HANOVER, Germany (Reuters) - It’s not just computers and mobile phones that are vulnerable to cyber attack, according to software firm Trend Micro. As more devices are hooked up to the Internet, it could be anything from medical equipment to industrial machinery - and even sex toys.
To illustrate the point, Trend Micro spokesman Udo Schneider surprised journalists at a news conference this week by placing a large, neon-pink vibrator on the desk in front of him and then bringing it to life by typing out a few lines of code on his laptop.
While the stunt provoked sheepish giggles, the message was sobering. As the number of smart, interactive devices connected to the Internet explodes, concern is mounting about insufficient safeguards and a lack of consumer and employee awareness.
“If I hack a vibrator it’s just fun,” Raimund Genes, Chief Technology Officer at Tokyo-listed Trend Micro, told reporters at the CeBIT technology fair in Hanover.
“But if I can get to the back-end, I can blackmail the manufacturer,” he added, referring to the programming system behind a device’s interface.
Germany, host of CeBIT and home to world champion manufacturers, offers rich pickings for hackers, and attacks on industrial production sites are rising, according to the government’s latest IT Security Report.
In 2014, a German steel mill suffered “massive damage” following a cyber attack on the plant’s network. In recent weeks, several German hospitals have come under attack from Ransomware, a virus that encrypts data on infected machines and demands that users pay to get an electronic key to unlock it.
The German government got its own wake-up call last year, when hackers attacked the lower house of parliament’s computer network, forcing it to shut down the system for several days and compromising large amounts of data.
"If someone decided to start shooting with a pistol from the roof of the Reichstag (parliament), security guards would be all over them. But when data are siphoned off for months, no one bats an eyelid," said Dirk Arendt, director of public affairs at Israeli cyber security firm Check Point Software Technologies CHKP.O.
“There is a lack of awareness.”
Responding to the growing cyber threat, Germany approved an IT security law last July that orders 2,000 providers of critical infrastructure to implement minimum security standards and report serious breaches or face penalties.
Fifty-one percent of companies have been victims of digital espionage, data theft or sabotage in the past two years, according to IT lobby group Bitkom.
The threat is more acute among Germany’s small-to-medium-sized manufacturers, known as the Mittelstand, where two-thirds of firms registered attacks. As companies move to connect machinery to the Internet to enable it to collect and exchange data and make it easier to control remotely, 84 percent of managers expect the risks to rise, according to Deutsche Telekom’s Cyber Security Report.
While Germans are vigilant about data protection because of their experience of state surveillance by the Stasi secret police in East Germany and the Gestapo under the Nazis, Arendt said more attention needed to be paid to data security.
Employees need to be made aware of the dangers of opening suspicious-looking PDFs in the same way that motorists are warned by giant roadside signs not to speed, he added.
“We only wake up when the damage is done,” he said. “There are enough examples of successful hacking cases. Now the next steps need to be taken to get back into a secure area.”
($1 = 0.9002 euros)
Reporting by Caroline Copley; Editing by Mark Trevelyan
Our Standards: The Thomson Reuters Trust Principles.