Episode 79: Hackable Nukes and Dissecting Naughty Toys

In this week’s Security Ledger Podcast episode, the UK -based policy think tank Chatham House warned last week that aging nuclear weapons systems in the U.S., the U.K. and other nations are vulnerable to cyber attacks that could be used to start a global conflagration. We talk with Eddie Habbibi of PAS Global about what can be done to secure hackable nukes. Also: with CES raging in Las Vegas last week, we go deep with security researcher Jay Harris on flaws in connected toys being sold to children.

In this week’s episode: the UK -based policy think tank Chatham House warned last week that aging nuclear weapons systems in the U.S., the U.K. and other nations are vulnerable to cyber attacks that could be used to start a global conflagration.

Hacked Nukes
We talk with PAS Global about a Chatham House report on the hacking risk to nuclear weapons.

Hacking Nukes

The report raised a number of concerns. Among them, that hackers could infiltrate a nuclear weapons system without a state’s knowledge and jeopardize the integrity of the system. Human error, system failures, design vulnerabilities, and susceptibilities within the supply chain all pose a risk to weapons systems, Chatham house warned. To better understand the Chatham house report and what it means, we invited Eddie Habibi CEO of the firm PAS Global into the studios. PAS specializes in the security of industrial control systems, including the kinds of systems used to manage weapons. We talk about how weapons and other industrial systems end up getting exposed to the attentions of malicious actors and what – if anything -can be done to secure nuclear weapons systems.

Thomas the *%$#! Tank Engine

The consumer electronics show was held last week in Las Vegas and brought news of the next generation of smart, connected devices that will soon appear in homes and offices (or, maybe not). But whether those devices are secure from hackers and protect the privacy of data they collect and store is another matter entirely.

Talk To Thomas Application
Researchers from Digital Interruption found a way to send messages – even obscene ones – to different Talk to Thomas users.

If we’re to believe security researchers like Jay Harris of Digital Interruption, it is safe to assume that many of the connected devices that were trotted out in Las Vegas won’t hold up to scrutiny.  Harris and DI were behind the story we ran last week on the leaky adult VR game. He also recently received a bug bounty from the firm Toy Talk, which makes software used in connected toys like Barbie Dolls. His discovery: a way to manipulate a Talk to Thomas the Tank Engine application to send obscene or threatening messages to other users.

In this segment of The Security Ledger podcast, we speak with Jay about his research the companies churning out the connected stuff and where connected things fall short. Jay tells us about the Thomas the Tank Engine application and how he discovered the security flaw that won him a bounty. We also discuss how lax development practices and tools can cause security flaws to multiply across different products.

As always, you can check our full conversation in our latest Security Ledger podcast at Blubrry. You can also listen to it on iTunes and check us out on SoundCloud. And, if you like our intro music, give some love to the group JoeLess Shoe, who recorded “Baxton,” the song we use in just about every podcast.

Spread the word!