Friday, June 2, 2017

Thoughts on Internet of Things and Security



Thoughts on Internet of Things and Security

Is your smart TV reporting on you to the NSA, CIA, FBI et al?  Is your refrigerator monitoring you?  Is Alexa doing more than playing music and turning on lights?  These would be considered ludicrous questions until recent revelations from Wikileaks reported and leaked procedures showing that The NSA and CIA had developed methods to exploit features in not only these but in many other, internet connected devices.  The Wikileaks revelations point up that such breaches of security are not only possible, but actually prevalent in our world of the “internet of things.”  This is not a conspiracy theory.  This is reality!

I’m not a cyber security expert, but I have worked in the field and have some fundamental expertise around computers and networks.  I also have explored the world of hacking to determine what is possible in this realm.  I cite several simple examples that don’t require complex computer code or other procedures as follows:  1.) I can hide and encrypt myself from prying eyes by accessing the internet using an external flash drive that I can carry in my pocket,  on any computer without leaving a trace.  2.) I can access unsecured or poorly secured internet connected devices of all types, all over the world.  Theoretically I could have accessed that DNC server if it were as unsecured as they say.  Podesta’s email server with “password” as the password would have been easy pickings.  So would Hillary’s email server in her basement if it wasn’t properly protected.  So would a power plant or major factory be easy to access if not properly protected, and not set up with just default passwords as many are .

The above does not require a PhD in cyber-security.  It doesn’t even require coding skills.  All it requires is a basic knowledge of computers, networks and systems, and some common sense and research skills.  This knowledge is available to curious researchers like me, as well as those with more nefarious ends like dealing dope, gun running, hacking the DNC, etc.  My point is that this is not esoteric or hidden information.  It is readily available with a little knowledge and perseverance.

It is worthy of note that if an old, slow curiosity seeker like myself can go about 70% of the way to completely hacking and affecting various world systems, what can the NSA, CIA, the Russian SVR, the Chinese PLA Unit 61398 and others with massive government resources accomplish in this regard.  While not advertised in the past, all countries have cyber warfare groups that are actively hacking the computer and network resources of other countries.

The whole issue of information security in our government and society has been brought into question by these recent leaks of information from our supposedly secret government agencies.   It’s no wonder that President Trump talks about his phones at Trump Tower being tapped.  It’s certainly easy enough to do.  If we don’t get a handle on all of this soon and stop the leaks of confidential information, the security which is supposed to protect our country and infrastructure will become as porous as our southern border has become over the last 30 years.  We simply cannot afford to be as exposed as we may be in the process of becoming to enemies like North Korea, Iran and others.

These links pertain.





Ray Gruszecki
April 7, 2017

No comments:

Post a Comment