|
Chalks posted:Alright angry about fridges guy, relax. I don't see what a smart network could tell my fridge about off peak hours that a clock telling it when it's 1 am couldn't. the precursor to smart grid appliances were ones that use RCC signaling to clock sync but that's utc so you have to set the time zone and people barely tolerate programming their microwave and stove so who the hell is going to do it on their fridge. and that does absolutely nothing for providing signalling for on/off peak rates to save you money or responding to brown out scenarios. are you actually interested in learning anything or are you just going to continue down this road?
|
#
?
Jan 17, 2017 23:39
|
|
|
|
| # ? May 17, 2024 14:16 |
|
|
Trabisnikof posted:Do CANBUS next! CANBUS I am more concerned about because there's a much more real potential impact for health and safety, there are fewer manufacturers/models/designs carried year to year so you're likely to be able to affect more things with higher impact at once, and once you break through the head unit and on to the canbus its pretty much open season for throwing the throttle wide open/locking up the brakes/whatever. but even that I don't think is super likely beyond isolated incidents. with that said, I'm grateful for researchers looking in to potential weaknesses in all of this stuff and forcing them to constantly update existing equipment and modify designs since it creates a moving target (har har) that makes it more difficult to cause widespread destruction
|
|
#
?
Jan 17, 2017 23:44
|
|
|
coordinated scada attacks on power generation/transmission infrastructure is the holy grail for crippling a country and I am surprised we haven't seen more of it beyond that incident in ukraine a year or two back
|
|
#
?
Jan 17, 2017 23:46
|
|
|
germany ... really though you wouldn't show large-scale capabilities of that nature publicly unless you were effectively at war, like ukraine
|
|
#
?
Jan 17, 2017 23:51
|
|
|
BangersInMyKnickers posted:did you even think through this attack scenario or just mash your rear end on the keyboard until words came out? sure, if the only connectivity is a single one-way link using that one protocol it makes it harder, though more realistically instead of a tower you'd just get some nerds in a car driving around the neighborhood wardriving-style. this also assumes these devices wouldn't come with a built-in internet connection for selling marketing data, but i guess that's not a given yet. also isn't zigbee generally bidirectional? would it be possible to infect via transmissions from an already infected device, mesh-network-style? (that last one is a legit question, i don't know if "zigbee for appliances" or whatever is different) BangersInMyKnickers posted:Okay, now you're on the zigbee network. Great. Good Job! So now you're lie to devices and tell them that either the peak/off-peak rates are inverted to generate extra load on peak so the utility has to fire up more peaking plants or buy off adjacent regions which costs them money and pisses them off, or maybe you put everyone's house in rolling brownout mode so all their AC dials back and the drier stops or something and you... minorly inconvenience people? yep all of this is not what i'm saying and i agree wouldn't make much sense BangersInMyKnickers posted:Or perhaps you are the ultra l33t hacker and find a vuln in their zigbee code that allows for arbitrary execution or firmware re-write in which case how many devices do you really think you have a chance of effecting at once? are you going to be able to actually do anything with the device or just brick it? every manufacturer, model, and model year of device presents another fragmentation point that makes widespread compromise not very realistic. good thing every manufacturer, model and model year of every device use the exact same two or three stock linux versions and software that came with the Broadcom SoC devkit and have never been updated ever BangersInMyKnickers posted:then you have to consider exactly how they integrate the zigbee radio and internal controls that can limit its ability to interact with the control logic of the device which would often make that type of attack impossible i agree devices can be easily designed to make this attack impossible or useless, my point is nobody cares about that because there's no visible consequence at this point
|
|
#
?
Jan 17, 2017 23:52
|
|
|
BangersInMyKnickers posted:its cheap poo poo by design but with the short range of the wireless signalling network and a plethora of manufacturers and models being rolled out all over the place the likelihood of a single wide-spread impact isn't that high. do you really think it is likely that all those devices will use different chips and totally unique custom software stacks? even across different manufacturers i would (again) bet money that we are going to see the exact same poo poo we've been seeing for years now in consumer routers and iot crap: they will all use cheapo misconfigured software stacks full of old non-updated FOSS stuff written in unsafe languages like C. "oh but the protocol is pretty limited"! sure that's great but even if it's very locked down, it will mean jack if these devices have any alternate communication modes, or if other devices (like laptops or iot crap) have the ability to talk to the appliances via that protocol, because then all it will take is someone to discover a flaw in the 7-year-old version of linux that all these things are running, or a misconfiguration that exists across the software stacks of the 3 most popular smart-grid middleware providers. and on that point, i have a hard time believing that appliance makers can resist the temptation to add in features like "manage your kenmore appliances from ANYWHERE IN THE WORLD with the kenmore app!" and bolting on some kind of wi-fi interface which is of course then managed by the same main CPU/SoC that also does the locked-down smart-grid protocol stuff
|
|
#
?
