Dumb vs Smart


It seems in many ways dumb devices are better than smart devices:

Why? Security, privacy, and quality.

Anything with a network connection can be hacked: smart TV’s, cars, streaming boxes, appliances, routers and every other smart device, or IoT device, have all been hacked.

Anything that gets a software update can get hacked. That’s called a backdoor.

Then there’s the fact that most smart devices track how you use them, and many of them upload and sell that information to 3rd parties. There is money to be made in tracking the habits of their users, and companies exist to make money.


Think about it. Look around your life. Think about what you need to do, and if that needs to be trackable, hackable, and exploitable.

Things we used to do without smart technology:

  1. Drive somewhere
  2. Watch TV or Listen to music
  3. Read a book
  4. Play a game
  5. Talk to a friend
  6. Research something

1. Insert needle into groove. 2. Enjoy!


Nowadays, most people use connected devices to accomplish these tasks. The underbelly of the convenience they promise is the tracking and exploitation these devices offer their manufacturers.

Is the world better after knowing everything you’ve watched, listened to, read, googled, browsed, and seen?  I’d argue no.

The only thing improved is the bottom line of the company selling this data, and their ability to get the device to keep you using it longer than you would have naturally.

I always feel like somebody’s watching me!

The lack of security and privacy in their software is covered up with perpetual updates.

Overall, the whole situation doesn’t feel very smart to me.

Apple Is Fighting For Our Digital Future

The FBI is doing a criminal investigation on a mass murder committed by americans. Some call it a terrorist attack, some don’t. Either way it’s a high profile case for the Obama justice department.

The couple that committed the crimes worked for the county government in California. The investigation has requested and received all of their online records, cloud data, phone records, work data, SMS, banking, housing, and travel receipts.

The one thing the FBI hasn’t been able to get into is their work-assigned iPhones. The now deceased users had enabled full security with encryption on the most recent iOS and did not turn on cloud backup. They put in a 4-pin code like all of us and went about their business.

The FBI now wants to know what business those iPhones might have stored. Makes sense. Problem is they lost their chance to bypass the full lockdown mode, against Apple’s advice, and now they are locked out for at least a very long time, if not forever. It’s estimated it would take 20+ years to crack the iPhone using brute force, due to all of the layers of security iOS has in place in both hardware and software.

So the FBI is now attempting to force Apple to create an insecure version of iOS that could be installed on the phones that would then allow the FBI to crack the phones.

10_46-512x288


Apple is arguing that doing so would destroy the established security of every iPhone on the planet. They say it’s akin to building the master key to decrypt even the most heavily secured iPhone and they won’t do it. It’s software’s version of cancer, says Tim Cook, and he’ll fight the FBI all the way.

It’s important to note that had the FBI followed Apple’s instructions they could have forced those iPhones to do a cloud backup and then decrypted most of the data. But instead, someone at the FBI ordered the phone be reset with no backup, leaving it in a decrypted, locked, and defensive state, and they now regret that decision.

Apple losing this case could kill the iOS and it’s ability to safely store your financial, credit card, location, and health data. Apple could no longer promise you it’s your data to secure.

The ends do not justify the means.


 

tim cook abc news interview


That user could have nuclear plans encrypted on his iPhone. I support any brute force, seizure or other legal means available to the FBI to get the data.

But the FBI better not be able to compel Apple or any tech company to ship insecure products under the guise of security. The actions of one customer, no matter how heinous, cannot and should not destroy the security of millions of other innocent customers.

 

Your Password Or Your Soul

homey


Will there be life after passwords? We are currently drowning in them – some more than others. A fella like me might need to enter 50 different passwords of increasing complexity just to get by a week in 2014.

It’s a growing problem because hackers and their security breaches, accompanied by the illegal market for passwords farmed from cracking programs, has made it difficult to stay secure, even with such complex passwords. Putting spaces in them helps but it’s not really simplifying anything.

