My name is Adam Aviv and I am 2nd year Ph.D. student at the University of Pennsyvlania.
One of the highlights of this years EUROSEC workshop was the panel on emerging research directions. The panel was filled out by Angelos Keromytis (Columbia University and Symantec), Herber Bos (Vrije Universiteit Amsterdam), Georg Portokalidis (Vrjie Universiteit Amsterdam), Christian Platzer (Technical University of Vienna), and Edita Djambazova (Bulgarian Academy of Sciences), and the panel was moderated and organized by this blog’s one and own Sotiris Ioannidis.
Although, the topic is a throw away — emerging research what does that really mean? — we had a very engaging conversation about the future of security as computers get even more pervasive. The topic is best exemplified by an anecdote told by Herbert Bos about how one of his graduate students planned to get their Ph. D.
Herbert’s story takes place during an auspicious weekend in the lab where he instructs his “lazy” graduate student to stop putzing around and get some real work done. Being the weekend and all, Herbert intends to relax, so he heads out to a cafe (an Amsterdam cafe). He gets, in his own words, “high as a kite” and somehow meanders into the red light district to soak up some of the entertainment. Thirty minutes later, he heads back to the lab to ask what his graduate student has been up to.
“Hacking smart phones,” he replies, and this intrigues Herbert who asks, “Whose smart phone?”
“Yours.” The student answers, “and I know what you have been up to while I’ve been working. First, you went to a cafe, and then you went to a club. If you don’t write my thesis for me, I will tell your wife.” And, of course, Herbert must now write his thesis.
Even though it is not a *true* story, it demonstrates the pervasiveness of computers. The smart phone is a phone, but it also much more then a phone, it is a computer. The student hacked the phone, turned on the GPS, and was able to track the location of his adviser. Even more devious, he could have turned on the microphone and recorded the illicit conversations and produced more evidence for his Ph. D. in blackmail.
Phones are not the only computers that are everywhere in the modern age. For example, computers are in our road signs. Perhaps you weren’t aware that there were “Zombies Ahead.” They also manage our most important infrastructure: the power grid, communication satellites, air traffic control, etc. All of which must be considered vulnerable. Additionally, the home computer has proliferated, and with so many computers, often sitting idle with their butts exposed to the world, they get compromised and organized into massive Bot-Nets which threaten these critical systems.
So, the panel asked, “What do we do now?” And, perhaps most importantly, how do we communicate about this brave new world to the public? Sensationalism, like the recent 60 Minutes piece, is not the way. Not only is it alarmist, it gave no practical solutions other than to go buy anti-virus software from these companies that were just interviewed. It is not like computer security hasn’t been in the public view before. It’s been reported for at least 20 years (NYT 11/7/1988 “Computer Invasion: ‘Back Door’ Ajar”), and still the public is naive to the real threat of pervasively networked computers.
Like all panels, we thought, discussed, and speculated about the future, but reached no all encompassing conclusions. The problems will persist, and perhaps, it is our fault — we are loosing the war against the bad guys. The only real conclusion the panel can reach is that emerging research must include a clear discussion that the public can understand. People need their iPhones, but they should also understand what carrying an iPhone with them everywhere they go really means to their privacy. It is our responsibility as researchers to drive the discussion and be easily accessible because the world is changing faster and emerging threats are everywhere. If not us, then whom?
Tags: eurosec
Herbert Bos story is just an anecdote but take a look at http://edition.cnn.com/2009/POLITICS/01/22/obama.blackberry/index.html . Found something familiar?