When we think of data breaches, we ordinarily think of hackers accessing personal information for gain or notoriety – such as the recent hack on Ashley Madison where details of 37 million people were obtained by a hacker group that has threatened to release them unless its demands are met (more details are here). However, this is by no means the only type of cyber-attack that one should be wary of.
As our world becomes more integrated, three truths become increasingly prevalent. First, we are putting computers in more day to day items, from toasters to televisions. Second, most computers are connected to other computers wirelessly through the internet. Thirdly, one linked computer will often be able to take control of another if its cyber security software is not sufficient to ward off the attack.
On 24 July 2015, Fiat Chrysler, a well renowned car manufacturer, was forced to issue a voluntary recall 1.4 million Jeep Cherokees after it was discovered that a flaw allowed the vehicles to be hacked by an external party. By accessing an opening in the Uconnect system, which ordinarily allows the passengers to play music or make a telephone call, hackers were able to not only play their own music and mess with the air conditioning, but also prevent the vehicle from accelerating, cut the vehicle’s brakes and even take over its steering whilst the car was reversing.
All this from their basement 15km away.
It is a scary thought.
Thankfully the hackers involved in this attack were the good kind of hackers. They demonstrated the capabilities of their program on a consenting journalist and subsequently provided the code to Fiat Chrysler, allowing them to plug the gap with a software update. Unfortunately, however, many hackers are what last week’s ACSC Cyber Threat Report 2015 termed ‘cyber adversaries’ – i.e. not the good kind of hackers( see our blog on the ACSC Report here)).
Systems like Uconnect are now common not only in modern cars, but a range of products that ordinary people use daily. Businesses are hard pressed keeping up with consumer demand for more interconnectivity, and as demand grows supply will inevitably follow. But as more devices are connected, the greater the risk that they can be compromised
Given this, it is important to recognise that cyber security is not only important when considering personal information and that not even a group as large as Fiat Chrysler has been able to plug all the gaps.
When cyber security breaches like this occur, it is important to have insurance that covers you for the loss involved if any of your products are hacked (or shown to be hackable). Unfortunately, many traditional policies do not provide sufficient coverage for cyber attacks. As such, one should always consider obtaining a well-tailored cyber risk insurance policy to ensure that they sufficiently protect their interests.
A full account of the journalist’s experience, including a video, can be found here.