Worst-Case Scenarios: Cyber Love Canal

Many visionaries, researchers, and commercial actors herald the coming of the Internet of Things. Computers will no longer look like computers but rather like thermostats, household appliances, lightbulbs, clothing, and automobiles; these embedded systems will permeate our living environments and converse with one another and all other networked computers.

What’s more, these systems will intimately interact with the physical world: with our homes, schools, businesses, and bodies—in fact, that’s the point. In the visions put forth, the myriad embedded devices magically enhance our living environments, adjusting lights, temperature, music, medication, fuel flow, traffic lighting, and elevators.

It’s tempting to insert a utopian sketch of a “typical day in 2025” here, but there are plenty of sketches out there already. It’s also tempting to insert a dystopian sketch of what might happen if a malicious adversary mounts a devious attack, but that’s been done nicely too—see Reeves Wiedeman’s article “The day cars drove themselves into walls.” It’s a scenario that could happen based on what already has [111].

However, I will offer an alternative dystopian vision of this future world. Every object in the home—and every part of the home—is inhabited by essentially invisible computational boxes that can act on the physical environment. But rather than being helpful, these devices are evil, acting in bizarre, dangerous, or unexpected ways, either chaotically or coordinated in exactly the wrong way. We can’t simply turn these devices off because no one knows where the off switches are. What’s worse is that we don’t even know where the devices are!

This vision of dark magic might inspire us to look to horror novels or science fiction for metaphors. However, real life has given us a better metaphor: environmental contamination. We’ve seen buildings contaminated by lead paint and asbestos and rendered unusable by chemical spills at nearby dry cleaners, a research lab rendered uninhabitable by toxic mold, and Superfund sites called brownfields that can’t be built on (at least, without often expensive remediation). In all these cases, technology (usually chemical) intended to make life better somehow backfired and turned suburban utopias into wastelands.

What happened at the Pearl Harbor naval base is widely known. However, Americans over 50 might also remember Love Canal, a neighborhood of Niagara Falls, New York, that became synonymous with chemical contamination catastrophe. Vast amounts of chemical waste buried under land that later supported homes and schools led to massive health problems and the eventual evacuation and abandonment of most of the neighborhood.

What some might term a “cyber Pearl Harbor”—a coordinated, large-scale attack on our computational infrastructure—would indeed be a bad thing.² However, we should also be worried about a “cyber Love Canal”—buildings and neighborhoods, not to mention segments of our cyberinfrastructure, rendered uninhabitable by widespread “infection” and loss of control of the IoT embedded therein. The way we build and deploy devices today won’t work at the scale of the envisioned IoT and will backfire, like so many hidden chemical dumps. Continuing down this path will similarly lead to “cyber brownfields.”

“Things don’t work” is the security idealist’s standard rant. A more honest observation is that, although flawed, things work well enough to keep it all going. For the most part, we know where the machines are—workstations and laptops in offices, servers in data centers. The operating system (OS) and application software are new enough to still be updated, and machines are usually expensive enough to justify users’ attention to maintenance and patching before too many compromises happen.³

The current IT infrastructure is compromisable and compromised, with occasional lost productivity and higher fraud losses amortized over a large population—yet life goes on, mostly. The fact that I am writing these words on networked machines while the web continues to work proves that.

However, in the IoT, the numbers, distribution, embeddedness, and invisibility of devices will change the game. Suppose we build the IoT the same way we built the current internet. When the inevitable input validation bug is discovered, there will be orders of magnitude more vulnerable machines. Will embedded machines be patchable? Will anyone think to maintain inexpensive parts of the physical infrastructure? Will machines and software last longer than the IoT startups that create them? Will anyone even remember where the machines are?Imagine a world in which we needed to update each door, each electrical outlet, and perhaps even each lightbulb on Patch Tuesday.

When the inevitable happens, what will a compromised machine in the IoT be able to do? It’s no longer just containing data; it’s controlling boiler temperatures, elevator movement, automobile speed, fish tank filters, and insulin pumps. Consider the effects of denial of service on our physical infrastructure. In winter where I live, temperatures of –15°F are common. How many burst pipes and damaged buildings—and maybe even deaths—would we have had if a virus shut down all the heating systems? The recent nonfiction book Five Days at Memorial by Sheri Fink chronicled the horrors of being trapped in a New Orleans hospital when Hurricane Katrina shut down basic infrastructure, including electricity, transport, and communication [31]. Could an infection in the IoT cause similar infrastructure loss?

