[Fair use for education and research purpose only]

Title: Honey, There's a Bug in My Car

Apr. 12, 2000 PDT Reuters

SAN FRANCISCO -- Bugs that lurk in computer systems around the world are poised to leap into the new era of post-PC computing -- and that could spell trouble for technology consumers and security experts. Manufacturers are starting to equip a range of products from cars to refrigerators with programmable computer chips and Internet access -- and since everything that's connected can become infected, the new world of computing will hold invisible threats.

"There is a trend toward ever more interconnected things, and that's a concern -- people in these industries will have to go through the same learning curve that they did with personal computers," said Shawn Hernan, a team leader at CERT Computer Emergency Response Center, a U.S. Defense Department-funded computer security project at Carnegie Mellon University.

The impact of malicious code writers on computers is well known. In one of the most brazen "denial-of-service" attacks earlier this year, hackers bombarded Yahoo, Amazon.com, and others with millions of messages that brought down their services.

Bringing Web searches and book orders to a screeching halt might not have brought Western civilization to a standstill. So what if a few finger-twitching Webheads had to go to a bookstore or read a newspaper? But what if the attacks caused home heating systems to fail or burglar alarms to ring? Or, worse yet, if they were aimed at "911" switchboards?

Those scenarios aren't so far-fetched as they sound. In fact, computer virus experts last week were tracking down reports that a "zombie" computer attacks already took place at isolated "911" emergency switchboards in Texas and Florida.

Computer security firm Symantec Corp. researcher Vincent Weafer called the "911 bug" a relatively "low-risk event," since it required a special set of conditions to be activated. It was "relatively rare -- and not very robust."

But if the present generation of intrusion is not so frightening, the history of such invasions is that each wave carries a stronger bite. And once the potency is increased, the attackers will have a wide array of easily available software tools to spread the damage.

In the case of the 911 bug, a simple program made it possible for the "zombie" computer to dial thousands of numbers without any knowledge on the part of the computer's owner. The threat of widespread attacks that move beyond the computer is "something that we are all looking at in the computer security field," said Symantec's Weafer.

International Business Machines Corp. is placing a high priority on the threat of viral outbreaks in the new world of "ubiquitous computing," said IBM researcher David Chess. The researchers worry not only about the growing number of places that need to be protected, but also about the speed with which attacks take place.

"There is a danger in the sense that there are more niches where nasty things can spread faster," said Chess. "These outbreaks used to take place over a period of months, or days. Now it just takes a few hours."

IBM's team is studying ways to immunize entire networks against attack with software "modeled after biological systems."

A growing number of programmable devices will require that computer security systems work with such sophistication, with the ability to track down intrusions over networks and apply antidotes in real-time.

"There are thousands of places where malicious code can come in," said Sal Viveros, computer virus products marketing manager at Network Associates Inc. "As more devices become Internet-aware, from Web TV's to refrigerators to palm computers, they add more functionality. And once they become programmable they can carry malicious code."

Since more portals are opening all the time, Viveros said, computer intrusion experts are concentrating on protecting the infrastructure -- the Internet service providers and networks used to carry the invasions.

"Interdependence of global infrastructures is a fairly serious concern," said CERT's Hernan. "The potential is fairly significant. You could imagine someone writing a robot piece of code that could spread fairly quickly dialing 911 or otherwise impact things outside the Internet."

IBM's Chess said "it's not a doomed world yet," since the devices are only now being built and many manufacturers learned their lessons when the outbreaks hit personal computers. CERT's Hernan said that security experts need to make a concerted effort to educate manufacturers about potential dangers when they make their new products programmable.

"We got all these things under development for controlling home devices, things that turn on the lights, turn temperature up and down, start the coffee maker boiling," said Hernan. "There is potential for abuse when they're connected, and manufacturers have to be aware of that."

http://www.wired.com/news/technology/0,1282,35612,00.html

====================

-- (Dee360Degree@aol.com), April 12, 2000