How Risky Is Bleeding Edge Tech?
Experts with the Carnegie Mellon University Software Engineering Institute rate 10 up-and-coming technologies for risk.
June 5, 2016
![](https://eu-images.contentstack.com/v3/assets/blt6d90778a997de1cd/blt830dbed1113b7a33/64f0daeefe079f5ee9628132/01-bleeding.jpeg?width=700&auto=webp&quality=80&disable=upscale)
Most seasoned information security experts know that when a new technology starts taking off like wildfire, chances are pretty good that someone's going to get burned. The curve of innovation for decades has generally traversed a path where engineers think of features, bells and whistles first, security last.
As a new crop of exciting technology like smart medical devices, drones and driverless cars jockeys for position in the mainstream, the question is how much risk they'll bring to the table. A panel of experts with the Carnegie Mellon University Software Engineering Institute recently took a look at some of the hottest tech making its way to the forefront to answer this very question. Here are some of the highlights from the report, 2016 Emerging Technology Domains Risk Survey.
Google Glass was an early toe in the water in the augmented reality (AR) realm, where technology will be used to add context to a user's environment, whether by overlaying images on video or projecting images onto the physical environment.
Highest Risk Areas: CMU/SEI believes the biggest risks will present themselves when AR is used for mission-critical situational information, such as navigation systems or medical systems where a professional must depend upon them to safely pilot a vehicle or perform a medical procedure.
"The criticality of such systems makes any compromise a potentially high-risk event to victims," says the report.
Plastics, fibers, metals and more are being utilized as raw material for a new generation of 3D printers that changes the scale necessary to quickly manufacture items. Whether it's for rapid development of prototypes in R&D and product design or to create products to sell to computers, 3D printers are likely to gain steam in the business world in the coming years.
Highest Risk Areas: Interestingly, this is one technology that doesn't concern CMU/SEI experts very much when it comes to being put in use in the enterprise. The only area they believe could create a challenge is that it may put tools in the hands of black hats to easily create custom-print keys, or programmable logic boards and controllers. This could be applied to breach physical security, easily clone intellectual property or even carry out sabotage on-site.
This is the domain of electronics, communication and display technology used in vehicular dashboard systems--the stuff of controls, navigation and entertainment systems. This area is already being embraced by the mainstream and the risks are presenting themselves in spades.
Highest Risk Areas: "Telematics should be considered a high-risk domain for systemic vulnerabilities," the report explains, citing Charlie Miller and Chris Valasek's research into the Jeep Cherokee as prime example of how exploitable these systems are. "A telematics system is very tightly integrated with other systems in a vehicle and provides a number of functions for the user."
These phishing scams are usually perpetrated through spoofed emails, intercepted facsimiles or telephone communications giving instruction to redirect invoice payments. The last two years have seen the rise of attackers targeting victims using spoofed accounts of their CEOs and CFOs to direct them to send money to fraudulent sources. The BEC losses totaled $263 million in 2015.
Connected devices give medical caregivers a treasure trove of data and greater accuracy in treating patients, while consumers are often offered more flexibility and control over their care when not at the doctor's office. As the report noted, most new devices in hospitals are network-enabled and smart medical devices continue to proliferate the market.
Highest Risk Areas: Not only do connected devices expose more patient data and information to potential breaches, but as the control over devices directly connected to patients becomes more connected and remotely accessible, the potential for physical harm to patients increases.
"An attacker could theoretically increase or decrease dosages, send electrical signals to a patient, or disable vital sign monitoring," the report says.
It's only taken six decades, but the sci-fi of the 1950s is finally coming to fruition, as smart robots with reliable artificial intelligence finally start to become a reality. These autonomous machines can learn tasks or adjust transportation routes based on previous failures or new data, and they could be as close as five to 10 years from mainstream use.
Highest Risk Areas: Whether through back-end servers or the robots themselves, the potential for vulnerability surface areas is high and the risk of destruction of property or death or injury of human workers will be present even if robots are limited by hardware and safety programming, the report says.
Smart sensors are the heart of the IoT, offering information about or control over elements in physical environments. It's a market that experts say will reach $7.1 trillion by 2020.
Highest Risk Areas: The range of uses of smart sensors is about as endless as the potential risks presented by the capabilities.
"This range of capabilities suggests that adversaries will be able to conduct attacks that affect our environment in ways that are difficult to predict," the report warns. "Privacy can be compromised if embedded cameras in smart lights are exploited, or adversaries may use their access to smart thermostats to assess whether or not a person is home."
Commercial Unmanned Aerial Vehicles (UAVs) have moved far beyond their military roots, as entrepreneurial ingenuity begins to put them to use for a host of purposes, including surveillance, traffic monitoring, agriculture, filming and shipping.
Highest Risk Areas: "A compromise of a drone fleet or even a widespread vulnerability could wreak havoc on shared airspace and on the people living below," say CMU/SEI experts. "If drones become more widely used, considerably more damage may be possible."
Auto-pilot for cars has been in the works for decades in the academic world and as more tech giants like Google, Tesla and Apple put their financial weight behind driverless car initiatives, it won't be long before even consumer options for driverless vehicles start to hit the roadways.
Highest Risk Areas: Given the fact that vehicles can be considered weapons in the eyes of the law, the potential for physical harm and damage at the hands of an automated vehicle is high, whether through poor implementation of technology or active exploit at the hands of attackers.
Intelligent transport systems and smart-city technology that communicates with cars, either through vehicle-to-vehicle (V2V) communication or vehicle-to-infrastructure (V2I) communication are yet another revolution in the IoT. V2V comms will let vehicles share speed, positon and status information to other nearby vehicles and V2I opens up opportunities for communication with smart roads, tollbooths and other infrastructure components.
Highest Risk Areas: As things stand, car communications systems are only used to communicate safety warnings to the driver rather than impose any kinds of controls. But that could change.
"Recent vehicular automotive vulnerability research has demonstrated that the introduction of new technology into a vehicle can create behavior that the manufacturer did not intend," the report notes. "The future use of this technology as a control mechanism introduces even more risks, including those with fatal results."
Intelligent transport systems and smart-city technology that communicates with cars, either through vehicle-to-vehicle (V2V) communication or vehicle-to-infrastructure (V2I) communication are yet another revolution in the IoT. V2V comms will let vehicles share speed, positon and status information to other nearby vehicles and V2I opens up opportunities for communication with smart roads, tollbooths and other infrastructure components.
Highest Risk Areas: As things stand, car communications systems are only used to communicate safety warnings to the driver rather than impose any kinds of controls. But that could change.
"Recent vehicular automotive vulnerability research has demonstrated that the introduction of new technology into a vehicle can create behavior that the manufacturer did not intend," the report notes. "The future use of this technology as a control mechanism introduces even more risks, including those with fatal results."
Most seasoned information security experts know that when a new technology starts taking off like wildfire, chances are pretty good that someone's going to get burned. The curve of innovation for decades has generally traversed a path where engineers think of features, bells and whistles first, security last.
As a new crop of exciting technology like smart medical devices, drones and driverless cars jockeys for position in the mainstream, the question is how much risk they'll bring to the table. A panel of experts with the Carnegie Mellon University Software Engineering Institute recently took a look at some of the hottest tech making its way to the forefront to answer this very question. Here are some of the highlights from the report, 2016 Emerging Technology Domains Risk Survey.
About the Author(s)
You May Also Like
CISO Perspectives: How to make AI an Accelerator, Not a Blocker
August 20, 2024Securing Your Cloud Assets
August 27, 2024