SPECIAL REPORT: Beware the cyber-spy hiding in your fridge

The internet has transformed our lives, but in so doing it has brought its own problems. Stephen Oryszczuk talks to those at the forefront of Israel’s online battle

With no warning, Tel Aviv falls into darkness, its electricity grid hacked. In the streets, people panic as systems fail all around. In an IDF basement, the suspect is quickly traced, and an elite unit mobilises. The perpetrator? Your fridge.

“Increasingly, everything’s connected and our lives depend on that connectivity,” says Prof Dan Blumberg from Ben-Gurion University, whose job it is to know these things, and to plan for the threats. “Your fridge, watch, TV, washing machine, air-conditioner, car – they’ll all be connected, to the internet and to each other.”

He needn’t crystal-gaze too much. Already, opportunities abound. Just this week, Chrysler recalled 1.4 million cars after security researchers demonstrated how they could commandeer a Jeep Cherokee remotely, engaging the brakes and cutting the transmission. “This is the kind of software bug most likely to kill someone,” they said.

Blumberg’s team have found similar weaknesses elsewhere. “Doctors walk around hospitals with mobile devices transmitting your medical records over wi-fi,” he says, under slightly raised eyebrows.

“More and more elements of our lives depend on devices telling us what we should be doing at any given moment. We make the decisions, but we use lots of utilities as we go along, and it’s all open to abuse, some financial, some terror-related.”

Blumberg is a senior figure at the heart of Israel’s cyber security infrastructure, as is his colleague, Prof Yuval Elovici. It is unusual to speak to people at their level, and they are limited in terms of what they can say, but two-thirds of the attacks against Israel are motivated by money, Blumberg says, the rest are because it’s Israel. At the moment, only five percent are state-sponsored attacks, but Blumberg and Elovici predict that hacks of this nature will increase significantly over the next 2-3 years.

Their teams, comprising Israel’s best and brightest, are located in the Negev, alongside the IDF’s new home and a cluster of technology companies. They are not charged with monitoring the online threats, but with identifying vulnerabilities and developing safeguards. It’s the new front line in the fight for the State of Israel.

“We’re finding that our firewalls and safeguards aren’t safe,” Blumberg says. “We thought you couldn’t hack a stand-alone computer, but now we know you can.

“We thought you couldn’t hack our electric grid, because it’s not connected to computers, but now we know you can.” How? “If you cause a power generator to change its behaviour using certain changes on the grid, you can cause a whole city to lose electricity.”

The rate of pace in this field is phenomenal. Ten years ago, no-one had heard of ‘cyber security’, but then, 10 years ago, we all had those Motorola flip-phones. Now, hearing talk of decryption, cryptography, algorithms and ways to detect “anomalous activities across cellular networks”, it’s clear we’ve moved on.

A quick look at what the teams are developing confirms it. This includes ways to prevent the theft of your data from your phone via Bluetooth (yes, the person sitting next to you on the bus could be sucking up your emails while you scroll the news!). It also includes BGU’s Air Hopper. “We turned a standard video card into an FM transmitter,” Blumberg says. “So, using just a phone, you can transfer data from a standalone computer in one room to a cellphone in another.”

There are vulnerabilities everywhere, Elovici says. “Any mobile phone today can be attacked and compromised. There are many, many ways to do it.” After he was asked by Deutsche Telekom to analyse the security weaknesses of Google’s operating system Android, he confesses: “We were very concerned about the issue of privacy.”

Noting the recent revelations of NSA/GCHQ activity from whistleblower Edward Snowden, Blumberg says privacy is an issue Israeli lawmakers could help with. “The more things are connected, the easier it is to monitor, because you’re more exposed. But your privacy is also exposed, so we have to put safeguards in to protect people’s privacy. I think that can be done. It requires legislation, but it can be done.”

At Ben-Gurion, near Be’er Sheva, the university’s technology is transferred to firms a stone’s throw from Blumberg and the IDF’s technology unit. “You have the youngsters who go through the IDF here, near campus, near industry, so you get everyone collaborating, and you leverage the economy also. It’s a great blessing.”

The technology can be applied beyond cyber security, he says, with students and professors taking data from satellites to survey natural disasters and environmental changes using remote sensing, with microwave and thermal imaging, to help to spot future disasters. But it is in cyber security that attention is greatest.

Israeli universities actually co-operate extensively in this field, both within Israel and abroad. The UK, US, Germany, India, Singapore and Japan are all partners too, Blumberg says, without giving details. “You collaborate with anyone you have mutual interests with.”

Pressed on which countries currently lead the cyber race, he smiles but won’t be drawn, saying only: “We have some very smart guys here.”