Article 2 Discussion: Submission Preview

A completely heretofore unseen attack surface has been exposed... your device's sensors.

More specifically, the capacitive Micro-Electro-Mecahnical Systems (MEMS) accelerometers that are embedded in smart phones, GPS units, Smart Cars, etc.

Traditionally, the security philosophy is that sensor input must always be true... trust what your sensor sees. So they made administrative access to their device difficult (passwords, biometrics, etc) but did not tamper with nor hamper sensor input.

Enter the new method of hacking... Sonic Cyberattacks.

Yep. Sounds like it's right out of Science Fiction... but as it turns out, there have been successful proof-of-concept tests that prove using various types of sound waves, you can acoustically feed malevolent input to a device's sensor system and remotely affect operation of a smart device.

This includes, obviously, your phone. But it's much worse. It's in our cars. It's in personal wearable technology, like fitness training monitors. It's in pacemakers... to think you can literally hack someone's heart rhythm or worse, stop it.

In fact, so many objects from the “Internet of Things” have embedded sensors in them that they increase the likelihood of network or system penetration because of the sheer number of “attack surfaces” or vectors of intrusion presented to the hacker.

This is merely the latest version of tech-hack, and novel as well; it bypasses the traditional administrative or operational software hack and instead, attacks the brain directly. It would be akin to someone being able to literally control your mind through your eyes.

There has already been a proof of concept test wherein a moving vehicle had its engine remotely killed while the driver was in it. This is not with some future driver-less car. This was in a standard Jeep Cherokee driving on the road today.

Security methods are having a tough time keeping up with cyber attacks. Between our own electronics snooping on us, reporting on us, and allowing Big Brother to peek in our keyholes, each new "Smart" device is becoming another liability to our privacy and safety. "Smart" phones, indeed.

<a href="http://www.homelandsecuritynewswire.com/dr20170319-sonic-cyberattacks-expose-security-holes-in-ubiquitous-sensors">New Attack Surface To Hack Into Exposed</a>
A completely heretofore unseen attack surface has been exposed... your device's sensors.
More specifically, the capacitive Micro-Electro-Mecahnical Systems (MEMS) accelerometers that are embedded in smart phones, GPS units, Smart Cars, etc.
Traditionally, the security philosophy is that sensor input must always be true... trust what your sensor sees. So they made administrative access to their device difficult (passwords, biometrics, etc) but did not tamper with nor hamper sensor input.
Enter the new method of hacking... Sonic Cyberattacks.
Yep. Sounds like it's right out of Science Fiction... but as it turns out, there have been successful proof-of-concept tests that prove using various types of sound waves, you can acoustically feed malevolent input to a device's sensor system and remotely affect operation of a smart device.
This includes, obviously, your phone. But it's much worse. It's in our cars. It's in personal wearable technology, like fitness training monitors. It's in pacemakers... to think you can literally hack someone's heart rhythm or worse, stop it.
In fact, so many objects from the “Internet of Things” have embedded sensors in them that they increase the likelihood of network or system penetration because of the sheer number of “attack surfaces” or vectors of intrusion presented to the hacker.
This is merely the latest version of tech-hack, and novel as well; it bypasses the traditional administrative or operational software hack and instead, attacks the brain directly. It would be akin to someone being able to literally control your mind through your eyes.
There has already been a <a href="https://www.wired.com/2015/07/hackers-remotely-kill-jeep-highway/">proof of concept test</a> wherein a moving vehicle had its engine remotely killed while the driver was in it. This is not with some future driver-less car. This was in a standard Jeep Cherokee driving on the road today.
Security methods are having a tough time keeping up with cyber attacks. Between our own electronics snooping on us, reporting on us, and allowing Big Brother to peek in our keyholes, each new "Smart" device is becoming another liability to our privacy and safety. "Smart" phones, indeed.

CHRIS GOEBEL

Pat...

It's posts like yours that keep conspiracy nuts like me awake at night! Have you no heart?

I'm torn between hating and liking the fact that all this secret information has been leaked, be it Wikileaks or Snowden.

On the one hand, I still don't believe a thing the government spooks say about what they'll look at and what they won't. I think it's wrong for our own government to vacuum up wholesale phone calls, texts, emails, web sites visited, or google searches of every person on the planet.

They keep saying "oh, we'll only look at it if you become a target of interest. However, it is stored forever. There's no "trash" date. My personal "unlooked at" data will be stored forever in whatever government database deep at the core of the earth there is. And their "no peek" policy is only as good as the current dictator in charge. Or worse, who even knows how well protected those gazillion jigabytes of data are? Maybe the government WON'T look at it.

