Wass-Up Tech: Oracle,Volkswagen, Delta. Crack, Smash, Down!

INDIA: No business in today’s age can afford an outage. If you happen to be an airline to top that, well not much remains to be said.

Even the reported $150 million being spent this year on technology upgrades can’t fix the long queues and exasperation of irate passengers that resulted after a major outage in Delta Airlines’ systems this week. Crippled with a fault in its operations servers, the airlines saw a lot of its planes grounded, flight data not updated and chaos pouring out all over. With over 2000 flights cancelled, many delayed, and precious passengers left hanging and waiting, this was a case of IT going awry in its unexpected form (an Atlanta electric component-failure triggered shut down of an important data centre as per what has been diagnosed).

Back-up system hand-over did not work out in this case. Resorting to manual processes to salvage some face did not help too much either. For the short-term, vouchers ($200), refunds, waivers etc. may be a temporary step, but in the long-run, a good look at IT transformation and strategy is what could lift the airline from this rough pocket.

Incidentally, the airline has recently made a change in its CIO’s seat. The glitch is not isolated and not long back American Airlines and United Airlines too suffered the consequences of IT not playing along. The problems of transaction data volume, inadequate real-time back-up and capacity as well as complexity of systems come into the fore again with this turbulent episode.

So did other questions in the neighbourhood of airline industry- the retail industry, thanks to Oracle Micros hack. Yes, one more IT trouble of considerable scale and impact happened that side too.

A crack in a POS was tapped ruthlessly by some hackers (whether it was indeed a Russian gang, is still out for conclusion). Major retailers and hoteliers are already dreading the what-next stage, etc specially after the likes of Hyatt and Wendy’s have confronted major breaches only last year, not to forget what Target etc had to go through with a credit-card fiasco. The malicious code infection spread from one single compromised system and Oracle was reportedly issuing password reset requests to customers while investigating the attack in detail.

The company has company. Auto industry was not spared from this wave of exposures swallowing major corporations this week. Millions of cars at Volkswagen run the risk to be cloned with a wireless hack coming to the surface.

Flaws in keyless entry system aided to the new vulnerability of remote-cloning attack. Researchers (University of Birmingham - UK, and German embedded-security consultancy Kasper & Oswald) have even warned that the tampering risk could extend to ignition system as well. A paper from them is going to reveal more details. This concerns models from 2000 to 2016 and indicates a flaw of using only a few crypto global master keys, which was discovered during a reverse-engineering study.

Keyless entry system weaknesses are not limited to Volkswagen alone, and it was found that due to Hitag2 system, others like Renault, Peugeot, Opel, Ford and Chevrolet could be in a vulnerable spot as well. This fault also opens a box about companies’ stated limitations due to documentation and information-sharing needs under interfaces like OBD (On-Board Diagnosis) which are involved in such spaces.

Replacing fobs won’t help much, be it VW or Retail systems or Airline servers. The industry needs to find a better key for pre-empting such mishaps.  Being a user of new-age technology in any segment, should only mean good news, and not the headlines that appeared this week.