Jan 18, 2017 00:08
|
|
|
Wiggly Wayne DDS posted:germany ... yep https://www.wired.com/2015/01/german-steel-mill-hack-destruction/ quote:I’m referring to the revelation, in a German report released just before Christmas (.pdf), that hackers had struck an unnamed steel mill in Germany. They did so by manipulating and disrupting control systems to such a degree that a blast furnace could not be properly shut down, resulting in “massive”—though unspecified—damage. even though details have always been a bit vague about the incident, this is one of the primary reasons why i have been spending the past year dealing with industrial control poo poo want to know what scares me the most?  a fully-automated haul truck combine this with lack luster security in a lot of natural resource companies and you end up with a vehicle that can cause a lot of damage. the upside to these things is that typically nobody is going to try and get air in these suckers https://www.youtube.com/watch?v=8iYj4WJvcB0 which was this truck:  or try and drift them: https://www.youtube.com/watch?v=5kdrtOgJ6OA but it not out of the question that one could do some harmful poo poo with them
|
|
#
?
Jan 18, 2017 00:12
|
|
|
OSI bean dip posted:yep are you saying Killdozer might be a realistic scenario except instead of ghosts it will be computer ghosts because that would finally make terrible cyberpunk future cool again
|
|
#
?
Jan 18, 2017 00:17
|
|
|
Security Fuckup Megathread: IoT webcams suck, IoT dryers are totally cool though
|
|
#
?
Jan 18, 2017 00:23
|
|
|
OSI bean dip posted:
thunderbirds is so close to being real
|
|
#
?
Jan 18, 2017 00:31
|
|
|
invision posted:Security Fuckup Megathread: IoT webcams suck, IoT dryers are totally cool though Actually it is IoT vacuums that suck
|
|
#
?
Jan 18, 2017 00:59
|
|
|
hackingteam  : https://motherboard.vice.com/read/after-cellebrite-breach-hacking-team-lashes-out-against-vigilante-hackers
|
|
#
?
Jan 18, 2017 01:30
|
|
|
invision posted:Security Fuckup Megathread: IoT webcams suck, IoT dryers are totally cool though they're not internet devices at all, let alone internet of things devices.
|
|
#
?
Jan 18, 2017 01:33
|
|
|
fishmech posted:they're not internet devices at all, let alone internet of things devices.  But it has an ethernet port!
|
|
#
?
Jan 18, 2017 02:39
|
|
|
Lutha Mahtin posted:do you really think it is likely that all those devices will use different chips and totally unique custom software stacks? even across different manufacturers i would (again) bet money that we are going to see the exact same poo poo we've been seeing for years now in consumer routers and iot crap: they will all use cheapo misconfigured software stacks full of old non-updated FOSS stuff written in unsafe languages like C. "oh but the protocol is pretty limited"! sure that's great but even if it's very locked down, it will mean jack if these devices have any alternate communication modes, or if other devices (like laptops or iot crap) have the ability to talk to the appliances via that protocol, because then all it will take is someone to discover a flaw in the 7-year-old version of linux that all these things are running, or a misconfiguration that exists across the software stacks of the 3 most popular smart-grid middleware providers. and on that point, i have a hard time believing that appliance makers can resist the temptation to add in features like "manage your kenmore appliances from ANYWHERE IN THE WORLD with the kenmore app!" and bolting on some kind of wi-fi interface which is of course then managed by the same main CPU/SoC that also does the locked-down smart-grid protocol stuff I think the likely outcome is that for the sake of security the zigbee/whatever radio module will be kept as its own discrete component from the main control/firmware of the device with extreme limits on what can be passed between the two effectively neutering any ability to compromise it in a way beyond blasting garbage on the wireless link
|
|
#
?
Jan 18, 2017 03:13
|
|
|
ate all the Oreos posted:Um I clearly said clemency but what actually happened was sentence commuting therefore it doesn't count makes a big difference to her she's got ~30 years of "sorry but your federally mandated background check came back and says you did some uh 'ultra crimes'? new one on me but we just can't have that associated with us here at Billy Bob's bargain basement grease trap cleaning. sorry. *beep*" to look forward to
|
|
#
?
Jan 18, 2017 03:28
|
|
|
BangersInMyKnickers posted:for the sake of security I'll believe it when I see it
|
|
#
?
Jan 18, 2017 03:30
|
|
|
Munkeymon posted:makes a big difference to her yes im sure a felony on her record is going to be the biggest impediment she'll face in her job search
|
|
#
?