Fail-stop is bad enough, but compromised machines in the IoT can do more than simply stop; they can behave arbitrarily. What havoc might happen when elevators, automobiles, and door locks start behaving unpredictably? A decade ago, a compromise at my university led to a large server being coopted to distribute illegal content—annoying, but relatively harmless. What could happen when schools, homes, apartment buildings, and shopping malls are full of invisible, forgotten, and compromised smart devices?

What’s Different?

“We already have an internet,” some readers may wonder, “and it works pretty well. Why the fuss about a new one?” This chapter addresses that question. What’s different about the IoT?

Kevin Ashton, credited with inventing the term “IoT,” sees the connection to humanity as the distinguishing factor [5]:

The fact that I was probably the first person to say “Internet of Things” doesn’t give me any right to control how others use the phrase. But what I meant, and still mean, is this: Today computers—and, therefore, the Internet—are almost wholly dependent on human beings for information. Nearly all of the roughly 50 petabytes (a petabyte is 1,024 terabytes) of data available on the Internet were first captured and created by human beings—by typing, pressing a record button, taking a digital picture or scanning a bar code. Conventional diagrams of the Internet include servers and routers and so on, but they leave out the most numerous and important routers of all: people.

Ahmed Banafa goes further—the next stage in the evolution of computing systems, the IoT connects to everything [6]:

The Internet of Things (IoT) represents a remarkable transformation of the way in which our world will soon interact. Much like the World Wide Web connected computers to networks, and the next evolution connected people to the Internet and other people, the IoT looks poised to interconnect devices, people, environments, virtual objects and machines in ways that only science fiction writers could have imagined.

This latter definition is the sense in which I use the term in this book. In the IoT, we are layering computation on top of everything—and then interconnecting it.

Because it thus scales up from the IoC in so many dimensions, the IoT becomes something new. Even in the IoC, internet pioneer Vint Cerf saw the newness created by scale [50 p. 29]:

…It’s difficult to envision what happens when extremely large numbers of people gain access to a technology, such as the Internet. It’s a bit like being the inventor of the automobile and imagining a few dozen of them, not knowing how 50 million or 100 million of them would affect the attitudes, customs, behavior and actions of the entire country…and the world.

However, the IoT will be many orders of magnitude larger than even the current internet and interconnect devices far smaller. What’s more, the amount of data these devices generate will also be orders of magnitude greater; thanks to its embedded machines, a Boeing 737 flying from Los Angeles to Boston generates more bytes of data than the Library of Congress collects in one month.

Inevitable and Unfortunate Decay

When it comes to the physical world, engineering generally works—with software, not so much. A friend in grad school once quipped, “Software engineering is the field of the future, and it will always be the field of the future.” Although this was several decades ago, it is unfortunately still true.

When it comes to building physical things out of materials such as wood, steel, and concrete, humanity has figured out how to select the right materials and then assemble them into things like houses and bridges, with a fairly good estimate of how long these houses and bridges will hold up. It does not happen that every few weeks, an announcement goes out that all houses built with a certain kind of door suddenly need to have the doors replaced; it is not the general custom for people to avoid going into houses more than 20 years old because they are worried they will suddenly collapse or be filled with dangerous criminals, simply because the owners neglected to repaint them every “paint Tuesday.”

However, when it comes to things humans build in software, these scenarios—ridiculous for physical infrastructure—are standard practice. It is extremely hard to build software systems that, with high confidence, will last a few years (let alone decades) without the discovery of bugs and critical security issues. Reasons effective software engineering is so hard include:

• The sheer number of “moving parts” (e.g., it takes at least a half dozen Boeing 747 airplanes to have as many physical parts as lines of code in a basic laptop OS).

• The way these parts compose and interact (it is unlikely for a part in one airplane to reach out and subvert the functioning of a different part in a different airplane—but this happens all the time in software modules).

• The economic forces that can make software products be rushed to market with insufficient testing.

• The fact that, thanks to the internet, the attack surface (perimeter) on a piece of software may be exposed to all the world’s adversaries, all the time.

