Direct Memory Access That Kills (on CSI Las Vegas)
Real World Background
We’ve known for years: “Don’t take your computer to China.” Also, that its best practice for security pros to assume that advanced attackers have undisclosed capabilities to foil conventional defenses and make mockery of most assumptions on assurance. When it comes to nation states, you can’t stop them, only (perhaps) deter, divert or slow them down. In my direct access post, I referenced articles which allege the NSA has a veritable internal catalog of advanced exploits for its “users.”
Think that’s creepy? Wait until you read the New York Times article NSA Devises Radio Pathways into Computers. Apparently, attackers possessing American, Chinese or other nation state level cyber-espionage technology could “have” your device even without an Internet connection, without taking the device out of your hands and without you knowing.
How could this happen? Engineers implant a tiny radio-frequency circuit board into commodity hardware on any part of the device with a pathway to its software or firmware, or into an external component plugged into the device, such as a USB connector. Attack software on another device in proximity to the target communicates with the board to orchestrate an exploit.
The other night I watched “Boston Brakes” on CSI. The episode begins with the investigation of a fiery car crash near the Las Vegas Strip. While trying to determine whether the explosion was caused by a bomb, CSI forensic experts discover a “black box” wired to the under-carriage of the vehicle’s remains. Initially, they assume the box was placed there by the rental car company to monitor the vehicle.
As CSI pursues its investigation, agents learn that an investigative reporter working with a whistle-blower in the U.S. defense industry to uncover illegal activities was himself either the murderer, or the target, of the car bomb.
In pursuit of the truth the investigators narrowly escape death themselves. On the highway, their car accelerates to over 130 mph and the brakes fail. It turns out that someone has planted a black box under their car and is sending commands to override the controls. Only through the intervention of the mysterious whistle-blower (who is the original developer of the black box and can “hack the hackers”) are the investigators saved from death by remote control, direct access that kills!
If only the real world were like Hollywood (or not :-)). Technically, Boston Brakes may be unrealistic. I’m no auto mechanic, but I have to wonder whether there’s really an electrical actuator to the gas pedal in a car, and to the brakes, that could be remotely controlled. In current models, I’m not sure the “Boston Brakes” exploit would be possible.
But with newer models…I saw some Toyota commercials during the Superbowl about cars coming on the market with the capability to prevent an accident by temporarily taking control from the driver. And some products – such as Phil Windley’s Fuse – already provide a black box to “connect your car with your life.” So maybe Boston Brakes is not too far fetched.
The larger point about “Boston Brakes” is that with the black art of cyber attacks coming together with the Internet of Things and industrial control systems we’re increasingly vulnerable to ever more serious abuses by bad actors. It is very dangerous for nation states to create technology that undermines the assurance essential to individual safety and privacy. Even if the nation state agencies themselves are mostly benign – as I believe ours are – the technology inevitability falls into the hands of evil-doers. Just as chemical and biological weapons are outlawed by the Geneva Protocol, so too should most cyber-weapons.
But I’m also thankful that in the show the bad actor was not depicted as the entire U.S. government, and that in fact it was good and honest forces in local law enforcement that came together in this case to protect freedom of the press. Even the often-maligned FBI, who in the beginning of the show was cast as trampling on the local investigator’s jurisdiction, ultimately came around to seeking the truth, investigating and unmasking a corrupt general within the defense establishment.
I read a survey the other day finding that most U.S. citizens oppose privacy abuses and mass surveillance. So I really liked the way CSI Las Vegas portrays a local and federal law enforcement rank, file and management that is prepared to act to protect our constitutional rights as well as track down criminals, wherever they may be.