Jan 18, 2017 03:44
|
|
|
hackbunny posted:hackingteam i wonder if they're more careful about violating eu sanctions now or if they're just hoping they don't get busted again anyway i agree that you should only hack people who commit major crimes like being gay in sudan
|
|
#
?
Jan 18, 2017 03:48
|
|
|
Munkeymon posted:makes a big difference to her i think for better or worse chelsea manning will have a pretty large number of job offers at non-profits and other orgs wanting to exploit her visibility when she gets out the major concern i have is that she gets the mental help she needs addressing the very real PTSD and other issues she's going to have after dealing with the last seven years
|
|
#
?
Jan 18, 2017 03:56
|
|
|
PCjr sidecar posted:yes im sure a felony on her record is going to be the biggest impediment she'll face in her job search it's not but he can't wave a pen and cure psychological damage
|
|
#
?
Jan 18, 2017 03:58
|
|
|
pr0zac posted:the major concern i have is that she gets the mental help she needs addressing the very real PTSD and other issues she's going to have after dealing with the last seven years The major concern I have is that someone will hear about That Half Breed Muslin Terrist in the Black House letting his terrorist pervert pals free and deciding to rid Trump of a troublesome priest via high powered rifle.
|
|
#
?
Jan 18, 2017 04:21
|
|
|
flosofl posted:
Actually it's an RJ-45 connector port 
|
|
#
?
Jan 18, 2017 04:36
|
|
|
ate poo poo on live tv posted:Actually it's an RJ-45 connector port 8P8C
|
|
#
?
Jan 18, 2017 04:41
|
|
|
why is the left one licking the right one's head?
|
|
#
?
Jan 18, 2017 04:41
|
|
|
McGlockenshire posted:why is the left one licking the right one's head? Pretty sure it's a zombie having a snack.
|
|
#
?
Jan 18, 2017 04:51
|
|
|
PCjr sidecar posted:yes im sure a felony on her record is going to be the biggest impediment she'll face in her job search yeahhhhhhhhhhhhhhhhhhhhhhhhhhhh
|
|
#
?
Jan 18, 2017 05:47
|
|
|
pr0zac posted:i think for better or worse chelsea manning will have a pretty large number of job offers at non-profits and other orgs wanting to exploit her visibility when she gets out if you get pardoned for a crime that resulted in your being dishonourably discharged does the discharge change to an honourable one? if so, she could probably be covered by the VA. in theory. in reality dealing with the VA sucks enough when you aren't considered by the vast majority of the US military to be a traitor to America
|
|
#
?
Jan 18, 2017 06:30
|
|
|
she wasn't pardoned, her sentence was commuted
|
|
#
?
Jan 18, 2017 06:35
|
|
|
Kazinsal posted:if you get pardoned for a crime that resulted in your being dishonourably discharged does the discharge change to an honourable one? she wasn't pardoned, her sentence was commuted. she's still guilty.
|
|
#
?
Jan 18, 2017 06:35
|
|
|
oh welp yeah she's hosed but one of the ten thousand non profits that will offer her a position will almost certainly pay for her psych stuff
|
|
#
?
Jan 18, 2017 06:36
|
|
|
Lutha Mahtin posted:do you really think it is likely that all those devices will use different chips and totally unique custom software stacks? even across different manufacturers i would (again) bet money that we are going to see the exact same poo poo we've been seeing for years now in consumer routers and iot crap: they will all use cheapo misconfigured software stacks full of old non-updated FOSS stuff written in unsafe languages like C. "oh but the protocol is pretty limited"! sure that's great but even if it's very locked down, it will mean jack if these devices have any alternate communication modes, or if other devices (like laptops or iot crap) have the ability to talk to the appliances via that protocol, because then all it will take is someone to discover a flaw in the 7-year-old version of linux that all these things are running, or a misconfiguration that exists across the software stacks of the 3 most popular smart-grid middleware providers. and on that point, i have a hard time believing that appliance makers can resist the temptation to add in features like "manage your kenmore appliances from ANYWHERE IN THE WORLD with the kenmore app!" and bolting on some kind of wi-fi interface which is of course then managed by the same main CPU/SoC that also does the locked-down smart-grid protocol stuff zigbee devices and wifi internet of things devices are in very different worlds. a "powerful" edge device is running on something like a cortex m4, a m0 or an 8bit micro will be more typical. these edge devices will communicate with the power company's routers which hopefully has a backhaul over an air gapped network. those routers would certainly be vulnerable, but the edge devices don't seem like they'd be a very good target.
|
|
#
?