So what to do about it? Is there a world in which we can live with all the technology minus all the passwords? DARPA (the peeps who started the internet 40+ years ago) is working on it, and their studies are fascinating. Here’s some potential replacements for the password (aka “user authentication”):

  • Your heartbeat vibrations, as recorded by your phone
  • The way you respond to error and system messages (a personality test)
  • How your hand shakes as you hold it. Grandpa method.
  • How you write texts and emails, based on slang and favorite phrases.
  • The “visual fingerprint”: both camera inputs and the screen activity on the phone. The phone needs to see daddy (or his pocket) to turn on!
  • How you walk (your gate) as recorded by your phone over time. Walk to unlock?

Read about these programs here.

This is pretty amazing tech, with many of these methods already working on modern phones using no added hardware.

But the flip side as I see it at first blush: we are giving up our anonymity even more, giving that much more power to the machines. If my phone needed to know it was me to use it, no matter what, while that is secure it just isn’t practical. A spouse, business partner, tech support, small business, children and friends are all potential password sharing situations.

If we have to prove we are allowed into the machine beyond ways that we are able to share through human methods, then we have lost that much more control over the machine world.

But yay! The future sure will be fun! If my machine must know it’s me for security purposes, it will know it’s me for other less critical purposes.

 

A More Powerful Computer Virus

Great — there’s a new security risk popping up that has a lot of people worried, and it uses USB to change the game and raise the risk of what can be infected if your system is compromised.

Traditional software viruses live on a hard drive, as an App or part of the OS. Protecting your drive from getting infected has been the defense.

If you picked a virus up you tried to scrub it from your drive. If successful your computer was restored to regular use. If not successful you could reformat your drive, restore your data from a backup, and return to normal work.

But now USB firmware has been cracked and can be spoofed. Firmware is the little bit of software built into all USB devices that handles low-level operations such as Who/What/When/Where/Why. See, if you manage to get compromised firmware onto a device, it can say it’s something it’s not. It can misrepresent itself and do tasks not associated with it at all. Traditional computer viruses can easily start installing evil firmware to your devices.

For instance – a USB stick with compromised firmware could ID itself as a keyboard and tell the computer to open a command window and accept what it ‘types’. A camera with comprised firmware could take your data while it’s copying pictures to your drive. A USB keyboard could run a keylogger program, recording all your passwords and using your computer to transmit them to someone else.

And even worse — a USB device is actually allowed to ID itself as multiple things simultaneously, so your computer would easily accept whatever USB devices it sees.

Detecting the bad firmware is also very difficult. Nothing on the market currently would even be able to recognize a problem with the device. It could do it’s dirty work in the background for years without ever being detected.

Adding to this is the intimacy at which firmware and the hardware interact. Even the tools to debug or monitor firmware needs the firmware to work. Compromised firmware could continue to report that there is no problem. Firmware is designed to allow updates over top of itself, and only the factory that builds the device could guarantee that the device has clean firmware.

All in all, a messy situation, one that probably kept one of the designers of USB up all night.

Put into simple terms — the next virus you get could infect every USB thing plugged into your computer, rendering them compromised with no way to restore them, nor a way to accurately identify whether they even are compromised. Some of us will keep the devices and lose even more security, while others will have to replace most of their system because of a virus.

Watch out for USB devices on eBay once this gets out in the wild, and never let a stranger put a USB stick in your computer.

Hack Attack Underway

Hand is not ball! Our little site here is currently under attack from Russian hack-bots so I’ve started to take defensive measures. I’ve had to wipe out all user accounts and some of the various redirects that have built up over the years. You will need to make new accounts and bear with me through this crap. Fucking hackers, they are the worst.


m221145635-fembot2

If you imagine hackbots as fembots the day goes better


Don’t worry – none of this can affect you, your computer, or anything. It’s just a take-down on my site that redirects you to other servers for their profit exploitation. If you get through and are on WFNK.com then you are fine. It’s not a spoof or anything like that.

I’m seeing the hack when I try to access from a mobile browser – it was redirecting to .ru (russia) and then to abc.go.com. As of now it’s fixed but these things can be really hard to remove completely.


robots-fembots