Nonetheless, this is the reality. Systems that do not receive regular patching are assumed to be compromised—leading to a Through the Looking-Glass world where users and administrators must keep running to stay in the same place (Figure 1-1). What’s even stranger about this, from the physical engineering metaphor, is that it’s usually not the case that the components suddenly break and must be fixed. Rather, usually, the components were always broken; it’s only that the defenders (and hopefully the adversaries also) just learned that fact.

Figure 1-1. The need for software updates means we must continually run just to stay in the same place. (John Tenniel illustration for Through the Looking-Glass, public domain.)

Indeed, on the day I was writing this, researchers from cyber security company Check Point announced that Facebook’s Chat service and Messenger application have flaws in how participants construct URLs for communication, and that an adversary can use these flaws to take over conversations [13]. Yesterday, the day before, and even back in 2008 when Chat was announced, this service was considered secure—but the zero-day vulnerabilities were always there.

The IoT’s Impact on the Physical World

One principal way the IoT differs from the IoC is the intimate connection of the IoT to physical reality. This connection amplifies the consequences of IT—expected behavior, unexpected behavior, malicious action.

For an example of troubling consequences for teachers (like me), Amazon sells some interesting smart watches [55]. As the Independent reported in March 2016:

“This watch is specifically designed for cheating in exams with a special programmed software. It is perfect for covertly viewing exam notes directly on your wrist, by storing text and pictures. It has an emergency button, so when you press it the watch’s screen display changes from text to a regular clock, and blocks all other buttons,” the seller wrote.

However, there are already many examples of deeper consequence.

Airplanes

Airplanes are another high-impact transportation medium affected by the IoT.

The planes themselves are distributed cyber-physical systems: computers and networks and sensors and actuators packaged and distributed in a thin metal frame flying through the air and carrying people. Back in the 1980s at Carnegie Mellon University’s Software Engineering Institute, I was told about a fighter jet that had a bug in its software—and it was easier to fix the jet to match the software than the other way around. (Unfortunately, I have never been able to find independent documentation of this problem.) In 2011, the Christian Science Monitor reported that Iranians had captured a US drone by remotely compromising its navigation system and convincing it to land in Iran [85], bringing to mind World War II stories of UK attacks on the more primitive navigation systems used by German bombers [56].

In 2007, associate professor in the department of Electrical and Computer Engineering at Carnegie Melon University, Phil Koopman [64] lamented how, as the airplane’s computer systems reached to the passenger seats, “Passenger laptops are 3 Firewalls away from flight controls!” In early 2015, security researcher Chris Roberts made headlines by being detained by the FBI for allegedly breaking into and manipulating an airplane’s controls from a passenger seat [118]. (Some doubt exists as to how successful he really was.) According to reports, to do this, he first had to physically break into the electronic box under this seat to access the network ports. (Chapter 3 will consider some of the controversy surrounding the concept of fly-by-wire.) As Figure 1-2 shows, later in 2015, I took a flight on a commercial 747 that made this physical break-in step unnecessary. (No, I did not attempt an attack.)

Figure 1-2. On this commercial flight, I would not need to break into a physical box to connect to the Ethernet. (Photo by author.)

The penetration of IT into the dependent infrastructure can also have consequences. In April 2015, American Airlines flights were delayed when “pilots’ iPads—which the airline uses to distribute flight plans and other information to the crew—abruptly crashed” (apparently due to a faulty app) [81]. In June 2015, United Airlines grounded all of its US flights due to an unspecified problem with “dispatching information” [117]. In June 2015, LOT Polish Airlines needed to ground flights due to an unspecified cyberattack on its ground systems [22]. In August 2015, problems with the air traffic control system in the eastern US significantly disrupted flights to and from Washington and New York [98].

The IoT reaches far.

The Physical World’s Impact on the IoT

Distributing IT throughout physical reality not only permits the IoT to impact the physical world—it also permits the physical world to impact the IoT.

Worst-Case Scenarios: Cyber Pearl Harbor

Pearl Harbor, as most US citizens were taught in school, was the site of a surprise Japanese attack on the US Navy, which catapulted the US into World War II. In the parlance of contemporary media, the term “Pearl Harbor” has come to denote the concept of an infrastructure left completely undefended and how only a massive attack makes society take that exposure seriously.

