Everything from pacemakers to insulin pumps and digital toys can be hacked in our Internet-of-Things world
Catherine Gebotys (PhD ’91)
Professor, Faculty of Engineering
> Cybersecurity and Privacy Institute
> Centre for Applied Cryptographic Research
In the Internet-of-Things future, hackers can be almost anywhere.
They could be probing your smart-TV set, home-security camera, connected car, a wearable device like a Fitbit, or even a child’s toy.
Last year, an official watchdog in Germany, the Federal Network Agency, told parents to destroy a talking doll called Cayla because its smart technology can reveal personal data. And researchers also recently found that the Bluetooth connection in another child’s toy, Furby, could be hijacked, possibly allowing hackers to turn on the doll’s microphone and speak to children.
Even medical devices like digital insulin pumps, pacemakers and defibrillators are digital, which means that they too can be hacked.
In the lab of Catherine Gebotys, a professor in Waterloo’s Department of Electrical and Computer Engineering, a research team is finding all the ways that hackers can get into those wireless devices so that countermeasures can be developed for the embedded chip architecture.
In a world where almost every electronic device is digital, it is hard to be completely secure against hackers, “but we can make the attacks harder,” she adds. “We can make it so that it might not be feasible to get in without significant and expensive resources.”
Her team will use hackers’ tools, such as electromagnetic pulses and lasers, to break into the devices. Hackers can use these methods to grab just enough information to allow the encryption to be decoded.
While some labs focus on particular types of attacks, “we examine a wider range of attacks and therefore develop more robust countermeasures,” Gebotys says. This is important, because sometimes, a countermeasure against one type of attack might make another type of attack easier. “So we try to research countermeasures that will work for more than one type of attack.”
Some things, like credit cards, already have a lot of built-in security. But many regular commercial products, like the children's toys, might not be so well protected because the additional security measures are costly. Gebotys is trying to find countermeasures that are efficient, not so costly and not too hard on battery life.
There are numerous reasons for attacks on wireless devices, Gebotys says. Hackers might want to get at your health information, or other data that would make identity theft possible, for example. In some cases, they might want to simply disrupt the operation of a device.
Gebotys has collaborated with BlackBerry in the past, and is now collaborating with the Department of National Defence and another company. The military definitely needs to make sure that the military vehicles and other hardware it uses in the field are as secure as possible against enemy intrusions, she says.
Feature image photo credit: Wenjie Dong/E+/ThinkStock
