Auto-Immune: "Symbiotes" Could Be Deployed to Thwart Cyber Attacks

Running on CPUs to detect malware targeting embedded computers that run car system and utilities, symbiotes may not only serve as immune systems for their devices, but also help reveal a previously unseen ecosystem of malware

By Charles Q. Choi

PRINTER DANGER: In 2011, computer scientists revealed they could hack into printers and break into every computer linked to these printers. Image: Flickr/James F Clay

Anti-hacker defenses have long focused mainly on protecting personal computers and servers in homes and offices. However, as microchips grow smaller and more powerful, new targets for hackers are becoming widespread—embedded computers such as the electronics handling car engines, brakes and door locks; the routers that form the Internet's backbone; the machines running power plants, rail lines and prison cell doors; and even implantable medical devices such as defibrillators and insulin pumps. Many of these embedded devices can now link with other computers, putting them equally at risk to intruders. Indeed, in October, Secretary of Defense Leon Panetta warned that the U.S. faced the threat of a "cyber Pearl Harbor" if it failed to adequately protect these systems, echoing a warning CIA Director John Deutsch gave to Congress in 1996 about an electronic Pearl Harbor (pdf).
Now computer scientists are devising guardians they call symbiotes that could run on embedded computers regardless of the underlying operating systems. In doing so, they may not only help protect the critical infrastructure of nations and corporations but reveal that warfare against these devices may have been going on unseen for years, researchers say.
The problem is worse than you might think. Already research has shown that a vast number of machines lie completely open to attack. For instance, in 2011, after scanning large sections of the Internet, computer scientists Ang Cui and Sal Stolfo at Columbia University identified more than 1.4 million publicly accessible embedded computers in 144 countries that still had factory default passwords that would give anyone with online access total control over the machines. These devices, which make up about one in five of the embedded computers they found (pdf), included routers, video-conferencing units, cable TV boxes and firewalls used to defend computer networks.
These vulnerabilities pose a host of dangers. In 2011 Cui and Stolfo revealed they could hack into printers (pdf) made by Hewlett–Packard with infected documents or by connecting to them online, allowing them to spy on everything printed with those machines and to break into every computer linked to the printers. (HP has since fixed this vulnerability.) Cui also explains it could be easy to develop malicious software or malware that would allow hackers to shut down infected routers just by pinging them an innocuous data packet.
Attacks against embedded system aren't the kind "where criminals are trying to get credit card data," Cui says. "They're more stealthy. More sophisticated. This is corporate espionage–level stuff. Cyber war–level stuff. The people looking to target these systems aren't out to make a big splash, but might aim to take down a country's critical infrastructure."
One problem researchers face in designing safeguards for these vulnerabilities is the incredible diversity found in the programs running embedded computers. For instance, Cui notes that routers made only by Cisco possess about 300,000 different firmware images—the operating systems of embedded computers and their accompanying programs.