Our society’s current information infrastructure is likely full of interfaces with exploitable holes. Pundits often discuss the potential of a “cyber Pearl Harbor”—sometimes in caution, referring to the devastation that could happen if an adversary systematically exploited the holes in exactly the wrong way, but sometimes in frustration that only such a large-scale disaster would create the social will to solve these security problems.

Targeted Malicious Attacks in the IoT

As Figure 1-3 shows, researchers at SRI are already worrying about what might transpire if terrorists combined traditional kinetic methods with IoT attacks. Speculation about what might happen has even more credibility when one considers what has already happened.

Figure 1-3. Researchers at SRI speculate on the potential of augmenting traditional kinetic terrorism with IoT attacks. (Illustration by Ulf Lindqvist of SRI International, used with permission.)

The IoT has already seen vandalism with consequences. Ransomware has already been discovered in hospital computers [35] and smart TVs [16]. Analysts predict ransomware will come to medical devices themselves [34]. In spring 2016, a penetration colleague predicted it will come to all smart home appliances; in summer 2016, hackers at DefCon demonstrated a proof-of-concept for smart thermostats. On a larger scale, in early 2008, the Register reported [72]:

A Polish teenager allegedly turned the tram system in the city of Lodz into his own personal train set, triggering chaos and derailing four vehicles in the process. Twelve people were injured in one of the incidents. The 14-year-old modified a TV remote control so that it could be used to change track points.

In 2014, the German government reported [5]:

A blast furnace at a German steel mill suffered “massive damage” following a cyber attack on the plant’s network…. [A]ttackers used booby-trapped emails to steal logins that gave them access to the mill’s control systems.

On a related note, a penetration colleague of mine has shown me screenshots of steel mill control GUIs exposed on the open internet via VNC, noting that the GUI indicated that something was at “1,215 degrees C” and speculating on what might happen in the facility if one randomly played with the control buttons.

The IoT has also seen apparent nation-state level attacks. Perhaps the best-known of these was 2010’s Stuxnet, malware that used a number of zero-day techniques (and even jumped across airgaps via USB thumb drives) to seek out systems connected to particular Siemens programmable logic controllers (PLCs) wired to centrifuges at Iran’s uranium enrichment facilities (e.g., [69, 70]). Widely believed to have been developed and deployed by the US National Security Agency (NSA), perhaps in collaboration with Israel, Stuxnet was designed to cause enough centrifuge failures to slow down Iran’s alleged weapons program—but not enough to alert Iran that sabotage might be occurring. In June 2016 a “Stuxnet copycat,” also appearing to target specific installations of particular Siemens industrial control systems, was discovered, although its full picture remains unknown [23].

December 2015 brought another high-profile incident: a nation-state level actor, widely believed to be Russia, used a variety of cyber attacks to bring down the power grid in the Ukraine (e.g., [27]). Although no one particular technique here was groundbreaking, the overall coordination and scope was impressive—as was the fact that initial steps of the attack had occurred at least nine months earlier.

Where to Go Next

The IoT will continue to grow exponentially and evolve in remarkable ways. As it does, we must acknowledge that we need to prepare for and, where possible, take actions to avoid certain “fundamental truths.”

First, although some vendors will try to push top-down ecosystems, the IoT will probably grow organically, a global mashup of heterogeneous components with no top-down set of principles determining its emergent behavior. This lack of control might help segment security problems at a macro scale but will be a disturbing reality for any entity that would prefer to centrally control the IoT as a large, intelligent, interconnected network. In particular, we should expect abandoned or otherwise legacy segments of today’s IoT to have unanticipated interactions with and impact on the internet of tomorrow, like buried drums of highly toxic cyberwaste.

The creators of the IoT are only human and tend to replicate components at every opportunity. Industry segments are rooted in system designers’ tendency to apply their favorite tools across the problem space. Common hardware and firmware libraries will show up on the IoT in surprising places; we can expect to see smart snowboards, thermostats, lightbulbs, and scientific instruments using the same connected microcontrollers and firmware. This hidden homogeneity can be bad, because just about anything having a particular “genetic” vulnerability might be compromised. However, a systematic homogeneity might also be beneficial if well-designed and inherently safe subsystems—those having the right “IoT DNA”—are widely adopted.

