Something I’ve seen coming for a while, but now is more openly admitted.
The “intelligent grid” and “smart car” is a very dumb idea.
This is also why I don’t have an iPhone or similar “smart phone”.
Basically, I know too much about how those devices can be used against my best interests. It would seem that the C.I.A. knows too:
The CIA wants to spy on you through your TV: Agency director says it will ‘transform’ surveillance
Devices connected to internet leak information
CIA director says these gadgets will ‘transform clandestine tradecraft’
Spies could watch thousands via supercomputers
People ‘bug’ their own homes with web-connected devices
By Rob Waugh
PUBLISHED: 08:20 EST, 16 March 2012 | UPDATED: 08:55 EST, 16 March 2012
When people download a film from Netflix to a flatscreen, or turn on web radio, they could be alerting unwanted watchers to exactly what they are doing and where they are.
Spies will no longer have to plant bugs in your home – the rise of ‘connected’ gadgets controlled by apps will mean that people ‘bug’ their own homes, says CIA director David Petraeus.
The CIA claims it will be able to ‘read’ these devices via the internet – and perhaps even via radio waves from outside the home.
Everything from remote controls to clock radios can now be controlled via apps – and chip company ARM recently unveiled low-powered, cheaper chips which will be used in everything from fridges and ovens to doorbells.
The resultant chorus of ‘connected’ gadgets will be able to be read like a book – and even remote-controlled, according to CIA CIA Director David Petraeus, according to a recent report by Wired’s ‘Danger Room’ blog.
Petraeus says that web-connected gadgets will ‘transform’ the art of spying – allowing spies to monitor people automatically without planting bugs, breaking and entering or even donning a tuxedo to infiltrate a dinner party.
‘Transformational’ is an overused word, but I do believe it properly applies to these technologies,’ said Petraeus.
‘Particularly to their effect on clandestine tradecraft. Items of interest will be located, identified, monitored, and remotely controlled through technologies such as radio-frequency identification, sensor networks, tiny embedded servers, and energy harvesters – all connected to the next-generation internet using abundant, low-cost, and high-power computing.’
I have a relatively dumb TV with a non-interactive satellite download-only box. It is NOT connected to the phone line (despite repeated pleas to do so during the set up script). I have a relatively dumb cell phone (and wish it were dumber. Eventually I’ll need to ‘roll my own cell phone’, but it ought not to be too hard, as there are many other folks doing that work). I’m in the process of securing my compute environment, as it has gotten too insecure to be used for anything that matters (for the typical Microsoft products). My car has NO computer, and I’ll not be buying one with any of: Advanced computing (at most a dumb process control chip on the engine), radio connection, microphone built in, black box (i.e. no new cars). That is, just say NO to GM and OnStar.
I’ll also never connect any kind of kitchen or wash room appliance to any internet connection. I have a 12 kv transformer and I know how to use it ;-) I can also isolate my internal power distribution from any “internet over the power plug” system (and will should it become necessary). Nobody but me needs to know that I like a midnight snack… or that I’ve not been home for a week…
Microsoft “is not helping”. The latest thing I ran into was while getting decent at BitTorrent and downloading a bunch of Linux distributions (including discovering that Debian has an ARM release!) BitTorrent has a button to turn on / download IPv6 tunneling code. As that puts a globally unique ID to your computer and distributes it globally, bypassing any security you might have from a NAT Network Address Translation gateway (via punching a hole through it) I was “less than enthused”. It had been a while since I’d looked at IPv6 and what was happening, so I looked just a bit. Seems Microsoft has turned on such tunneling / NAT busting by default. (I turned it off on my laptop on discovering that…)
It wasn’t in quite the place they said in that article. (Microsoft loves to keep moving the controls so you can’t know how to shut off their crap…) But eventually I found where the two controls had been moved and shut them off. Why? Because I want my NAT to be a security barrier. I do not want anyone punching holes in that security without telling me.
Teredo increases the attack surface by assigning globally routable IPv6 addresses to network hosts behind NAT devices, which are otherwise mostly unreachable from the Internet. By doing so, Teredo potentially exposes any IPv6-enabled application with an open port to the outside. However, such a vulnerability is an intrinsic effect from NAT traversal. Teredo also exposes the IPv6 stack and the tunneling software to attacks should they have any remotely exploitable vulnerability.
The Microsoft IPv6 stack has a “protection level” socket option. This allows applications to specify whether they are willing to handle traffic coming from the Teredo tunnel, from anywhere except Teredo (the default), or only from the local Intranet.
Firewalling, filtering, and blocking
For a Teredo pseudo-tunnel to operate properly, outgoing UDP packets must not be filtered. Moreover, replies to these packets (i.e. “solicited traffic”) must also not be filtered. This corresponds to the typical setup of a NAT and its stateful firewall functionality.
Teredo tunneling software will detect a fatal error and stop if outgoing IPv4 UDP traffic is blocked. Also, blocking of outgoing traffic to UDP port 3544 can interfere with Teredo activity.
DoS via routing loops
Some new methods to create denial of service attacks via routing loops using Teredo tunnels have been uncovered recently. They are relatively easy to prevent.
Yeah, not exactly the worst hole in security to have (using Internet Explorer with automatic updates turned on and loads of ‘plug-ins’ like Java and Flash and more, pretty much leaves you wide open…) so not high on the list of worries… yet… BUT the last thing you want is a “Day Zero” attack on an IPv6 stack that you didn’t want to be using anyway…
It’s just THAT kind of thing that I do not want to be happening with my refrigerator and microwave oven…nor do I want to ‘discover’ at an ‘unfortunate’ time that a kid hacking around from Beijing has found a neat way to to shift cars into reverse via remote control of the transmission computer or turn off the engine remotely while I’m about 1/2 way through passing a semi-truck up hill in the mountains…
I’m sure eventually this particular bit of stupidity will eventually pass, but “until that day”, I can decline to participate… Just say “NO!” to the “smart grid”, and “smart appliances” and “smart cars”, and internet connected everything. They are just a dumb idea…