The global and independent platform for the SAP community.
The opinion of the SAP community, IT Security Column, MAG 15-09

You don't play with guns...

When we think of the Internet of Things, many people think of hip objects such as smartwatches, fitness trackers or cars with WLAN. Basically, however, it can mean any device with which you can communicate electronically. This also includes weapons.
Raimund Genes, Trend Micro
September 22, 2015
Content:
It Security
avatar
This text has been automatically translated from German to English.

Although we Europeans are generally very cautious on the subject of "private weapons", we should not be deceived by this - in other regions people do indeed "play" with weapons. And here, too, securing weapons is one of the central issues.

...others already

A few weeks ago, a wide variety of research results or "hacks" were presented at the Black Hat conference in Las Vegas. In addition to security in the area of car IT, the compromise of a sniper rifle certainly stood out.

The $13,000 rifle is equipped with an electronic sighting system that ensures aiming accuracy even over long distances.

This can be adjusted externally via WLAN with relevant information such as wind direction and strength, exit energy or projectile weight.

Unfortunately, this function can also be abused. Hackers can, for example, prevent the weapon from firing or change the set parameters. These then change - invisibly for the shooter - the bullet direction and thus possibly the target!

Now the number of buyers of this rifle, thanks in part to the price, should not be excessive. But a similar danger threatens from the self-made camp.

Homegrown armed drones

Armed drones are nothing new in the military sphere. In the private sphere, however, they are prohibited and rather rare. But that doesn't stop anyone from building such a vehicle themselves.

In a recent video, you can see a homemade drone with a pistol as a payload. The pistol is fired in flight from a distance. And although the recoil shakes the drone vigorously, it can already start the next shot after about ten seconds.

The combination of two previously independent devices suddenly leads to an exponentially higher potential danger. There is certainly no need to elaborate on the danger posed by such home-made weapons systems that fall into the wrong hands. And drones and (gas-pressure) weapons for "conversion" are available on every street corner.

Both scenarios have things in common: On the one hand, the increasing networking of systems with a wide variety of technologies increases the attack surface for potential attackers.

On the other hand, many systems were originally developed as compartmentalized systems, where security was therefore not a primary development goal.

The subsequent "flanging" of communication options to such insecure systems thus increases the attack surface even further.

I admit that I have deliberately chosen very martial examples here. Ultimately, however, they are only an example of a certain class of devices from the Internet of Things. And as with "normal" devices, there are comparable dangers here.

For us as users, this means that we must consciously counter the trend of the Internet of Things. As soon as a device can communicate electronically, the attack surface automatically increases as well. And at least with "normal" devices, it is up to us as buyers to make sure that secure devices are preferred.

Only then will device manufacturers be forced to make security a fundamental part of the solution. And that ultimately benefits us all. Whether it's smart watches, fitness trackers, cars, or even drones and weapons...

avatar
Raimund Genes, Trend Micro

Raimund Genes was CTO at Trend Micro.


All articles of the author

Write a comment

SAP HRD, Human Resources Dilemma

Automation of SAP Basis operations: users prefer suite solutions

Reset for SAP CEO Christian Klein

Working on the SAP basis is crucial for successful S/4 conversion. 

This gives the Competence Center strategic importance for existing SAP customers. Regardless of the S/4 Hana operating model, topics such as Automation, Monitoring, Security, Application Lifecycle Management and Data Management the basis for S/4 operations.

For the second time, E3 magazine is organizing a summit for the SAP community in Salzburg to provide comprehensive information on all aspects of S/4 Hana groundwork. All information about the event can be found here:

SAP Competence Center Summit 2024

Venue

Event Room, FourSide Hotel Salzburg,
At the exhibition center 2,
A-5020 Salzburg

Event date

June 5 and 6, 2024

Regular ticket:

€ 590 excl. VAT

Venue

Event Room, Hotel Hilton Heidelberg,
Kurfürstenanlage 1,
69115 Heidelberg

Event date

28 and 29 February 2024

Tickets

Regular ticket
EUR 590 excl. VAT
The organizer is the E3 magazine of the publishing house B4Bmedia.net AG. The presentations will be accompanied by an exhibition of selected SAP partners. The ticket price includes the attendance of all lectures of the Steampunk and BTP Summit 2024, the visit of the exhibition area, the participation in the evening event as well as the catering during the official program. The lecture program and the list of exhibitors and sponsors (SAP partners) will be published on this website in due time.