Many London EC3 commuters will wonder if their experience of using trains in the UK could possibly get any worse. The answer is yes, lots. The UK rail network was hit with four serious cyber attacks in the last year alone apparently.
The rather worrying revelation comes from Darktrace, a sinister sounding company that provides security to Network Rail. More intriguing, the attacks were believed to have been sponsored by nation states.
Darktrace said the breaches had been “exploratory” rather than disruptive. But that’s not very reassuring.
Sergey Gordeychik, a researcher at Kaspersky Lab in Moscow, told Sky News that he had discovered several weaknesses in rail infrastructure. Apparently, hackers could make mischief by taking over information boards. But they could also potentially take over control systems such as signalling.
It doesn’t bode well for the UK’s critical transport infrastructure: Network Rail is currently rolling out a new digital signalling project. That’s bound to attract the attention of terrorists, as well as unfriendly nation states isn’t it?
Also, in discussions I’ve had recently with cyber risk underwriters it seems that holding businesses to ransom by stealing data or perpetrating denial of service attacks is growing more popular. That must make the big rail companies running the UK’s privatised service vulnerable.
Whether travellers would notice a big change in the level of service provided is open to debate, however.
Airborne hacking takes off
Drone technology has added another, new dimension to computer hacking. According to speakers at the recent Black Hat convention in Las Vegas, drones can be used to attack “over the air” protocols such as RFID, ZigBee, Bluetooth, Wi-Fi, and more.
Francis Brown, a partner at cyber security consulting firm Bishop Fox, said drones can be made using 3D printing that are the equivalent of “laptops that can fly”. He reckons that hackers can employ fairly simple drones to sit above or on top of office buildings to intercept corporate communications. Such information is vulnerable because security measures sometimes assume that it’s not possible to get close enough to compromise them.
Bishop Fox markets a drone that can be used by security professionals to test their connections and to protect against a hacker using their drone. It’s a case of fighting fire with fire – but it’s not the only way. Other vendors have developed drones that use old fashioned nets to capture airborne sneaks. In Holland, the police are even training eagles to bring down drones.
Remote control Jeep
Still at the Black Hat conference, according to reports, Charlie Miller and Chris Valasek demonstrated how they can stop a car mid-drive by tricking the vehicle into turning on the parking brake and how they can manipulate the steering. Both potentially lethal operations can be carried out at speed. Miller and Valasek hit the headlines last year when they hacked the same Jeep, leading to Fiat Chrysler recalling over a million of the vehicles.
Fiat Chrysler wouldn’t tell Forbes magazine whether or not it would patch the Miller and Valasek’s vulnerabilities saying the stunt needed direct access to the car via the on-board diagnostics (OBD) port. That’s OK then.
Meanwhile, motor insurers in Europe will be interested to hear that millions of vehicles sold by VW since 1995 can be opened remotely by hackers using a homemade radio to read key fob signals. The discovery poses an immensely expensive problem for VW and maybe other manufacturers as they will need to recall and fix the vehicles.
Insurer innovation, French style
Insurers have come in for lot of criticism recently over their perceived inability to innovate, especially in the tech space. But look at what the French insurer Ageas has come up with: an app based insurance product for “millennials’” possessions - stuff like smart phones, tablets, laptops, bikes, cameras etc.
Called “Back Me Up”, the insurance product has no annual contract, no penalty fees, and the choice to switch possessions in and out of cover to protect what matters most. It provides customised, all-in-one cover by simply uploading a photo and choosing the description of an item. Users can switch possessions in and out whenever they want, as well as drop the cover whenever they want, with no penalty fees and charges to pay.
For a flat fee of £15 per month, Back Me Up’s Core Cover protects three items of stuff against accidental and malicious damage, loss and theft, with a claims limit of up to £3,000 in total each month. It also includes travel cover. Users can build their own cover, adding modular style bolt ons from £3 per month, which range from landlord conflict cover to adventure sports.
It sounds like a great idea - but I do hope they have factored in the propensity for some unscrupulous people to subsidise their holidays through claims on their insurance.