5 February 2015
Ethan Zonca’s report ‘Hacking the Nike+ Fuelband‘ published on HACKADAY some days ago is somewhat alarming, although the device is just an electronic gadget that makes our daily life hopefully not more complex.
But this hack should make us really worried, if we consider devices in safety relevant systems or devices connected to critical infrastructure.
Consider a mobile phone that connects via Bluetooth to your CAR’s audio system. Today, a car is a computer on 4 wheels, and the audio system is an interface to this computer. Now think about a malware on your phone that shuts down this computer at 200 km/h.
Ok, only crazy guys drive at this speed, and only in Germany. But the impact of a completely uncontrolled crash on other road users and the environment might be catastrophic.
The Internet of Things offers us sheer unlimited opportunities. But IT security comes first, because it’s the basis for safety. The developers of this fuel band didn’t waste a thought on IT security. I bet threat modeling is completely unknown to them. Hopefully they tried harder in the case of your car’s computer, or in the case of sensors controlling the temperature in power plants…