Smart Nation projects could be 'hijacked' due to hardware flaws

Security concerns loom large over Singapore's Smart Nation projects following the disclosures two weeks ago of major hardware flaws in almost all computers and smartphones worldwide.

Security experts fear that the flaws - which affect more hardware than initially thought - would allow hackers to commandeer fleets of autonomous vehicles and surveillance cameras that are being rolled out as part of the Smart Nation initiatives.

But these initiatives will carry on, the Smart Nation and Digital Government Office (SNDGO) told The Straits Times.

"There are no changes to our plans," a spokesman said.

The two flaws, dubbed Meltdown and Spectre, were initially found in chips designed by Intel, Advanced Micro Devices (AMD) and ARM. They were discovered last year but made public only on Jan 3, and they allow hackers to access a computer's memory and steal passwords and confidential documents.

"The flaws can also be exploited to plant malware in autonomous vehicles and Web cameras to launch sophisticated targeted attacks on critical infrastructure," said independent global cyber-security expert Aloysius Cheang.

Singapore

This is no smiley faced robot, but it should make you smile

Jul 27, 2022

Related Stories

SafeTravel website crashes due to surge in travel pass applications

5.9 million customers hit by RedDoorz data breach

All government agencies to accept digital ICs from next week

On Jan 5, Nvidia, which works with several self-driving carmakers, joined the list of affected chipmakers when it issued software fixes for its graphics chips.

Insisting that its chips are immune to Meltdown and Spectre, Nvidia said it is updating its software drivers because they interact with potentially vulnerable processors.

Mr Tony Jarvis, chief strategist at security software firm Check Point Software Technologies, said: "The list of affected chips and products is growing; and it is far from a small number of companies."

The regulatory authorities have been slow to lay down rules on how IoT devices should be secured, contributing to the severity of the problem, especially when IoT devices are used on a national scale.