Consumers care little about testing regimes, product recalls, and other measures enacted in their best interest. IoT watchdog groups might start testing for compliance against a set of IoT safety standards, and governments might impose IoT safety regulations and dictate recalls, but we can expect consumers to purchase and deploy substandard devices. The IoT industry could introduce safety-assuring protocols—for instance, applying blockchains for IoT messaging. However, providers and customers will surely look elsewhere if such measures raise costs without adding significant and obvious value.

Finally, consumers’ hunger for the latest and greatest might save their IoT, but enterprises’ conservatism could break theirs. We might be able to exploit consumers’ inherent desire for newer, better, faster to promote the ecosystem’s health, at least among the consumer-facing IoT segments. We can expect today’s IoT devices to get old fast, even without producers intentionally designing them to go obsolete quickly. Bad actors might get adopted quickly, but they might also fade away quickly.

Works Cited

1. AFP, “Piege dans sa voiture, il meurt deshydrate,” Libération, August 25, 2011.

2. AFP, “Hackers use ‘smart’ refrigerator to send 750,000 virus-laced emails,” Raw Story, January 17, 2014.

3. M. Anderson, “US gas pump hacked with ‘Anonymous’ tagline,” The Stack, February 11, 2015.

4. AP, “Crashed computer traps Thai politician,” Daily Aardvark, May 14, 2003.

5. K. Ashton, “That ‘Internet of Things’ thing,” RFID Journal, June 22, 2009.

6. A. Banafa, “Fog computing is vital for a successful Internet of Things (IoT),” LinkedIn Pulse, June 15, 2015.

7. BBC, “Hack attack causes ‘massive damage’ at steel works,” BBC News, December 22, 2014.

8. K. Bora, “Volkswagen German plant accident: Robot grabs, crushes man to death,” International Business Times, July 2, 2015.

9. C. Boutin, “Lack of effective timing signals could hamper ‘Internet of Things’ development,” NIST Tech Beat, March 19, 2015.

10. W. Burleson and others, “Design Challenges for Secure Implantable Medical Device,” in Proceedings of the 49th ACM/EDAC/IEEE Design Automation Conference, 2012.

11. R. E. Calem, “Connected car security,” CTA News, May 17, 2016.

12. D. Chechik, S. Kenin, and R. Kogan, “Angler takes malvertising to new heights,” SpiderLabs Blog, March 14, 2016.

13. Check Point, “Facebook MaliciousChat,” Check Point Blog, June 7, 2016.

14. S. Checkoway and others, “Comprehensive experimental analyses of automotive attack surfaces,” in Proceedings of the 20th USENIX Security Symposium, 2011.

15. C. Cimpanu, “Oracle settles charges regarding fake Java security update,” Softpedia, December 22, 2015.

16. C. Cimpanu, “Ransomware on your TV, get ready, it’s coming,” Softpedia, November 25, 2015.

17. C. Cimpanu, “A massive botnet of CCTV cameras involved in ferocious DDoS attacks,” Softpedia, June 27, 2016.

18. C. Cimpanu, “ASUS delivers BIOS and UEFI updates over HTTP with no verification,” Softpedia, June 5, 2016.

19. C. Cimpanu, “Medical equipment crashes during heart procedure because of antivirus scan,” Softpedia, May 3, 2016.

20. C. Cimpanu, “Windows zero-day affecting all OS versions on sale for $90,000,” Softpedia, May 31, 2016.

21. L. Constantin, “Attackers use email spam to infect point-of-sale terminals with new malware,” IT world, May 25, 2015.

22. L. Constantin, “Cyberattack grounds planes in Poland,” IT world, June 22, 2015.

23. J. Cox, “There’s a Stuxnet copycat, and we have no idea where it came from,” Motherboard, June 2, 2016.

24. J. Crook, “SmartThings and Samsung team up to make your TV a smart home hub,” TechCrunch, December 29, 2015.

25. A. Cuthbertson, “Massive DDoS attack on core internet servers was ‘zombie army’ botnet from popular smartphone app,” December 11, 2015.

