary work documents. Unfortunately, the dangers are no longer limited to cyberspace. Hopefully, today's electronics OEMs are equally concerned about addressing these potential threats.
Today's hackers can gain control of and manipulate your real-world environment, too. Let's take a look at how this is accomplished using some real-life examples and how electronics manufacturers should be getting involved.
Exploiting hardware flaws
If you're starting to feel a bit paranoid about the idea of strangers having the ability to access your physical space, then this example will put you at ease — in the sense that there's validation for your concern. Rowhammer, a new technique created as an example by Google researchers, is the main culprit. Rowhammer actually taps into the physical properties of computers, targeting dynamic random-access memory (DRAM) until it glitches and grants access to the computer's operating system.
Rowhammer is a particularly interesting technique, as it goes "around" the operating system and firmware to change the system in ways that are invisible — all the better to avoid triggering any security alarms. Some new versions of RAM protect against this in various ways, such as faster refreshing of data, but there's a lot of old memory out there with a lot of valuable information stored on it.
But Rowhammer is just one approach. Flip Feng Shui, for example, builds off of Rowhammer to "flip a bit in a memory page" to get at a vulnerable memory location. There are also the side-channel attacks, which allow exfiltration of data on air-gapped machines (machines not connected to the network). This is accomplished using software that sends the data via other means, such as the sound made by your computer or hard drive, the electromagnetic emissions from the screen, and so on. It may sound like a side plot from Mr. Robot, but operating system smarts can't block attacks aimed at hardware flaws like as these.