In December 2011 the Iranian regime proudly displayed a state-of-the-art American UAV drone they had captured. The story circulating claimed that they managed to spoof the GPS system onboard to convince the drone to land in Iran. Many experts are sceptical of this, but concede it is remotely conceivable. Whether or not this is the case, the episode is somewhat embarrassing for the USA.
If true, however, it represents one of the most audacious cyber attacks in modern times. The flow of advanced computing hardware and software is a relentless force that is empowering groups and state actors at all levels, for better or worse. A useful summary of the hazards inherent in relying on military stealth technology is provided in a Wired article from 2011. The lesson for cyber folk from this story is that complex technology is not your friend; as I iterated at length in a prior blog, we need to design for simplicity.
In the pure cyber domain the advent of stealth root kits, such as Alureon or Duku, are a source of deep concern as they use advanced code morphing techniques to scatter their functionality across the drivers and kernel code of the host system. When we see the best researchers from the vendors of the major operating systems scratching their heads in bewilderment at the sheer sophistication of these cyber threats, it is time to worry. (As was the case witnessed at a research conference on malware I chaired last year.)
At another socio-cultural level we are increasingly seeing the addition of robotic sensing, cameras and actuation in toys of all types. The potential for malware transmission, or simply malicious activity, via such active toys is a growing and real threat. My current favourite is Pinoky. This device allows you to animate any cuddly toy. The problem is that the code in such systems is never tested, scanned or even considered as a vector for malware. Then we have the imminent arrival of truly advanced entertainment and domestic robots with fully capable CPU and networked capabilities. (Check out the latest BigTrak xtr toy) This is a hacker’s dream.
The point of this blog, (yes there is one), is that the cyber realm is an ever expanding hyper-space of data and code, in which it becomes ever easier to conceal anything. Significant research effort is now being directed at intelligent data analysis techniques to automate the process of looking for anomalies or suspicious behaviour. This is comparable to fishing with a trawler and net, rather than a single fishing line, it is better, but it is still not going to catch advanced stealth threats. The only solution for that is to develop full-on machine AI, with the ability to scan the cyber depths in a sonar-like fashion. I’m working on it, but it’s a little tricky, and might take some time! In the mean-time don’t allow teddy bears near your server rooms.
By Dr. Robert Ghanea-Hercock, Chief Researcher, BT Security Research Practice