26. Difference Engine, “Deus ex vehiculum,” The Economist, June 23, 2015.

27. E-ISAC, Analysis of the Cyber Attack on the Ukrainian Power Grid. SANS Industrial Control Systems, March 18, 2016.

28. T. Eden, “The absolute horror of WiFi light switches,” Terence Eden’s Blog: Mobiles, Shakespeare, Politics, Usability, Security, March 2, 2016.

29. J. Epstein, “Risks of online test taking,” The Risks Digest, May 21, 2015.

30. A. C. Estes, “Why is my smart home so fucking dumb?,” Gizmodo, February 12, 2015.

31. S. Fink, Five Days at Memorial. Deckle Edge, 2013.

32. M. Finnegan, “Toyota recalls 1.9m Prius cars due to software fault,” Computerworld UK, February 2014.

33. D. Fisher, “Gone in less than a second,” ThreatPost, August 6, 2015.

34. D. Fisher, “What’s on TV tonight? Ransomware,” On the Wire, June 13, 2016.

35. T. Fox-Brewster, “As ransomware crisis explodes, Hollywood hospital coughs up $17,000 in Bitcoin,” Forbes, February 18, 2016.

36. T. Fox-Brewster, “White hat hackers hit 12 American hospitals to prove patient life ‘Extremely Vulnerable',” Forbes, February 23, 2016.

37. R. Franck, “Beveiliging sneltram valt niet te vertrouwen,” Algemeen Dagblad, April 3, 2016.

38. S. Gallagher, “Report: Airbus transport crash caused by ‘wipe’ of critical engine control data,” Ars Technica, June 10, 2015.

39. N. Gamer, “Vulnerabilities on SoC-powered Android devices have implications for the IoT,” Trend Micro Industry News, March 14, 2016.

40. M. Garrett, “I stayed in a hotel with Android lightswitches and it was just as bad as you’d imagine,” mjg59’s journal, March 11, 2016.

41. S. Gibbs, “Security researchers hack a car and apply the brakes via text,” The Guardian, August 12, 2015.

42. S. Gibbs, “Windows 10 automatically installs without permission, complain users,” The Guardian, March 15, 2016.

43. A. Goard, “Thief steals $15,000 bike in Sausalito with tap of hand: Police,” NBC Bay Area, February 27, 2015.

44. J. Golson, “Many Lexus navigation systems bricked by over-the-air software update,” The Verge, June 7, 2016.

45. D. Goodin, “Rise of ‘forever day’ bugs in industrial systems threatens critical infrastructure,” Ars Technica, April 9, 2012.

46. D. Goodin, “Foul-mouthed worm takes control of wireless ISPs around the globe,” Ars Technica, May 19, 2016.

47. C. Graeber, “How a serial-killing night nurse hacked hospital drug protocol,” Wired, April 29, 2013.

48. A. Greenberg, “Chrysler catches flak for patching hack via mailed USB,” Wired, September 3, 2015.

49. A. Greenberg, “Hackers remotely kill a Jeep on the highway—with me in it,” Wired, July 21, 2015.

50. S. Greengard, The Internet of Things. MIT Press, 2015.

51. S. Harris, “Engineers work to prevent electric vehicle charging from overloading grids,” The Engineer, April 13, 2015.

52. hdmoore, “The Internet of gas station tank gauges,” Rapid7 Community, January 22, 2015.

53. B. Hill, “Latest IoT DDoS attack dwarfs Krebs takedown at nearly 1Tbps driven by 150K devices,” Hot Hardware, September 27, 2016.

54. S. P. Holland and others, “Are there environmental benefits from driving electric vehicles?,” American Economic Review, December 2016.

55. I. Johnston, “Smartwatches that allow pupils to cheat in exams for sale on Amazon,” The Independent, March 3, 2016.

56. R. V. Jones, Most Secret War. Penguin, 2009.

57. D. Kemp, C. Czub, and M. Davidov, Out-of-Box Exploitation: A Security Analysis of OEM Updaters. Duo Security, May 31, 2016.

