A passage from a new Wired interview by Alex Pasternack with security expert Bruce Schneier about safety vulnerabilities, the physical kinds and virtual ones:
“Wired:
What about attacks that affect infrastructure? Obviously the past few years have shown that industry, cities, utilities, even vehicles are vulnerable to hacking. Are those serious threats?
Bruce Schneier:
There are threats to all embedded systems. We’ve seen groups mostly at universities hacking into medical devices, hacking into automobiles, into various security cameras, and demonstrating the vulnerabilities. There’s not a lot of fixing at this time. The industries are still largely ignoring the problem, maybe very much like the computer industry did maybe twenty years ago, when they belittled the problem, pretended it wasn’t there. But we’ll get there.
When I look at the bigger embedded systems, the power grids, various infrastructure systems in cities, there are vulnerabilities. I worry about them a little less because they’re so obscure. But I still think we need to start figuring out how to fix them, because I think there are a lot of hidden vulnerabilities in embedded systems.
Wired:
Are there particular security concerns right now that you think the public, given its misunderstanding about security, doesn’t appreciate enough?
Bruce Schneier:
I’m most worried about potential security vulnerabilities in the powerful institutions we’re trusting with our data, with our security. I’m worried about companies like Google and Microsoft and Facebook. I’m worried about governments, the US and other governments. I’m worried about how they are using our data, how they’re storing our data, and what happens to it. I’m less worried about the criminals. I think we’ve kinda got cyber-crime under control, it’s not zero but it never will be. I’m much more worried about the powerful abusing us than the un-powerful abusing us.”
Tags: Alex Pasternack, Bruce Schneier