2015 has been an eventful year in cyber security. It included some of the largest security breaches in history, as well as some of the most bizarre. From the MLB to the CIA, we’re taking a look back at some of the year’s biggest cyber security head-scratchers, shockers and enigmas.
1. Remote Controlled Jeep
With automakers adding features you typically find on a smartphone to cars, new and disconcerting car-hacking possibilities are beginning to surface. Hackers Charlie Miller and Chris Valasek demonstrated this recently in an experiment targeting a Jeep Cherokee with test-subject (and senior Wired contributor) Andy Greenberg at the wheel.
After remotely toggling the AC and stereo to full-blast and switching the windshield wipers on, the hackers took the test to a frightening level when they disabled the Jeep’s main functions, leaving Greenberg with no control over the vehicle.
2. Google Now and Siri
Another remote control hack that surfaced this year targeted a more ubiquitous technology; namely, the operating systems of Android and Apple smartphones. Using an exploit that targets microphone-enabled headphones up to 16 feet away, hackers were able to take control of Google Now and Siri, the voice-assistant apps included with Android and iOS, respectively. This intrusion method could allow hackers to send spam messages, introduce malware by navigating to a website, or even use the phone as a spying device.
3. Astros/Cardinals Hack
The MLB has seen its share of scandals in recent years. Usually, however, these events involve the actions of players, particularly when it comes to performance enhancing substance abuse. But an entirely different kind of scandal made headlines in June when it was revealed that St. Louis Cardinals employees were under FBI investigation for hacking in to the databases of their rival, the Houston Astros, and digging up personal information on players.
4. CIA Director
The CIA is highly sophisticated in cyber-intelligence. But that doesn’t mean the agency or its personnel are immune to breaches. CIA Director John Brennan can now attest to this fact after finding his personal records posted on Wiki-leaks. The teenage hacker responsible for the data heist explained that he used social engineering techniques to dupe CIA employees in to giving out the director’s info.
5. Auburn University
There have been a number of high profile attacks on universities’ record systems, but Auburn’s case is particularly strange for two reasons. First, the university made its own records openly available online by mistake. And second, some of the victims of data theft had never applied to or attended the institution.
6. ZigBee Exploit
As the internet of things expands, new kinds of cyber security problems come to mind. If hackers can access systems that keep your doors locked, control your heating and cooling and trigger alarms, the hacking possibilities are a bit frightening. Adding to the unease, a group of researchers at this year’s Black Hat and Def Con conferences demonstrated that ZigBee, the wireless protocol used to control many IoT devices, can be exploited by sniffing the network and encryption keys.
Ultimately, these bizarre cyber hacks are proof positive that hackers can be incredibly creative, tireless and hard to predict. And organizations that assume they’re sufficiently covered with simple scanning and reporting techniques may want to re-consider that position, rather than risking a rather unpleasant surprise.