Scientists warn brain implants can be hacked and used to control people (and you thought I was kidding?)

shutterstock_66449896Back in early 2012, I wrote a blog post about whether hacking a human would violate the federal Computer Fraud and Abuse Act. Shortly after publishing it, I received a call from a guy in Austin who said: “dude, someone finally gets it, I need your help!” … I responded that I was a lawyer, not a psychiatrist and that I was just kidding when I wrote that, kinda.

Now, here we are 6 years later and it seems this is becoming a thing more and more of a thing. What do you think?  Vulnerabilities in brain implants used to treat Parkinson’s disease could be hacked by cyber attackers and used to control people, scientists have claimed.

Y2K18? Are #Spectre and #Meltdown the Y2K Apocalypse, Eighteen Years Late?

Hear Shawn Tuma interviewed on News Radio 570 KLIF – Experts: Update Settings and Download Updates to Protect from “Meltdown” and “Spectre”

CLICK HERE if you are impatient and only want to know what you should do ASAP to protect against Spectre and Meltdown

With Y2K we had a warning. So much of a warning that it pushed me into cyber law in 1998. We were told of an apocalypse if we did not heed the warning and fix the problem. Whether we did, or whether it was a lot of hype is still being debated, but the problem was averted. When the ball dropped on NYE 2000, the planes were still flying, power grid still operating, and banks still banking.

Fast forward eighteen years, NYE 2018, the ball drops and, while we are closing out a year when the word cybersecurity (yes, it is one word, not two) has become a part of everybody’s vernacular, the only thing we were thinking of when hearing the words “Spectre” and “Meltdown” was a James Bond movie marathon on New Year’s Day.

Just a few days later we are now talking about a global threat to the world’s computers — all of them from the most powerful supercomputers to, yes, even Apple computers, all the way to the computer you carry in your pocket (i.e., your smartphone) — that isn’t just a programming or software glitch, but is also a hardware problem, going to the very heart of the computer: it’s CPU.

The threat timing? Imminent — this isn’t something that is going to happen, this is something that has already happened and has just recently been discovered.

Now unlike with Y2K, the problem in and of itself will not directly cause a failure but is a vulnerability that has been exposed that will allow others — the bad guys (whoever they may be) — to exploit the vulnerability. But take no comfort in this because you can bet, to the bad guys, the revelation of this vulnerability made this exploit Target of Opportunity #1 for all.

The fix? This where it gets good. “Meltdown” can likely be mitigated with software patches, which programmers at major companies are fervently writing as I write. The problem is, these patches will lead to a degradation of computer performance by 20% to 30% — but they are not optional. You must install them.

“Spectre” is where it could get really nasty. This will likely require a redesign of the computer processors themselves — a wholesale hardware redesign that focuses more on security vis-a-vis performance. Then, in order to implement the fix, the hardware will have to be replaced — the CPUs in all of the world’s computers upgraded.

Sounds pretty bad, doesn’t it? Is this the real Y2K apocalypse arriving eighteen years late — Y2K18 or Y2K8teen? It could be.

But, if history is any indication it will not reach worst-case scenario levels, but things could still get really, really bad even if worst-case scenarios are not even on the radar. In fact, as this post is being written some researchers with clout are saying that the fix may not require the wholesale replacement of hardware — and I’m sure there will be more softening of this as we go along.

However, remember, “Wanna Cry” was only one exploit to a specific outdated Windows operating system that was revealed and had a patch issued for months before it actually hit. We all had better take this one seriously.

What can you do? When the patches come out from Microsoft, Apple, etc. and they tell you to install the patch to protect your computer, do it, immediately, and with a smile because losing 20% to 30% of your computing power is far better than losing 100%!

IoT Cybersecurity Improvement Act of 2017 proposed by Senate Cybersecurity Caucus

On August 1, 2017, the Senate Cybersecurity Caucus introduced the “Internet of Things (IoT) Cybersecurity Improvement Act of 2017,” bi-partisan legislation focused on establishing minimum security requirements for the federal procurement of Internet connected devices (#IoT). Continue reading “IoT Cybersecurity Improvement Act of 2017 proposed by Senate Cybersecurity Caucus”

FUD and Voting Machine Hacking: An Important Point and Important Lesson

This morning I am doing radio interviews as a Fox News Radio contributor. My topic? The DEFCON Voting Village demonstration of hacking voting machines that have been, or may currently be, used in US elections. Here are a couple of the news stories if you are unfamiliar: Hacking a US electronic voting booth takes less than 90 minutes | New Scientist and To Fix Voting Machines, Hackers Tear Them Apart | Wired

With all of the talk about hacking or rigging elections, this is a great topic to pique people’s interest for a radio interview but it can also generate a great deal of FUD. And, I really do not like FUD because it detracts from the real issues and lessons that we can learn from situations. So, there is one very important point and one very important lesson that I have tried to make during these interviews and that I hope will rise above the FUD:

IMPORTANT POINT: The voting machines used in this example were obtained from eBay and government auctions because they had been decommissioned. This means they were old. Unfortunately, some had been used in recent elections — which is a big problem — but generally speaking, we’re talking about outdated technology.

IMPORTANT LESSON: Voting machines are computers and, while (IMO) no computer will be secure they can certainly be more secure. We must be vigilant about the security of the voting machines and other election infrastructure that we use in our voting process and demand that current, state of the art equipment be used, where security is baked in from the outset and is continuously maintained as an ongoing process, from now on until further notice.

______________________

Shawn Tuma (@shawnetuma) is an attorney with an internationally recognized reputation in cybersecurity, computer fraud, and data privacy law. He is a Cybersecurity & Data Privacy Attorney at Scheef & Stone, LLP, a full-service commercial law firm in Texas that represents businesses of all sizes throughout the United States and, through its Mackrell International network, around the world.

Invitation for 2 Webinars: Protecting Data Exchanged in Discovery and Securing IoT Data

I thought you may like an invitation to attend two complimentary webinars that I will be doing this coming week:

YOURS, MINE, OURS: Protecting the Data Gathered and Exchanged in Litigation, Association of Certified E-Discovery Specialists (ACEDS)
Monday, August 7, 2017 @ 12:00 CDT
LINK for more information FULL VIDEO (see below)

Securing IoT Data: Compliance, Privacy, and New Regulations, SecureWorld (webinar panel with Andrew Lance of Thales e-Security, Jay Irwin of Teradata, and Craig Spiezle of the Online Trust Alliance)
Wednesday, August 9, 2017 @ 12:00 CDT
LINK for more information

I hope you are able to attend the webinars and find the information helpful in your business. As always, please let me know if you have any questions or if I can help you.

Shawn E. Tuma | Scheef & Stone, L.L.P.
Cybersecurity & Data Privacy Attorney
2600 Network Blvd., Suite 400, Frisco, TX 75034
214.472.2135 (direct) | 214.726.2808 (mobile)
Email: shawn.tuma@solidcounsel.com
Firm: www.solidcounsel.com
Blog: www.businesscyberrisk.com