Back in 2015, Samsung smart refrigerators were found to contain a man-in-the-middle vulnerability that could be exploited to steal Gmail login credentials. In 2020, robot vacuums packed with sensors were shown to map rooms with lidar technology, recognize objects with cameras, and be vulnerable to a battery hack that could lead to fire risk. While the idea of a smart fridge getting hacked may seem like a low risk, any vulnerable device connected to the internet has the potential to serve as a launchpad for further attacks on other devices on the same network, such as work laptops with personal and confidential data.
Whether it's artificial intelligence gone wrong or traveling through time to prevent the apocalypse, Sci-Fi as a genre has long depicted digital threats facing the future of humanity. As the human world becomes more intertwined with the Internet of Things, the lines between fantasy and reality blur. This blog explores the perceivable and far-fetched depictions of artificial intelligence, rogue smart devices, and cyber warfare in cinema.
I Hacked Into A Wrecking Ball
TV Show: Mr. Robot
Scenario: Internet-connected demolition equipment gets hacked and begins to demolish a home before the scheduled time.
Is It Realistic: Yes
In the popular TV show Mr. Robot, one scene shows a cop entering a home scheduled to be demolished at a specific time of day. The demolition equipment is connected to the internet and gets hacked remotely, adjusting the time to reflect the scheduled demolition. The wrecking ball begins to demolish the home with the cop still inside, and while it may seem wild, in reality, this is absolutely possible. Twitter account @internetofsh** showcases stories of people and smart devices, from humorous to horrifying. While food delivery robots experiencing a traffic jam may seem harmless enough, reports from the AWS us-east-1 server outage provided a terrifying reality; it's freezing outside, and with the internet down, we cannot turn on our heat.
AI of Interest
TV Show: Person of Interest
Scenario: AI created by humans with nefarious goals starts a war between two factions.
Is It Realistic: Unknown (until AI exists)
Person of Interest is a popular TV series that aired on CBS. After the first few seasons, the show shifted from a standard procedural drama to a deeper level of entertainment that explored underlying presumptions, specifically to do with AI and defining what it is to be alive. The show gets deep into questions like, where does the AI live? If it's a physical location, can it be breached? Can someone blow it up? Can someone try to take it out? The show portrays both "good" and "bad" AI and explores how they establish self-preservation, such as maintaining backups of themselves so that they can restore at any time. The show also heavily explores the ethics around AI. For example, when an AI is created for good vs. made to do nefarious things, is the AI itself really good or bad? Is it ethical to have one centralized intelligence able to monitor all people everywhere and be able to predict their behaviors? If doing so maliciously, how do you start influencing people? If you're trying to affect a specific change, what can you do to tweak things so that people don't notice they're being controlled? This AI-influenced society plays out with people living in a system of control with which they have no say and cannot escape. For example, when AI deems a person a potential risk, their credit score may be lowered so they cannot start a new business or obtain future loans.
Hit Like and Subscribe...Please?
TV Show: Black Mirror
Scenario: Rating-based society where a person's star rating determines where they can work, live, and with whom they can interact.
Is It Realistic: Yes
Another depiction of this type of rating-based society comes from the episode Nosedive of the Netflix show Black Mirror (S3 E1). In this world, socioeconomic status is based entirely on a persons ‘star rating,' which is established by other people based on social interactions. A person's rating is valued above all else by society and determines every aspect of life, including where a person can work, live, and even with whom they can socialize. Again, this concept is not far-fetched. In 2009, the People's Republic of China government introduced regional trials of what would become known as the Social Credit System in the coming years. The Social Credit System is a national credit rating and blacklist program that claims to help regulate social behavior, improve the "trustworthiness" of citizens, and promote traditional moral values. However, critics believe that the program infringes on the privacy and legal rights of China's residents and organizations. Ethics aside, a nationally-deployed rating-based system is entirely possible, as is the potential for a system like this to be hacked.
