The Department of Justice has formed a threat analysis team to study potential security challenges posed by all our internet-connected things.
I can tell you their results without spending a single taxpayer cent.
They’ll find threats. Terrible, horrifying, existential threats.
The threats will cause human suffering the likes of which the world has never seen before. Researchers will have computer models that calculate the certainty of an IoT holocaust. An interplanetary IoT apocalypse. They’ll tell tales that’ll straighten your pubes.
When it’s your job in life to study how dangerous a thing is, the conclusion is always that it’s SEVERELY DANGEROUS. Anything less looks negligent. It doesn’t matter whether that thing is vaccines, 3-ounce shampoo bottles, or antibacterial hand soaps – declare that they’ll lead to the death of us all. That’s how you create job security.
The government will totally be on board with the strategy. Fear-mongering is how political leaders maintain fealty (see also: Trump). A terrified population is a docile population.
When people are scared, they need something done that will make them feel safer. The government will go above and beyond in meeting that need with an elaborate choreography of security theater.
They’ll form a 3-letter agency. They’ll design mandatory duck-and-cover drills. Offer tax credits for basement bomb shelters. Test the air raid sirens once a week.
Also, there will be MASS SURVEILLANCE. The solution always includes MASS SURVEILLANCE.
When we were worried about homosexuals, the FBI tracked the clientele of gay bars. When we worried about meth labs, the DoJ started tracking Sudafed. When we worried about terrorists, we gave the government free reign to read all our emails.
When it comes to internet-connected things, we’ll begin by monitoring the passengers and routes of self-driving cars. Was there any question about whether this would happen in the first place? Head of DoJ National Security Division John Carlin has pointed out that the July truck attack in France is an example of how automated driving systems could present a security threat if remotely hijacked.
Once Mr. Carlin realizes that the attack truck was not, in fact, a self-driving car, but a 2012 Renault Midlum with a disturbed driver, we’ll stop worrying about self-driving cars. Instead, we’ll focus on dealing with disturbed drivers.
JUST KIDDING. We’ll pass legislation to track ALL the cars. Roadworthy vehicles will require transponders. Surveillance radars will monitor their movements. If a car displays suspicious driving activity, we’ll deploy a fleet of battle tanks to circle the wagons.
Then we’ll move on to other connected objects. Toilets! Pacemakers! Sex toys! Toasters! Could any of these things be hacked and turned into a weapon of mass destruction? I don’t know, but the government will wiretap all the things to find out!
Or we could just, you know, refrain from connecting all our things. But that wouldn’t be a good use of tax dollars at all.
I don’t think describing the driver of the Renault van as being “disturbed” is accurate.
To say the least.
We have this really cool demo at DARPA when I first started. Cars have so many microcontrollers and that do some computation and communicate over some insecure protocol or frequency. After about an hour of sniffing packets broadcast from a remote vehicle we could gain compromised access to power steering automatic braking systems for a 60 minutes filming. Man, that really freaked some people out!
http://www.cbsnews.com/news/darpa-dan-kaufman-internet-security-60-minutes/
you have to be within wifi range, right? could this actually be conducted in a real-world situation?
Found a copy of that demo that hasn’t been paywalled or DMCA’d yet.
https://youtu.be/mgAjvmgr08w?t=6m42s
You’d need to be in wifi range if you’re hacking into wifi. You’d be surprised how many cars come with unencrypted wifi hotspots with open ports. Bluetooth is easy since device/security protocols are vendors responsibility so so nobody does it. Some BLE devices hard code 0xff 0xff 0xff 0xff 0xff 0xff.. as the auth token.
You can pretty much compromise any electronic receiver like radio, sensors, abs by blasting it’s operating frequency into a crash/restart. If that device has a known vulnerability, it then is the sweet kiss of death, a stack-buffer overflow.