Our secrets, sometimes quite intimate, have increasingly been pilfered and exposed by hackers. So what’s to stop them from going a step further and killing us using the technology we rely on?
While it might sound far-fetched, it’s certainly possible.
Already, unintentional glitches in technology have resulted in death, or come close to it.
In 2016, for instance, a Tesla driver was killed after the Model S car he was in collided with a tractor-semitrailer truck in Florida while “Autopilot” mode was engaged. The Autopilot mode failed to distinguish the brightly lit sky and the white side of the truck, resulting in the bottom of the trailer impacting the windshield of the Model S. While Tesla cars tell drivers they should keep their hands on the steering wheel at all times the driver, Joshua Brown, ignored this for most of his trip.
In the same year, another Tesla incident occurred in Montana, resulting in a crash as well. But luckily for the driver and passenger, it did not result in death.
The Royal Adelaide Hospital also suffered a software glitch just this month that impacted power. While maintenance crews were testing a generator, two software glitches took out energy to the facility for about 20 minutes while fourteen operations were underway. According to one surgeon, he had to complete a procedure on a 97-year-old in the dark. The patient survived.
Could a malfunction caused by a hacking incident, rather than an unintentional glitch, lead to death?
The 2015 release of hacked personal information from Ashley Maddison — the online dating service marketed to people who are married or in relationships — resulted in the death of a US pastor, who explained in a suicide note that the release of the data was the reason behind his decision. The pastor’s email address was among the millions of others registered on the website.
As we increasingly rush to connect everything to the internet — from treadmills, cars and door locks to ovens and coffee makers — manufacturers are all too often leaving gaping security flaws in their products, opening up the possibility for the hacking of physical objects we rely on. So while a treadmill killing someone or knocking them out remotely may have seemed like a fantasy not that long ago, it is now a potential reality.
“We still see the most egregiously stupid security vulnerabilities, not just in online services but in physical things as well,” Australian computer security expert Troy Hunt says, adding it “still blows my mind” that companies behind products and services fail to secure them adequately.
Already, computer security researchers have shown it is possible to hack into cars remotely and cause death. In 2015, Chrysler was forced to issue a formal recall for 1.4 million vehicles after researchers revealed how they could remotely take control over dashboard functions, steering, transmission and brakes of the company’s Jeeps (the cars had SIM cards in them).
Anything is possible, according to Hunt, who even has fears about robot sex dolls being hacked.
Already, Hunt suspects nation-states may have killed people using hacking, “It’s just a question of how that might have happened and how direct it was,” he says.
Such hacking could have occurred using a vulnerability in a pacemaker, as was the weapon of choice in an episode of fictional TV show Homeland in 2012. This type of hacking was proven to be entirely possible by the late computer security researcher Barnaby Jack in the same year.
“I wonder if maybe autonomous cars or something like that is going to be the first place we publicly see [people with malicious intent cause death by hacking],” Hunt says.
“You’ve got to have a device that can actually kill you in the first place.”
To ensure companies remain vigilant, Hunt recommends that governments regulate. This includes ensuring that government agencies behind testing devices like medical implants also test a product’s software to ensure it is secure rather than relying on companies doing this.
“The question is: should the guidelines that govern the way medical devices are tested, the way medicine is stored, should they extend to the way that software is run on these things?
“It would seem to be a logical solution to say that yes, they should.”
The same thinking should also extend to agencies in charge of testing cars and other devices that could result in death, he says.