Page 95 - index
P. 95
Attacks Against M2M Devices
by Dr. John Linwood Griffin, TeleCommunication Systems
In an environment where devices are deployed for years, where device firmware can be difficult to
update and where devices are often unattended and not physically well-secured—meaning potential
attackers may have complete physical access to your hardware—it can be very challenging to implement
low-impact, cost-effective protections.
For example, in July 2012, researcher Cody Brocious demonstrated a $50 electronic tool that, in under a
second, could exploit a vulnerability in many of the more than four million standard card-key electronic
locks that are installed at 22,000 locations in 115 countries. Armed with just a low-cost and low-power
Arduino microcontroller, the researcher plugged into a circular DC jack on the exterior of an electronic
lock—a jack that is normally only used by authorized hotel personnel to program or test the lock.
Brocious used the microcontroller to mimic the electrical signaling of a legitimate portable programmer
device and was able both to read the secret code from the lock and to command the lock to open.
The lock manufacturer has since addressed this vulnerability, but this example is just one of several
recently published attacks against machine-to-machine (M2M) systems.
The Basics
M2M is the simple idea of two computers communicating directly with each other without a human in
the loop. M2M technology is increasingly used in areas ranging from utility smart metering to in-vehicle
entertainment and navigation systems. With this rise in use, attacks against M2M devices are steadily
becoming more prevalent. In order to protect your organization and your M2M device deployments, you
need to adapt your way of thinking and your security techniques to match the clever, creative and
patient techniques an adversary may use to attack, bypass or circumvent your M2M security
infrastructure.
Think Like a Crook
Responding to this “understand the adversary” challenge, researchers have given presentations and
released papers that describe fascinating attacks against the security components of deployed M2M
devices.
For example, researcher Barnaby Jack demonstrated two attacks against automated teller machines
(ATMs) that, in just a few seconds, could reprogram the machines to dispense money untraceably
whenever the attacker presses a special sequence of keys or whenever an attacker’s illegitimate card is
inserted into the device.
The technical objective of the first attack was to replace the device’s firmware with modified firmware
containing a hidden rootkit. The firmware modifications enable the attacker to obtain the master
95 Cyber Warnings E-Magazine – August 2013 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
