Can You Be Hacked by The World Around You?
Jeremy Straub, 13 Oct 17
       

Could scanning a QR code be an invitation to malware? Zapp2Photo/Shutterstock.com

You’ve probably been told it’s dangerous to open unexpected attachment files in your email – just like you shouldn’t open suspicious packages in your mailbox. But have you been warned against scanning unknown QR codes or just taking a picture with your phone? New research suggests that cyberattackers could exploit cameras and sensors in phones and other devices.

As someone who researches 3-D modeling, including assessing 3-D printed objects to be sure they meet quality standards, I’m aware of being vulnerable to methods of storing malicious computer code in the physical world. Our group’s work is in the laboratory, and has not yet encountered malware hidden in 3-D printing instructions or encoded in the structure of an item being scanned. But we’re preparing for that possibility. 

At the moment, it’s not very likely for us: An attacker would need very specialized knowledge about our system’s functions to succeed in attacking it. But the day is coming when intrusions can happen through normal communications with or sensing performed by a computer or smartphone. Product designers and users alike need to be aware of the risks. 

Transmitting infection

In order for a device to become infected or compromised, the nefarious party has to figure out some way to get the computer to store or process the malware. The human at the keyboard has been a common target. An attacker might send an email telling the user that he or she has won the lottery or is going to be in trouble for not responding to a work supervisor. In other cases, a virus is designed to be unwittingly triggered by routine software activities.

Researchers at the University of Washington tested another possibility recently, embedding a computer virus in DNA. The good news is that most computers can’t catch an electronic virus from bad software – called malware – embedded in a biological one. The DNA infection was a test of the concept of attacking a computer equipped to read digital data stored in DNA.

Similarly, when our team scans a 3-D printed object, we are both storing and processing the data from the imagery that we collect. If an attacker analyzed how we do this, they could – perhaps – identify a step in our process that would be vulnerable to a compromised or corrupted piece of data. Then, they would have to design an object for us to scan that would cause us to receive these data.

A 3-D scanning rig in our lab. Jeremy StraubCC BY-ND

Closer to home, when you scan a QR code, your computer or phone processes the data in the code and takes some action – perhaps sending an email or going to a specified URL. An attacker could find a bug in a code-reader app that allows certain precisely formatted text to be executed instead of just scanned and processed. Or there could be something designed to harm your phone waiting at the target website.

Imprecision as protection

The good news is that most sensors have less precision than DNA sequencers. For instance, two mobile phone cameras pointed at the same subject will collect somewhat different information, based on lighting, camera position and how closely it’s zoomed in. Even small variations could render encoded malware inoperable, because the sensed data would not always be accurate enough to translate into working software. So it’s unlikely that a person’s phone would be hacked just by taking a photo of something.

But some systems, like QR code readers, include methods for correcting anomalies in sensed data. And when the sensing environment is highly controlled, like with our recent work to assess 3-D printing, it is easier for an attacker to affect the sensor readings more predictably.

Sign in to view full article

       
How and Why We are Moving Beyond GDP as a Measure of Human Progress
How we track our economy influences everything from government spending and taxes to home lending and business investment. In our ...
Tani Shaw
Thu, 5 Jan 17
610 Office, ‘China’s Gestapo’, Is Criticized by Party Investigators
Working with the Chinese police, agents of the “610 Office” would break into the homes of Falun Gong practitioners, ransack ...
Larry Ong
Mon, 2 Jan 17
Explainer: How The Brain Changes When We Learn To Read
Right now, you are reading these words without much thought or conscious effort. In lightning-fast bursts, your eyes are darting ...
Nicola Bell
Thu, 18 May 17
Letter from Former Insider at Chinese Hospital Reports Detail About Organ Harvesting
A foreign patient receives a life-extending organ transplant in a Chinese hospital. Feeling grateful, he asks a hospital staff member ...
Epoch Times Staff
Mon, 2 Jan 17
Gut Check: Researchers Develop Measures to Capture Moral Judgments and Empathy
Imagine picking up the morning newspaper and feeling moral outrage at the latest action taken by the opposing political party. ...
C. Daryl Cameron
Sat, 1 Apr 17
An Epoch Times Survey
An Epoch Times Survey
At Epoch Times, We Care :o)
Read about Forced Organ Harvesting
Sports Elements
Sports Elements