“It’s zombie time”, a line said by the Cipher (Charlize Theron), a cold while beautiful hacking group leader in the newly released movie – Fast & Furious 8 (the Fate of the Furious). Then, she taps the screen, a huge chaos involved with hundreds of zombie cars starts…..

This 136 minutes long action film shows a lot of shocking scenes, in which hackers effortlessly take controls of security cameras, mobile phones, cars, power plants, and even nuclear submarine. People around the world could do nothing to stop them. You may wonder, is it just a fictional story or something can really happen in our world?

Unfortunately, it well reflects the big challenge we are facing with the IoT Security.

With the fast and furious growth of IoT (Internet of Things), we are now using countless so-called smart devices everywhere: Smart Thermostat, Smart Camera, Smart Switch, Smart Phone, Smart Watch, Smart City, Smart Car… While enjoying the convince brought by these smart technologies, have you ever thought about what it means to your security and privacy? Specifically, are these smart devices smart enough to protect us from hackers?

Here are a few stunning scenes in the movie:

The God’s Eyes

This is an intelligent global tracing system you have already seen since the previous release (Fast & Furious 7 in 2015). It can quickly identify the location of anyone on the earth by hacking into all kinds of IoT devices, such as surveillance cameras, mobile phones, car sensors…

While it may take some effort to build a real-time human positioning system, hackers are fairly easy to take controls of today’s IoT devices. You probably still remember the massive Internet outrage on Oct 21, 2016. Hackers managed to infect millions of Internet of Things such as Webcams, Thermostats, Smart TVs. These IoT devices joined a botnet army to flood the core DNS provider and effectively deny the access to Twitter, Netflix, Amazon, and many other sites.

The Zombie Cars

When you first saw auto-bots in the movies like Transformers, you probably focused more on how these fancy cars transformed into a powerful fighting robot. However, the scenes you saw in Fast & Furious 8 are much closer to today’s reality. After the glamorous Cipher presses the key, the system sends hacking commands to hundreds of cars on the street of New York City. These zombie cars immediately form multiple attacking fleets. They are smart enough to adjust the distance to each other, follow the team direction, and report back the real-time position. The most ironic part is many of cars still have drivers behind the wheel, but they simply betray their owners and join the battle. Seeing the helpless expression on drivers’ face, do you feel we are so small in front of hacked machines?

Today, self-driving cars are not new anymore. Google, Tesla, BMW, Ford, and many other companies are all actively developing them.  Meanwhile, connected smart cars have exploded thanks to the IoT. More and more people link their cars via their smart phones. With hundreds of IoT sensors and controls inside your car, any single vulnerability could be exploited by hackers to launch an attack.

The Grand Plan

The Cipher’s grand plan is to raise the world war and take over the whole planet. It sounds like a daytime dream to a hacking group. But when you see how they penetrate critical infrastructures like power plants, airports, army bases, you start to realize the great power of cyber hacking. With a few finger taps, a giant power grid is shut down, a super nuclear submarine is launched. This may be the most horrifying idea that a very small hacking group could use cyber weapons to eventually destroy the world!

The IoT security problem brings more serious consequences to industry controls systems than consumer products. Unfortunately, lots of decades-old IoT devices and protocols are still widely used in oil & gas companies, power plants, and city controls. They have almost zero security protection. As a good example, hackers successfully attacked Ukraine power grid in 2015 to cause massive disruption of electricity supply.

As a fan of Fast & Furious series, I had a great time watching this new release. But as a cybersecurity catalyst, I see this move is another wake-up call to all of us. The governments, regulators, vendors around the world must work together to form proper IoT security standards, adopt better security designs, and conduct necessary assessment and testing.

The fast & furious of IoT security problems are pressing! We must face this fate of the furious and do something now!

Just like Vin Diesel (as Dom) said in Fast & Furious 8: “You know it doesn’t matter what’s under the hood. The only thing that matters is who’s behind the wheel.” 

 

Bryan Li is the managing director at Cybersecurity Project. He is available to discuss your cybersecurity  awareness, training, and consulting needs. Please email bryan.li@cybersecurityproject.com