Slashdot is powered by your submissions, so send in your scoop

 


Forgot your password?
Close
typodupeerror
×
Security Technology

Consumer Device Hacking Concerns Getting Lost In Translation 100

Posted by samzenpus from the tell-him-about-the-twinkie dept.
ancientribe writes "Hackers who hack insulin pumps, heart monitors, HVAC systems, home automation systems, and cars are finding some life-threatening security flaws in these newly networked consumer devices, but their work is often dismissed or demonized by those industries and the policymakers who govern their safety. A grass-roots movement is now under way to help bridge this dangerous gap between the researcher community and consumer product policymakers and manufacturers. The security experts driving this effort appealed to the DEF CON 21 hacking conference audience to help them recruit intermediaries who can speak both hacker and consumer product and policy."
This discussion has been archived. No new comments can be posted.

Consumer Device Hacking Concerns Getting Lost In Translation More

Consumer Device Hacking Concerns Getting Lost In Translation

Comments Filter:

  • Re:Hey, Look what I can do! (Score:5, Interesting)

    by azalin ( 67640 ) on Friday August 09, 2013 @04:06AM (#44518059)
    I have to agree to that. I large companies it is rather hard to find someone to listen to you AND in a position to actually change something. Even if the company knows about the problem, they will probably either ignore it, or find the cheapest way to make it disappear. Probably a new software module in the 2016 model.
    If the information gets public though, they can't deny knowledge of the problem and become liable. I do believe companies should get a warning and some time to find a proper solution, not for them, but for those affected by their products, but that warning should include a deadline.
    Oh and I consider it completely irresponsible, stupid and dangerous to go after the hackers and charge them with computer crimes.

  • The problem with some of these devices is ... (Score:4, Interesting)

    by Ihlosi ( 895663 ) on Friday August 09, 2013 @04:20AM (#44518117)
    ... that making them hack-proof is equivalent to locking a fire extinguisher in a secure cabinet. Sure it's secured against misuse, but it's also no longer easily available when it's needed in an emergency.

    You can "hack" any pacemaker with a strong enough magnet, for example. It's the standard method for putting the things in their emergency mode. "Securing" this mode would make it more complicated to activate in case of a real emergency and kill people this way.

  • Re:What are you afraid of? (Score:5, Interesting)

    by SuricouRaven ( 1897204 ) on Friday August 09, 2013 @06:21AM (#44518411)

    Murder is easy. Getting away with it is hard. If the old guy with a heart condition drops dead from apparent heart failure, who is going to even suspect murder?

  • The manufacturers are correct... (Score:5, Interesting)

    by evilviper ( 135110 ) on Friday August 09, 2013 @06:41AM (#44518453) Journal

    How did Ford and Toyota react? They publicly dismissed the research and thus far haven't committed to fixing any of the weaknesses that Miller and Valasek found. Ford described the hacks as "highly aggressive direct physical manipulation of one vehicle ... which would not be a risk to customers," while Toyota said in its statement that their work wasn't hacking. Miller, who is a security engineer at Twitter, says he isn't confident the car-makers will do anything about the flaws. Percoco says the car-hacking research was a good example of finding important security flaws in consumer products.

    If that's "a good example" I'd hate to see all the other ones. Ford and Toyota representatives were the only rational and reasonable voices, and absolutely correct that the "hacking" in this case, involved SITTING IN THE BACK SEAT AND PLUGGING IN TO THE CAR. What do we say around here about having physical access to someone else's computer?

    Some idiot reporters like the NYTimes article threw-in the word "remote" to describe the attacks, when it clearly didn't belong. Though to be fair, later mentioned that, "The researchers said they did not address the question of the defenses the cars might have against remote access."

    So this being the only actual referenced example in TFA, is a lot of baseless BS fear-mongering, and we are left without any reason to believe a problem actually exists.

  • evidence suggests that's rare, headline grabbing (Score:5, Interesting)

    by raymorris ( 2726007 ) on Friday August 09, 2013 @07:12AM (#44518515) Journal
    Looking at any major CVE list, it seems most significant issues are fixed rather quickly. When a researcher or self-centered asshole doesn't get quite the response they want, those are the cases that get a headline on Slashdot a few times per year. Slashdot doesn't report on the 20 or so per day that go through the standard process and are resolved appropriately.

    To me, that sounds a lot like saying "couples facing divorce almost always murder each other" because those that end in murder are the ones you still hear about years later. (Reiser, for example.). That ignores the hundred divorce cases every day that are either amicable or simply not newsworthy because nothing interesting happens.

    My own experience with reporting a few issues matches what I see in the CVEs - they've been addressed quickly and professionally. The BIG one I found had replacement Debian packages out within 48 hours. Wikipedia was patched to fix the vulnerability I found within 24 hours.

Slashdot Top Deals

Machines have less problems. I'd like to be a machine. -- Andy Warhol

Close