58. A. Kessler, “Fiat Chrysler issues recall over hacking,” The New York Times, July 24, 2015.

59. O. Khazan, “How to fake your workout,” The Atlantic, September 28, 2015.

60. J. Kirk, “How encryption keys could be stolen by your lunch,” Computerworld, June 22, 2015.

61. Z. Kleinman, “Microsoft accused of Windows 10 upgrade ‘nasty trick',” BBC News, May 24, 2016.

62. W. Knight, “Baidu’s self-driving car takes on Beijing traffic,” MIT Technology Review, December 10, 2015.

63. G. Kolata, “Of fact, fiction and Cheney’s defibrillator,” The New York Times, October 27, 2013.

64. P. Koopman, J. Black, and T. Maxino, “Position paper: Deeply embedded survivability,” in Proceedings of the ARO Planning Workshop on Embedded Systems and Network Security, 2007.

65. K. Koscher and others, “Experimental security analysis of a modern automobile,” in Proceedings of the IEEE Symposium on Security and Privacy, 2010.

66. B. Krebs, “Lizard stresser runs on hacked home routers,” Krebs on Security, January 9, 2015.

67. B. Krebs, “KrebsOnSecurity hit with record DDoS,” Krebs on Security, September 21, 2016.

68. B. Krebs, “Target hackers broke in via HVAC company,” Krebs on Security, February 5, 2014.

69. D. Kushner, “The real story of Stuxnet,” IEEE Spectrum, February 26, 2013.

70. R. Langner, “Stuxnet’s secret twin,” Foriegn Policy, November 19, 2013.

71. S. Levin and N. Woolf, “Tesla driver killed while using Autopilot was watching Harry Potter, witness says,” The Guardian, July 1, 2016.

72. J. Leyden, “Polish teen derails tram after hacking train network,” The Register, January 11, 2008.

73. N. Lomas, “The FTC warns Internet of Things businesses to bake in privacy and security,” TechCrunch, January 8, 2015.

74. P. Longeray, “Windows 3.1 is still alive, and it just killed a French airport,” Vice News, November 13, 2015.

75. J. Lowy, “Will robot cars drive traffic congestion off a cliff?,” AP: The Big Story, May 16, 2016.

76. A. MacGregor, “BMW patches security flaw affecting over 2 million vehicles,” The Stack, February 2, 2015.

77. J. Markoff and C. C. Miller, “As robotics advances, worries of killer robots rise,” The New York Times, June 16, 2014.

78. L. Mearian, “With $15 in Radio Shack parts, 14-year-old hacks a car,” Computerworld, February 20, 2015.

79. D. Oberhaus, “The backbone of the internet could detect earthquakes, but no one’s using it,” Motherboard, August 11, 2015.

80. K. Palani, E. Holt, and S. W. Smith, “Invisible and forgotten: Zero-day blooms in the IoT,” in Proceedings of the 1st IEEE PerCom Workshop on Security, Privacy, and Trust in the IoT, 2016.

81. A. Pasick, “An iPad app glitch grounded several dozen American Airlines planes,” Quartz, April 28, 2015.

82. Paul, “Research: IoT hubs expose connected homes to hackers,” The Security Ledger, April 7, 2015.

83. Paul, “X-rays behaving badly: Devices give malware foothold on hospital networks,” The Security Ledger, June 8, 2015.

84. N. Perlroth, “Traffic hacking: Caution light is on,” The New York Times, June 10, 2015.

85. S. Peterson and P. Faramarzi, “Exclusive: Iran hijacked US drone, says Iranian engineer,” The Christian Science Monitor, December 15, 2011.

86. R. Price, “Google’s parent company is deliberately disabling some of its customers’ old smart-home devices,” Business Insider, April 4, 2016.

87. M. Reel and J. Robertson, “It’s way too easy to hack the hospital,” Bloomberg Businessweek, November 2015.

88. D. Roberts, “New study: Fully automating self-driving cars could actually be worse for carbon emissions,” Vox, February 27, 2016.

89. J. Rogers, “LA traffic is getting worse and people are blaming the shortcut app Waze,” The Associated Press, December 14, 2014.

90. I. Rouf and others, “Security and privacy vulnerabilities of in-car wireless networks: A tire pressure monitoring system case study,” in Proceedings of the 20th USENIX Security Symposium, 2010.

