Click here to monitor SSC
SQLServerCentral is supported by Redgate
 
Log in  ::  Register  ::  Not logged in
 
 
 

Hacking Data

By Steve Jones,

This editorial was originally published on Mar 23, 2011. It is being re-run as Steve is away on vacation.

I saw a note recently that researchers had successfully hacked a car using only an MP3 file on a CD. They were able to lock the doors and kill the engine in a car. That doesn't necessarily sound too scary until you consider that the ability to kill any percentage of car engines during rush hour traffic could have catastrophic results.

How much of an issue is this? I don't know, but as long as there is some interpreter that has to decode digital data and render it as audio, video, or even text, there is the chance that additional code could be added to hack the system and allow someone to take control. When I think about all the ways that we get digital data these days, it is truly a scary thought that we could have these security holes.

Think about it, MP3s could be sourced at a retailer like Amazon. Adding code to a popular MP3 song could infect millions of people that burn the MP3 to a CD, or connect their iPod to the stereo. The advent of HD radio could invite hackers to target broadcast centers and alter those files. Navigation systems and traffic data streams could potentially be carrying digital viruses that infect our systems.

However that same idea could be extended in other ways. The more knowledge someone has about your internal systems, and the more they are connected, the more likely that just the addition of data to streams could have unexpected events. Suppose someone understood the complex relationships between various ordering and supply chain systems. Is there a chance that they could send in a sequence of orders that would disrupt your systems? Could someone inject data that somehow starts a chain reaction of workflows across your enterprise?

It seems unlikely to me, but then again, 5 years ago I would never have considered an MP3 file might allow someone to gain control of a modern car. Security is a tough business, and there will always be new, creative, unbelievably exploits that are discovered. The best defense I can think of is to share information and never assume your systems are invulnerable to a new attack.

 
Total article views: 558 | Views in the last 30 days: 1
 
Related Articles
ARTICLE

Losing All Traces of Data

Could someone remove data from all systems and backups?

FORUM

701: There is insufficient system memory to run this query

701: There is insufficient system memory to run this query

FORUM

Operating system error 112(There is not enough space on the disk)

Operating system error 112(There is not enough space on the disk)

FORUM

Could not obtain information about Windows NT group/user

Could not obtain information about Windows NT group/user

BLOG

Speaker Buddy System

SirSQL made a rather stirring post recently. He talked about a speaker buddy system to help out new ...

Tags
editorial    
security    
 
Contribute