But the scumbag who hacks into the government's snooping database will. Because we all know just how well the US government is at protecting sensitive information. Just ask the Chinese. Or the Russians, if you believe the DNC.

And just because they say that their software is "only designed for targeted attacks, not wholesale collection.." yeah, that makes me feel so much better. That they CAN hack my private life and SPECIFICALLY target me doesn't help me get any more sleep than when I was randomly being scooped up.

I know I'm a prime candidate for the foil hat, but are you still paranoid if they really ARE out to get you???"

Yeah. I think stamps and envelopes are going to come back in style. In fact, I really think that human couriers will make a comeback for those who have deeply sensitive information to transport and can afford to keep it safe. There is nothing electronic that is safe anymore.

Pat...
It's posts like yours that keep conspiracy nuts like me awake at night! Have you no heart?
I'm torn between hating and liking the fact that all this secret information has been leaked, be it Wikileaks or Snowden.
On the one hand, I still don't believe a thing the government spooks say about what they'll look at and what they won't. I think it's wrong for our own government to vacuum up wholesale phone calls, texts, emails, web sites visited, or google searches of every person on the planet.
They keep saying "oh, we'll only look at it if you become a target of interest. However, it is stored forever. There's no "trash" date. My personal "unlooked at" data will be stored forever in whatever government database deep at the core of the earth there is. And their "no peek" policy is only as good as the current dictator in charge. Or worse, who even knows how well protected those gazillion jigabytes of data are? Maybe the government WON'T look at it.
But the scumbag who hacks into the government's snooping database will. Because we all know just how well the US government is at protecting sensitive information. Just ask the Chinese. Or the Russians, if you believe the DNC.
And just because they say that their software is "only designed for targeted attacks, not wholesale collection.." yeah, that makes me feel so much better. That they CAN hack my private life and SPECIFICALLY target me doesn't help me get any more sleep than when I was randomly being scooped up.
I know I'm a prime candidate for the foil hat, but are you still paranoid if they really ARE out to get you???"
Yeah. I think stamps and envelopes are going to come back in style. In fact, I really think that human couriers will make a comeback for those who have deeply sensitive information to transport and can afford to keep it safe. There is nothing electronic that is safe anymore.

CHRIS GOEBEL

Great find, Dylan!

I'm amazed at how little attention was paid to the whole Yahoo debacle. Yes, it was reported; maybe even front page news for a day. But then it just disappeared. But we can talk about some idiotic Trump tweet for weeks.

Not only did Yahoo get breached once (and that being one of, if not THE biggest data heist ever) but then were scooped yet again shortly thereafter.

Either the information isn't getting out effectively enough that Yahoo is tainted goods, or, people know and simply don't care or understand the ramifications.

I tell everyone I see with a yahoo account to change their e-mail, change all their passwords, and change their security questions. Most tell me they haven't, and that they're guilty of using the same passwords all over the place. They also don't go back and change their security questions either. Why? because your mom's name didn't change. Your first car didn't change. Your childhood friend didn't change. People are terrible creatures of habit. I don't like to answer the questions when the website is the one that can pick them. I prefer to choose my own question, then I can use my "open password" system to remind me what my password was for that site.

If you're not changing your passwords to something long and complex, and putting different ones everywhere, you are a target waiting to happen. I used to not care so much, but the more I learn about this subject, the more I don't like to tempt fate. If I DO get hacked, it won't be for lack of trying to keep myself safe!

Great read.

Chris

Great find, Dylan!
I'm amazed at how little attention was paid to the whole Yahoo debacle. Yes, it was reported; maybe even front page news for a day. But then it just disappeared. But we can talk about some idiotic Trump tweet for weeks.
Not only did Yahoo get breached once (and that being one of, if not THE biggest data heist ever) but then were scooped yet again shortly thereafter.
Either the information isn't getting out effectively enough that Yahoo is tainted goods, or, people know and simply don't care or understand the ramifications.
I tell everyone I see with a yahoo account to change their e-mail, change all their passwords, and change their security questions. Most tell me they haven't, and that they're guilty of using the same passwords all over the place. They also don't go back and change their security questions either. Why? because your mom's name didn't change. Your first car didn't change. Your childhood friend didn't change. People are terrible creatures of habit. I don't like to answer the questions when the website is the one that can pick them. I prefer to choose my own question, then I can use my "open password" system to remind me what my password was for that site.
If you're not changing your passwords to something long and complex, and putting different ones everywhere, you are a  target waiting to happen. I used to not care so much, but the more I learn about this subject, the more I don't like to tempt fate. If I DO get hacked, it won't be for lack of trying to keep myself safe!
Great read.
Chris