It’s an old story, but worth bringing up because of the fundamental truth it teaches us. Back in the nineties, a company called Edutron Systems was trying to get schools to upgrade from the hopelessly antiquated pencil-and-paper test system to its disk-based gizmo, with predictable results:
It took all of one test for the students to find a flaw in the system: if one received an unsatisfactory score, he could simply retake the test. Classroom Assistant didn’t bother recording how many times each test was taken. Sure, retaking the test several times was time-consuming, but generally worth the effort.
On the second test, students found a slightly easier workaround: they could simply run a different test. Since the results screen did not indicate which test was taken, all one needed to do was open up the “Test Taking Tutorial” test and pass it with flying colors.
It gets worse as it goes on, of course – kids are resourceful when they want to avoid something onerous.
And so, the lesson is: everything can and will be hacked; the greater the motivation for a successful hack, the faster it will occur. Maybe time to back off on those ambitious plans for biometric passports, eh? [story via Hack A Day] [image by ccarlstead]
Everything can and will be hacked; once you have the motivation sussed, the exploits will be close behind.
Point in case: Japanese cigarette vending machines have age-verification cameras fitted to them to prevent teens from illegally purchasing tobacco. A great idea, and a typically Japanese high-tech fix for a social problem, right? [image by midorisyu]
Well, it might have been – if the kids hadn’t sussed out that the cameras can be fooled by not just pictures from magazines but the portraits of historical figures on bank-notes. Back to the drawing board – I wouldn’t want to be on the R&D team of the company that makes those vending machines right now.
I don’t need to remind you that computers are everywhere – this is the intarwub, after all. But even I get a bit surprised at some of the specific places computers end up – I never knew that people are being implanted with heart monitor/defibrillators that can broadcast data about the patient’s condition back to their doctor. [image by CarbonNYC]
Having found that out, though, I’m not at all surprised to hear that researchers have found a security vulnerability that could potentially allow an attacker to compromise and deactivate the device and prevent it from delivering the heart-restarting shocks it is designed for.
Repeat after me – everything can and will be hacked.
On the subject of electric shocks to the body, you can choose to have them for fun as opposed to for your health; the grinders point out the arrival of the Mindwire V5 electroshock force-feedback device, which will interface with your games console and deliver a brisk jolt to your hands when you get PWNED. Pain is fun, kids!