Most readers of Guns & Patriots are probably accustomed to thinking about guns as clever devices that propel metal pellets via a small, controlled, chemical explosive charge. That is, of course fine, as that is an excellent initial definition, albeit at about 1,000 years of age (in China), beginning to become somewhat limited in scope. Guns today, include much more than ‘just’ propelled pellets. (I love the ‘traditional’ one, though I collect more ‘stealthy’ items, myself.)
This brief article discusses a different kind of gun; perhaps one should say, a ‘gun’ that goes bump in the night. The idea here is to provide a view of a very highly likely, though not distant, future.
Most or many readers will have heard of Stuxnet. This has been variously described as, “Stuxnet Malware is ‘weapon’ out to destroy Iran’s Bushehr nuclear plant”. Stuxnet was also described as a ‘guided missile’ directed at any of many Iranian nuclear plants. The President of Iran recently admitted that damage was indeed done, though for obvious reasons, the Government of Iran did not disclose details.
Now, I certainly cannot say where this software originated. As a four decades professional in many aspects of Information Technologies, with significant security experience, I estimate that there are four countries with the capability to produce such a weapon, and China and India as far as I perceive, are not motivated. I have no way to know if it originated in either the US or Israel – and if I did know, I could not say. (Though I clearly hope that we did it…!)
As far as has been disclosed so far, no persons were harmed by Stuxnet, though there seems to have been significant damage to equipment and production schedules. Indeed, a new kind of ‘gun’ – the first weaponized computer Malware designed to attack both a specific target (Iran) and type of system (industrial).
Three basic facts
1. Modern luxury cars have massive amounts of software included in them (100 million lines, a conceptual measure of the complexity involved in this technology) and many tens of interconnecting computing devices. Industrial history teaches us that when luxury-car owners have paid for the functionality, car manufacturers move it to lower-priced models.
2. Toyota, the world’s largest car manufacturer, recalled during 2010 more than eight million vehicles, at a combined cost of some $5 Billion, so far, before liability lawsuits.
3. A leading market research firm estimated that by 2016, more than 62 million cars will have internet access.
The massive amounts of software code means that there are massive ‘opportunities’ for anomalies and glitches of all kinds occurring, many that may prove untraceable given the complexity.
The Toyota precedent makes a very compelling argument for car manufacturers to begin thinking about alternatives to recalls of millions of cars. Billions of dollars in costs, not to mention embarrassments, bad publicity, government fines and liability lawsuits, are great incentives for searching for alternative solutions.
The access that cars will have to the internet makes possible that automobile software applications may be repairable via ‘upload’. Microsoft has used this strategy for many years, with resounding success, to constantly improve its applications and operating systems.
Equal with the manufacturer’s motivation is the consumers’. Why would a purchaser of an expensive car not desire to have it loaded with the most up-to-date software to ensure everything functions as well as possible and that inevitable software errors are found and repaired, with no fuss to the owner, directly by the manufacturer?
Does it sound almost utopian? Here’s the rub!
The Coffee Shoppe metaphor
An up-&-coming application is mobile Voice-over-internet. Many are probably familiar with Skype, a free popular consumer application for voice and video communication via internet. I use it constantly to speak with friends and colleagues all over the world.
In an automobile, it will be important that this application has strict security measures built into it; clearly identify the user. This is not a consumer application, but intended, like smart-phones, as a major business tools for mobile professionals.
What this means is that a ‘hacker’ (a person skilled in software code encryption, decryption and manipulation, not an evil genius) can devise a software application capable of identifying a specific person in a precise automobile, anywhere.
The same, or a different person, may devise a ‘Stuxnet-like’ application that travels to that car, identifies the owner and driver, and even perhaps passengers, with the intension of ‘powering down’ the car’s braking system – or any of another hundred or so ways to make the car into a death device. Quite a bump that is, in the night, or at any time!
All this can, of course, be done from the comfort of one’s home – or Coffee Shoppe.
Now, this assassination attempt can be prevented via building strong firewall protection around the car internet application, but this would defeat that download device to repair failures before they occur, at very considerable saving of consumer lives and cost savings to manufacturers a fascinating dichotomy of abilities and requirements.
This weapon is not available today, but its’ availability is very close. This is a new kind of gun; we need to enhance our awareness of these possibilities.
Even Buck Rogers and Dick Tracey didn’t have these!
Persia delenda est … Ceterum censeo Persia esse delendam?