If something can connect to a network, it can be hacked. Computers and phones are still popular targets, but increasingly so are cars, home security systems, TVs and even oil refineries.
That was the message at this year's Black Hat and DefCon computer security conferences, which took place last week in Las Vegas. The annual conferences draw a mix of computer researchers and hackers who present the latest bugs and vulnerabilities they've discovered. It's a combination of public service, business and sport.
These are some of the more popular targets covered at this year's conferences. By drawing attention to them, the "white-hat" hackers hope to encourage greater security from the various manufacturers and industries, and more vigilance from consumers.
Typically, the presenters inform manufacturers of bugs ahead of their talks so the companies can fix the issues before they are exploited by criminals.
Someone hacking your computer can be an inconvenience. Someone hacking your car can be deadly.
A pair of presentations on hacking cars kicked off the DefCon conference on Friday. Australian hacker Zoz outlined the security issues fully autonomous cars will face and said car-hacking is inevitable.
Autonomous vehicles like cars and drones are essentially robots, and they rely on sensors to operate. He said a hacker could theoretically take complete control of a car over wireless networks or trick its various sensors into feeding a motorist false information about location, speed and the proximity of other cars or objects.
Fully driverless cars are still a few years away, but computerized systems are common in vehicles on the road today. Electronic control units can control a range of car functions, including braking, accelerating and steering. They manage security features, in-car displays and even seat belts.
Researchers Charlie Miller and Chris Valasek, funded by a grant from the U.S. military's DARPA, looked into what kind of damage hackers could do to a car by taking control of a Toyota Prius and a Ford Escape.
To access the systems, they had to physically connect a computer to the cars through a diagnostics port. They wrote custom software that let them hijack the cars' systems.
Once in control, they disabled brakes, changed the display to show incorrect speed or gas levels, and messed with the steering and seat belts. They were able to kill the engine and toy with with less consequential features like the car's horn and lights.
Toyota played down the wired demonstration and said it is focusing on security measures to prevent wireless attacks.
Attacks on personal computers used to be the bread and butter of cybercriminals, spawning a lucrative industry of black-market malware and the anti-virus programs that fight them.
The next big target is smartphones. Mobile devices are not impervious to attacks, even though walled-off app stores have kept much of the malware at bay.
Kevin McNamee demonstrated how a piece of malware could turn an Android smartphone into a "spy phone" that remotely monitors its owner, sending information on the location, communications and content, like photos, back to a third party.
The hack isn't new, but McNamee managed to inject the malicious code into popular apps like "Angry Birds." Once it was installed, the user would have no idea that their phone was acting as a remote surveillance device.
Verizon "femtocells" -- small boxes used to extend cell service -- were hacked by security researchers at iSEC Partners to intercept calls and any other data sent over cellular networks like texts, images and browsing history. The wireless carrier issued a fix for all its femtocells, but researchers say other networks could still have the same issue.
With $45 in hardware, researchers Billy Lau, Yeongjin Jang and Chengyu Song turned an innocent-looking iPhone charger into a tool for gathering information such as passcodes, e-mails and other communications, and location data directly from the smartphone. Apple thanked the researchers and said it is deploying a fix for the bug in its iOS 7 software update, which comes out this year.
The too-smart home
Thanks to cheap, low-power sensors, anything in your house can become a "smart" device, helpfully connecting to the Internet so you can control it from a computer or smartphone. Smart home security devices have the potential to cause the most damage if hacked, and two separate demonstrations showed how to break in by opening "smart" front-door locks.
Another unsettling trend at the conferences was spying on unwitting people through their own cameras. Home security cameras could be disabled by someone who wanted to break in, or they could be turned into remote surveillance devices. One researcher showed how she easily took over the camera stream on a child's toy from a computer.
Researchers Aaron Grattafiori and Josh Yavor found bugs in the 2012 model of the Samsung Smart TV that allowed them to turn on and watch video from the set's camera. Samsung said it had released a software update to fix the issue. (Many security experts suggest placing a piece of tape over any cameras you don't want surreptitiously watching you, just to be safe.)
Hackers get personal