Hackers are increasingly making headlines, from the Syrian Electronic Army's successful hacks of major media outlets, including the AP and the Washington Post, to the story of a hacker who exploited a baby monitor and spoke to a child. Hackers' sophisticated antics can often seem nefarious, but some hackers are actually using their skills to look out for our greater good.
White hat hackers like the late Barnaby Jack have used their skills to identify security gaps, spot bugs, and warn businesses and developers of possible vulnerabilities. Some companies even challenge hackers to run attacks on their systems, and offer rewards to hackers who reveal vulnerabilities. After all, where there is technology, there is the potential for exploitation, and addressing problems quietly and securely allows companies, and all of us, to avoid widespread exploits.
Jack recently revealed that it's possible to hack implantable medical devices such as pacemakers, through which you can deliver a high-voltage shock to the patient. (He had already reported that insulin pumps can be hacked to deliver a lethal dose of insulin.) Such a scenario was portrayed on the hit show Homeland, in which a character sabotaged the pacemaker of the vice president of the United States. Jack was set to present the pacemmaker vulnerabilities at a Black Hat security conference earlier this month, but passed away a mere week before his talk.
A team of researchers from the University of Washington and the University of Massachusetts agrees that while the potential for this type of hack is low, there are inherent vulnerabilities in medical devices with communication capabilities. Such an attack has not taken place against a real patient at this time, but hackers have taken great pains to identify these risks before they could become real. By expressing their concerns, and by proving that the potential for sabotage exists, hackers have given major medical device manufacturers the opportunity to improve security for their patients. Medtronic, for instance, reacted to the successful hack of an insulin pump by hiring security teams to inspect its full line of products, and vowing to address security vulnerabilities in future products.
Jack also aided ATM manufacturers in 2010, when he revealed that he could hack into ATMs and make them spit money. Banking and ATM manufacturing companies weren't particularly thrilled that Jack made his revelations at the Black Hat conference, which is a public venue, but they were more than grateful to collaborate with him to improve their security mechanisms and fix the problems he identified.
These hacks all revealed hardware problems with the intention of perfecting the technology involved, and better protecting each product. But there are also ethically motivated hackers with political aims, such as hackers associated with the hacktivist group Anonymous. Such hackers often wish to positively impact our society, whether it comes to supporting the Arab Spring, or shutting down offensive protest groups like the Westboro Baptist Church.
We should stop thinking of hackers as a threat, and begin supporting the hackers who strive to improve security systems. Hacks done in good faith, and with the intention of improving security, should be rewarded frequently and well. After all, they're testing the security systems on which we all depend.