thoughts rd95?
The "Internet of Things" keeps me awake at night. I may not have the skills, but I have read a ton of fiction and non-fiction, and I have a curious mind. Want to raid a house for warrants/drugs/national security? Packet sniff the building and build a pattern of comings and goings. If they have a baby monitor, break into the most likely UNENCRYPTED feed and listen inside the house from the station or anywhere in the world if needed. Monitor the fridge to see when they are likely to go to the store and pick them up outside the house/building. Monitor the wifi and keep tabs on the meta data of where they go online, what devices connect to the inside wifi building a database of phones, laptops and mobile devices. Do they have an Amazon Echo? That thing records voices in order to be able to issue voice commands. This is even before we get into the XBox blatantly spying on occupants of the room it sits in, or smart TV's reporting your viewing history back to the manufacturer live and unencrypted. You think the NSA is intrusive now? Wait until the local PD gets tech savvy and starts to do some of this crazy stuff; the judges are old and don't understand the tech and the prosecutors all see this as ways to increase confessions. "OK, we got the evidence to convict you, but we'd rather get a confession out of you. Here is a list of all the food you ordered through your refrigerator and your web browsing history."
Speaking as a former acoustical consultant: We used to get calls every now and then from folx with grow houses. The DEA would usually put on the warrant "we heard the exhaust fans from a quarter mile away." They would then ask us to testify, as expert witnesses, that there was no f'n way that they heard exhaust fans from a quarter mile away. We never took those cases, but there was no f'n way they heard exhaust fans. They got their information illegally and they tarted it up so it might stick. Law enforcement, in my experience, is a lazy, corner-cutting world. Not to say they won't sniff the fuck out of every packet coming across the wire... but until a gag order gets imposed upon law enforcement internet requests, law enforcement isn't likely to do any hacking. You're right - unencrypted shit for sure. And they'll never tell anyone. They'll say they heard the exhaust fans from a quarter mile away. I've heard for fifteen years about the booze on the loyalty card records used to discredit the plaintiff suing for slip'n'fall. To the best of my knowledge, it remains a myth. It won't take too many nasty cases before everyone starts insisting on their shit being encrypted. But it'll take a few.
The FBI has been going all out with pedophile forums on Tor for years. The Freedom Hosting one got a lot of attention, but after it became clear they weren't exploiting Tor itself they don't make too much noise. No one likes the FBI distributing malware and running phishing scams, but they seem to be just going after pedophiles and it's hard to care that much about the FBI pwning pedos.until a gag order gets imposed upon law enforcement internet requests, law enforcement isn't likely to do any hacking
That doesn't surprise me at all - and I'll bet they've got all the warrants they need. I'd argue that there's a big difference between the FBI targeting people on Tor and your local Boss Hoggs wardriving for wide-open webcams.
Every car hack I have ever seen has depended on either 1) Physical access to the car, that is sticking a new device into the car's network. That is time consuming and not at all inconspicuous. Defending against such attacks would be a good thing, but if you want to sabotage a car and have the opportunity to open it up and tinker with the electronics, attacking the computers is probably the hard way to do it. 2) The manufacturer not paying any attention at all to security. Safety-critical components should not be talking to non-safety-critical components at the very least. This is understandable, because they have only recently started needing to. They will get better as the need becomes obvious. Security is something car manufacturers need to start paying attention to, but car exploits aren't something to panic over. Not yet, at least.
I think the gold standard so far is the jeep hack, wherein the most malicious thing they were able to do was put the tranny in neutral. That said, I'd be curious to hear your thoughts on Michael Hastings. My personal opinion is that the only people who might care enough to break into a Mercedes and plug something nasty into the OBDII port are the CIA, and the C250 he was driving does have a drive-by-wire throttle.
I believe that could be done, and it would not surprise me in the slightest if someone at one of the TLAs had built canned something nasties for a variety of cars, but I find him just getting in a car crash much more plausible than the CIA deciding to assassinate a Buzzfeed writer.
Oh, hmm, well. Uh, lil, I'm not really a good person to ask about these kinds of things. I'd actually like to hear what kleinbl00, insomniasexx, bfv, and the other tech savy people on this site think. Personally, I'm a bit of a luddite and my knowledge about how technology really works and what people can do with them borders on the paranoid (though I did suspect that the government did a lot with our phones and internet well before the whole Snowden leaks). That said, I think until we can better protect ourselves from problems like these, the less things connected to the internet, the better. Cars, thermostats, fancy shoes and children's toys that can communicate with our phone, etc. just create more and more holes for people to take advantage of.