91. B. Salsberg, “Mass. train leaves station without driver,” Burlington Free Press, December 10, 2015.

92. A. San Juan, “Texas man, dog die after being trapped in Corvette,” KHOU, June 10, 2015.

93. L. Sassaman and others, “Security applications of formal language theory,” IEEE Systems Journal, September 2013.

94. R. Singel, “Industrial control systems killed once and will kill again, experts warn,” Wired, April 9, 2008.

95. C. Smith, The Car Hacker’s Handbook. No Starch Press, 2016.

96. S. W. Smith and J. S. Erickson, “Never mind Pearl Harbor—What about a cyber Love Canal?,” IEEE Security and Privacy, March/April 2015.

97. T. Smith, “Hacker jailed for revenge sewage attacks,” The Register, October 31, 2001.

98. A. Southall, “Technical problem suspends flights along East Coast,” The New York Times, August 15, 2015.

99. D. Spaar, “Beemer, open thyself!—Security vulnerabilities in BMW’s ConnectedDrive,” c’t, May 2, 2015.

100. L. Stack, “J.F.K. Computer glitch wreaks havoc on air passengers,” The New York Times, May 30, 2016.

101. B. Steele, “Windows 10 update message interrupts live weather report,” Engadget, April 28, 2016.

102. I. Thomson, “Even in remotest Africa, Windows 10 nagware ruins your day: Update burns satellite link cash,” The Register, June 3, 2016.

103. A. Toor, “Heinz ketchup bottle QR code leads to hardcore porn site,” The Verge, June 19, 2015.

104. Tribune wire reports, “Drones banned from World Cup skiing after one nearly falls on race,” Chicago Tribune, December 23, 2015.

105. Z. Tufekci, “Why ‘smart’ objects may be a dumb idea,” The New York Times, August 10, 2015.

106. J. Valentino-Devries, “Rarely patched software bugs in home routers cripple security,” The Wall Street Journal, January 6, 2016.

107. C. Vallance, “Car hack uses digital-radio broadcasts to seize control,” BBC News, July 22, 2015.

108. J. Voelcker, “Tesla Model S hacked in low-speed driving; Patch issued, details tomorrow,” Green Car Reports, August 6, 2015.

109. G. Wang and others, “Defending against Sybil devices in crowdsourced mapping services,” in MobiSys ’16, Proceedings of the 14th Annual International Conference on Mobile Systems, Applications, and Services, 2016.

110. P. Wayner, Future Ride v2. CreateSpace, 2015.

111. R. Wiedeman, “The Big Hack: The day cars droves themselves into walls and the hospitals froze,” New York, June 19, 2016.

112. K. Wilhoit, The SCADA That Didn’t Cry Wolf: Who’s Really Attacking Your ICS Equipment? (Part 2). Trend Micro Research Paper, 2013.

113. K. Wilhoit, Who’s Really Attacking Your ICS Equipment? Trend Micro Research Paper, 2013.

114. K. Wilhoit and S. Hilt, The GasPot Experiment: Unexamined Perils in Using Gas-Tank-Monitoring Systems. TrendLabs, 2015.

115. C. Wood, “Google to measure air quality through Street View,” Gizmag, July 30, 2015.

116. K. Zetter, “It’s insanely easy to hack hospital equipment,” Wired, April 25, 2014.

117. K. Zetter, “All U.S. United flights grounded over mysterious problem,” Wired, June 2, 2015.

118. K. Zetter, “Feds say that banned researcher commandeered plane,” Wired, May 15, 2015.

119. V. Zhang, “High-profile mobile apps at risk due to three-year-old vulnerability,” TrendLabs Security Intelligence Blog, December 8, 2015.

120. Y. Zitun and E. B. Kimon, “IDF investigation finds soldiers in Qalandiya acted appropriately,” YNet News, March 1, 2016.

121. Z. Zorz, “65,000+ Land Rovers recalled due to software bug,” Help Net Security, July 14, 2015.

122. Z. Zorz, “Cheap web cams can open permanent, difficult-to-spot backdoors into networks,” Help Net Security, January 14, 2016.

123. Z. Zorz, “Researchers hack the Mitsubishi Outlander SUV, shut off alarm remotely,” Help Net Security, June 6, 2016.

124. Z. Zorz, “1,400+ vulnerabilities found in automated medical supply system,” Help Net Security, March 30, 2016.