Who’s Watching You?


A State of (in)Security

This year's Black Hat convention in Las Vegas was an unusually tense event. National Security Advisor D.G. Keith B. Alexander was openly heckled from the crowd, one delegate shouting at him “you lied to Congress - how do we know you’re not lying now”, while the Guardian newspaper released new information from Edward Snowden, fuelling discussions about a secret internet surveillance program called XKeyscore which can snoop on  “nearly everything a typical user does on the Internet”.

But the really scary news was about Smart Devices. Expert panelist SeungJin Lee from Korea showed how cameras and microphones on smart TVs can be turned into state-of-the-art snooping devices by malicious hackers. Sobering, considering about 80 million such devices were sold worldwide last year. As Lee commented: "I don't care about being watched, but I worry about my family and my girlfriend."

Femtocells – who’s listening in?

Then came the bad news about Femtocells. Ever heard of them?  Well, they’re all around us. Originally developed as a solution to the ‘bad connection problem’ they boost cellular reception in homes and offices by letting phones connect themselves into chains. Delegate Tom Ritter caused a decided stir when he told the audience (many of them I.T. experts):   "Your phone will associate with a femtocell automatically and without your knowledge … you don't have a choice. In fact, there may be some of you with phones that are connected to our network right now. . . . and you won’t even be aware."

 Referring to warning notices posted on the doors leading into the session room, he added: "The signs out front are not just for show. You might want to put your phone in airplane mode."

 Live demonstrations on stage then showed the audience how voice traffic, text messages and the data transmission of a digital image could be  intercepted and played back. The original vulnerability, which Samsung says has since been patched, affects possibly a third of all American cellphones, including products made by Apple.   

Industry at risk from wireless attack

 Later, two delegates showed how it is possible to wirelessly attack a factory’s control system – from as far as sixty kilometers away.  Researchers Lucas Apa and Carlos Penagros explained that the embedded control systems used to operate valves, sensors and the like in industry often employ wireless communication. There are cryptographic vulnerabilities in these wireless networks that can be exploited by attackers, who, one they have broken into the wireless network, can take control of those key parts of the factory – valves and sensors. And the really bad news – these are considered non-commercial systems, and many have not been patched – affecting facilities all over the world. "We are talking about (people) generating big monetary losses or causing explosions," Apa concluded.

How this affects You

 While researching this article, I was wondering how it would be received. Would people read it, or would they simply shrug their shoulders and say – this is not my problem, I’m just a user, please – give me a break.

But – it IS your problem. You bought the device, you use it, and, if you read the fine print – you carry the can. As end users, our only recourse is to put pressure on manufacturers to clean up their act, in some cases to get their act together, and to be a lot more honest with us. More and more I get the feeling that while they concentrate on making money, we the users are treated like children – left to play in a digital minefield.

And that had me thinking about Ralf Nader. Remember him? Far too many people have forgotten what he did, and that we consumers all owe him a huge debt of thanks.  He first criticized the automobile industry in 1959 in an article, "The Safe Car You Can't Buy", and later wrote the book Unsafe at Any Speed, in which he asserted that many American automobiles were unsafe to operate.

See the parallels?  In the 1960’s it was unsafe automobiles. Today it’s computers, the internet and smart devices. But the essential issues remain the same: Consumers are entitled to a fair deal. And that includes security.  But we'll only get it if we all start putting pressure on manufacturers and resellers.

 Want to refresh your memory about Mr Nader and the consumer consciousness movement: Follow this link:    http://en.wikipedia.org/wiki/Ralph_Nader