gfxgfx
 
Please login or register.

Login with username, password and session length
 
gfx gfx
gfx
75326 Posts in 13189 Topics by 2636 Members - Latest Member: falcogiallo August 23, 2017, 06:15:18 am
*
gfx*gfx
gfx
WinMX World :: Forum  |  Discussion  |  WinMx World News  |  smart gadgets, really all that smart?
gfx
gfxgfx
 

Author Topic: smart gadgets, really all that smart?  (Read 936 times)

0 Members and 1 Guest are viewing this topic.

smart gadgets, really all that smart?
« on: August 14, 2013, 12:09:59 am »
http://arstechnica.com/security/2013/08/philips-hue-lights-malware-hack/

Quote
Weaknesses in a popular brand of light system that's controlled by computers and smartphones can be exploited by attackers to cause blackouts that are remedied only by removing the wireless device that receives the commands, a security researcher said.

The vulnerabilities in the Hue LED lighting system made by Philips are another example of the risks posed by connecting thermostats, door locks, and other everyday devices to the Internet so they can be controlled by someone in the next room or across town. While the so-called Internet of Things phenomenon brings convenience and new capabilities to gadgets, they come at a cost. Namely, they're susceptible to the same kinds of hack attacks that have plagued computer users for decades. The ability to load a Web page that causes house or office lights to go black could pose risks that go well beyond the typical computer threat.


Offline White Stripes

  • Core
  • *****
  • ***
  • Je suis aimé
Re: smart gadgets, really all that smart?
« Reply #1 on: August 14, 2013, 06:31:37 am »
first we have remote controlled uh.. toilets.. now remote controlled lights? both exploitable ... add remote controlled cars to that list (the big kind of car not the toys) and you've got script kiddie heaven

Re: smart gadgets, really all that smart?
« Reply #2 on: August 14, 2013, 07:27:17 am »
ummm

[youtube]http://www.youtube.com/watch?v=AExusyOAD5s[/youtube]

Offline White Stripes

  • Core
  • *****
  • ***
  • Je suis aimé
Re: smart gadgets, really all that smart?
« Reply #3 on: August 15, 2013, 07:59:18 am »
ok.. my inner nerd was tickled pink watching that car do that on its own (show me it drive her back home without any human assistance and i'll be even more tickled) but i know there will also be people that will sit in that garage with laptops and software defined radios to unlock the doors, start, and very promptly leave with said car....

Offline GhostShip

  • Ret. WinMX Special Forces
  • WMW Team
  • *****
Re: smart gadgets, really all that smart?
« Reply #4 on: August 15, 2013, 11:16:17 am »
It seems you are an accomplished student of human nature Stripes  :yes:

Btw did you notice the vehicle seems to have been speed limited to about 5 miles per hour in case it goes "skynet" on the world ?

Offline White Stripes

  • Core
  • *****
  • ***
  • Je suis aimé
Re: smart gadgets, really all that smart?
« Reply #5 on: August 17, 2013, 02:08:13 am »
i think the 5mph speedlimit is so it wont bump too hard into things if it messes up.... for as long as it took it to 'see' that wall when it first started out i wouldnt want it going more than about 5mph lol

Re: smart gadgets, really all that smart?
« Reply #6 on: August 27, 2013, 11:50:58 pm »
just to follow up on the not so smart smart devices

http://www.theregister.co.uk/2013/08/27/tesla_cars_hackable_says_dell_engineer/

Quote
Slack authentication in Tesla's Model S REST API exposes the electric car to a variety of non-safety but non-trivial attacks, according to a Dell engineer and Tesla owner.

In this post over at O'Reilly, Dell senior distinguished engineer and executive director of cloud computing George Reese says the “flawed” authentication protocol in the Tesla REST API “makes no sense”. Rather than using OAuth, Tesla has decided to craft its own authentication, which Reese unpicked.

There's one small reassurance for owners of the 'leccy car: none of the vulnerabilities he discusses cause any kind of safety issue – although he creepily notes that an attacker would be able to see everywhere the car goes.

Tesla, it turns out, has broken one of the golden rules of security – the one that says “don't re-use user IDs and passwords for different functions”. In this case, the e-mail and password used to build the car at the Tesla Website are retained later for customers logging into the car via the Website.

There's also a persistence issue: when a user logs into the Tesla Website to get to their car, it creates a three-month token for which there's no revocation mechanism. If the system is compromised, the attacker would have access to the login for three months, and if “an attacker gains access to a website’s database of authenticated tokens,” then all the cars would be visible to the attacker.

While the flaw doesn't offer access to any “operational” aspects of the car – like steering or brakes – the risks are still significant. An attacker could fool around with configuration settings, the climate control, the sunroof, open the charge port, and anything else supported by the API. Apart from tracking owners' movements, “there is enough here to do some economic damage both in terms of excess electrical usage and forcing excess wear on the batteries”, Reese notes.

Offline White Stripes

  • Core
  • *****
  • ***
  • Je suis aimé
Re: smart gadgets, really all that smart?
« Reply #7 on: August 28, 2013, 08:56:54 am »
i guess opening the sunroof isnt as bad as throwing on the brakes... tho in both cases if i found out my car was susceptible to internet attack i would find the fuse to the wireless device that day...

WinMX World :: Forum  |  Discussion  |  WinMx World News  |  smart gadgets, really all that smart?
 

gfxgfx
gfx
©2005-2017 WinMXWorld.com. All rights reserved.
SMF 2.0.14 | SMF © 2017, Simple Machines
Page created in 0.044 seconds with 22 queries.
Helios Multi © Bloc
gfx
Powered by MySQL Powered by PHP Valid XHTML 1.0! Valid CSS!