Erased Without a Trace
Movie: The Net
Scenario: A person discovers that their identity has been completely erased and replaced with the identity of a criminal.
Is It Realistic: Unlikely
In the 1995 film, The Net, Sandra Bullock's character experiences identity theft where her previous identity was completely erased and replaced with a new one. Most people have some kind of digital footprint, so is something like this even possible? It is unlikely. Whether an online echo of backed-up data or some scrap of physical information such as a billing slip or piece of mail, there is bound to be something that could be used to point to a person's true identity. While the concept of ‘erasing' someone on a massive scale is unlikely, it certainly makes for good entertainment.
Fire Sale: Everything Must Go
Movie: Live Free or Die Hard
Scenario: A cyberterrorist and his accomplices deploy a cyber attack in three stages: take down transoprtation systems, disable financial systems, and turn off public utility systems.
Is It Realistic: Yes, on a small scale. Unlikely on a national level.
In the fourth installment of the Die Hard Series, Live Free or Die Hard, a cyberterrorist and his group of nefarious accomplices set out to take down the grid. Their attack method was called a Fire Sale because everything must go. With the cooperation of many black hat computer specialists, the Fire Sale is deployed in a three-staged approach. First, shut down all transportation systems, then disable financial systems such as banks and Wall Street, and finally, turn off public utility systems such as electricity, gas, telecommunications, and satellite systems.
Taking down energy, transportation systems, financial systems, and public utilities would take an immense amount of time and planning. Even if everything were done right, pulling off a coordinated attack like a Fire Sale would require orchestration and cooperation of hundreds of highly skilled individuals. Moreover, should even one piece of the operation become compromised, a cascade effect could occur and blow the entire operation. That being said, it is certainly not impossible, especially on a smaller scale, as proven by the SolarWinds attack. And in theory, anything is hackable if given enough time and the right resources.
Defending Against IoT Security Threats
In 2021, the number of globally connected devices increased by 9% over 2020 (now at 12.3 billion devices worldwide) and is projected to continue on this upward trajectory. This accelerated growth of the global IoT market and the widespread adoption of connected devices paves the way for new and evolving cyberthreats. So what can be done to boost IoT security and thwart potential attackers?
- Isolate Smart Devices
Isolate smart devices on a Wi-Fi access point that does not connect to devices containing sensitive data such as laptops and phones. Isolating devices make it more difficult for a hacker to use a vulnerable device as a launching point for further attacks. - Create Strong Passwords
While this may seem like a belabored point, password security remains vital for maintaining a strong security posture. Utilize multi-factor authentication as an added security layer, and use a reputable password manager to create long, complex, and unique passwords that don't require memorization. - Test Internal Defenses
Choose a reputable and industry-certified security firm to act as your partner and perform penetration testing to test how well your organization's defenses would stand up to an actual cyber attack. Pen testing will uncover security vulnerabilities, and a strong partner will provide an easy to understanding remediation plan to help you make informed decisions regarding your information security program. - Test Employees
Ensure employees are trained on relevant cybersecurity threats facing your organization and tested on social engineering threats, including simulated phishing and vishing (telephone phishing) attacks. - Enlist Cybersecurity Software
From anti-virus software to password management tools, these resources provide critical information that can help prevent and detect potential threats. - Update and Patch Software
Ensuring software is up to date is a great way to minimize exposure to old vulnerabilities and bugs and ensure devices continue to operate smoothly. However, updates can also contain vulnerabilities, so utilize a vulnerability management tool to ensure due diligence before launching organization-wide updates.
Schedule a Free Consultation
Secure your digital environment with comprehensive penetration testing services. Whether you are ready to test your web application or want to learn more about the different types of simulated testing and what is the best fit for your organization, our team of security experts is ready to meet your security needs. Schedule a consultation today to speak with a security expert at RedTeam Security.
10-Point Offensive Security Checklist
Download Free Resource Download Free Resource