Jan 18, 2017 07:16
|
|
|
ate all the Oreos posted:she wasn't pardoned, her sentence was commuted. she's still guilty. technically a pardon implies guilt if you accept it as well (at least this is what Ford told himself so he could sleep at night)
|
|
#
?
Jan 18, 2017 07:46
|
|
|
BangersInMyKnickers posted:the precursor to smart grid appliances were ones that use RCC signaling to clock sync but that's utc so you have to set the time zone and people barely tolerate programming their microwave and stove so who the hell is going to do it on their fridge. and that does absolutely nothing for providing signalling for on/off peak rates to save you money or responding to brown out scenarios. are you actually interested in learning anything or are you just going to continue down this road? That's actually pretty interesting info, so thanks. I still imagine a world where everyone has a smart meter and everyone has an appliance with one of these ports on the back, but 90% of them aren't plugged into anything/don't function but I guess we're going to have to agree to disagree on the whole consumer laziness front. pr0zac posted:i think for better or worse chelsea manning will have a pretty large number of job offers at non-profits and other orgs wanting to exploit her visibility when she gets out If she's up to it I imagine she could make a living from professional speaking or even writing a book, she's got the profile and a unique experience for it - although I wonder whether she'll be under any restrictions when it comes to talking to people about what happened. That could really impact her ability to get a job. As you say, I hope at the very least she get's therapy for coming to terms with the hell she's clearly been through as a result of this. I always thought that where Snowden may have leaked things with a pretty solid plan about how things were going to go down, Manning always struck me as someone who was rather naive about the chances of getting caught and the consequences. Chalks fucked around with this message at 09:33 on Jan 18, 2017 |
|
#
?
Jan 18, 2017 09:24
|
|
|
BangersInMyKnickers posted:I think the likely outcome is that for the sake of security the zigbee/whatever radio module will be kept as its own discrete component from the main control/firmware of the device with extreme limits on what can be passed between the two effectively neutering any ability to compromise it in a way beyond blasting garbage on the wireless link on one had, we could separate these two components for security purposes. on the other we could combine them and save fractions of a penny per device.
|
|
#
?
Jan 18, 2017 09:31
|
|
|
Wheany posted:on one had, we could separate these two components for security purposes. on the other we could combine them and save fractions of a penny per device. Jesus gently caress this derail is getting so tiring. The whole idea is that if the device knows some poo poo's going down with the electrical grid that choices will be made with regard to power consumption. The whole thing is to save on power when it's most loving expensive. The whole thing is meant to save everybody money. Whether those savings actually trickle down is something I really doubt, but it's a possibility. Putting another device outside the device that needs to make decisions won't loving do anything. The device itself still needs to use the information to make decisions so it's still going to need a tiny chip reading the input and doing that calculation the same as is already happening. In your scenario we don't shave fractions of a penny. We double the cost because now you need your washer to interface with a separate thing that then interfaces with a packet from the electrical grid saying, "yo poo poo's gently caress, spin cycle later, bitch or enjoy the extra $1.00 on your electric bill" in the name of some nebulous concept of security. That RJ45 jack isn't doing ethernet. It's not a loving botnet. Pull your heads out of your asses for just a moment. IoT is poo poo. This has nothing to do with IoT. It has to do with everybody trying as hard as loving possible to save  and electricity on every side.I know this thread is for insufferable assholes who think they know better (me included), but please everybody just listen to Fishmech and Shaggar for once. One's good cop, one's bad cop.. they both agree! ErIog fucked around with this message at 11:57 on Jan 18, 2017 |
|
#
?
Jan 18, 2017 11:51
|
|
|
yeah but someone will still gently caress it up somehow and then we will all have a good laugh.
|
|
#
?
Jan 18, 2017 12:00
|
|
|
cheese-cube posted:yeah but someone will still gently caress it up somehow and then we will all have a good laugh. Guarantee they will, but right now there's so much more IoT low-hanging fruit than a loving washer nobody will ever plug an RJ-45 into because the standards won't exist for years. Let's all talk about it in 2022.
|
|
#
?
Jan 18, 2017 12:10
|
|
|
agreedo. also assuming that whatever is on the other end of rj45 jack speaks ethernet is a kind of dumb assumption
|
|
#
?
Jan 18, 2017 12:24
|
|
|
|
| # ? May 17, 2024 14:16 |
|
|
ErIog posted:Jesus gently caress this derail is getting so tiring. The whole idea is that if the device knows some poo poo's going down with the electrical grid that choices will be made with regard to power consumption. The whole thing is to save on power when it's most loving expensive. The whole thing is meant to save everybody money. Whether those savings actually trickle down is something I really doubt, but it's a possibility. nice meltdown
|
|
#
?
Jan 18, 2017 12:29
|
|