Hackers in your power tools & other unexpected places
You might think working with power tools in your garage is pretty much the opposite of all that high-tech computer stuff.
You don’t have to worry about passwords or hackers or anything. Or do you?
Archer News Network shows you what a security researcher found, and how it could affect you — and a lot of stuff in your house and office.
See how hackers can get into your power tools in this Archer News Network report.
The battle is on — a handheld calculator vs. a hand drill.
Which is more powerful?
Monta Elkins of cybersecurity company FoxGuard Solutions holds up both at a security conference in Anaheim, California.
The drill wins the first round, as Elkins uses it to drive a hole in the heart of the calculator.
Monta Elkins drills a hole through a calculator at a 2017 cybersecurity conference in Anaheim, California.
But which one has more computing power?
Once again, it’s the drill, Elkins says.
And that could mean trouble.
“I was surprised,” he tells the audience. “I didn’t expect this to be a smart device.”
Elkins shows how he can hack the drill, downloading malware onto the device.
“Oh, my goodness, something different is going on,” he says with mock surprise. “Now what does this drill do?”
Now the drill is going rogue.
Elkins’ hack forces the drill to play The Imperial March, Darth Vader’s theme music, to the delight of people watching.
“That’s why I get to wear my Darth Vader T-shirt,” he smiled.
Elkins hacks a drill live on stage, forcing it to play Darth Vader’s theme. Image credit: Archer News
But there is a serious note to all this.
A malicious hacker could make your drill overheat, eventually setting it on fire.
That kind of attack could do some serious damage. Even Elkins’ short demonstration can make the temperature rise.
“You can kind of smell the waft of, ‘Hey, I’m burning this thing up,'” he tells a volunteer holding the drill.
Now, chances are low that a bad guy will actually set your own drill on fire right now.
“This is a pretty impractical attack,” he says.
But Elkins is making a point — your drill is a computer, too, and so are a lot of things in your home and office.
“Everything that plugs in, turns on, lights up is a computer,” Elkins told Archer News Network in an interview. “Might as well assume it’s programmable.”
Which also means it’s hackable.
If you bought it in the last five years, if it has batteries, he added, it could be a computer.
“If you walk around your house with that in mind, or your office space, you’re going to see those devices all over the place,” Elkins said. “You’re going to see thermometers on the walls that have little built-in displays on them. So this is your garage door opener, this is your HDTV.”
Your thermostat may be a computer — a hackable one — along with many other devices in your home, according to Elkins. Image credit: Archer News
Why does it matter?
Elkins is not the only one hacking these computers that don’t look like computers.
He says someone will likely try to turn smart devices into weapons, so if a war breaks out, a nation-state could use everything against people in your country.
That could be a garage door opener that closes on a car, a thermostat that shuts off in the dead of winter, a drill that catches fire, anything perhaps, to gain an edge.
“You don’t expect it to come from your drill,” Elkins said. “I wouldn’t expect that all of your devices would suddenly become very malicious. But I might reasonably expect some small percentage of devices around the country to become malicious.”
A simulation of drill fires set by malicious hackers. Image credit: Archer News
You don’t need to lock up your drill, he explained. But it’s a reminder that as our things get smarter and smarter, they also get more vulnerable.
Start with the important stuff, he advised, like your laptop or desktop computer, or your office network, and get it secure.
“Are you running antivirus? Are you patching it?” he asked. “Let’s look at your firewalls. Let’s look at the big things first.”
“If you’ve got those done, then by all means, let’s start talking about your drills on the far end,” he continued. “But you probably have plenty of work to do before you get there.”
When you do get there, you can use similar tactics for protecting your non-traditional computers — antivirus, if possible, security updates, firewalls, he explained.
It’s not a serious problem right now, according to Elkins. But it’s something to be aware of — and ready for — if it becomes serious.
You will want to protect your more traditional computers before you think about protecting your smart drills, Elkins advises. Image credit: Archer News
In some cases, companies are making it easier and easier for attackers to get in.
Elkins tells the group about one of the newest drills coming to market.
“Guess what. It comes with its own cell phone app,” he says to the audience, suddenly struck silent.
The app shows you how much drill battery you have left, and where you last laid it down.
But it also gives malicious hackers yet another way in to get into your power tools — and use them against you.
“I think probably the best thing for everybody to take away is that these devices are computers,” Elkins said.