Friday, May 13, 2011

Book Review: When Gadgets Betray Us

How do our gadgets "betray" us?  Find out in this new book by Robert Vamosi.

We are surrounded by all kinds of electronic equipment.  Some of them may be obvious to us, others, unknown to us.  Nevertheless, we, as modern humans, are the most watched and tracked people in the history of the world.

Kindle eBook
Common Tech Problems,
Windows, OS X

What is this book about?  It is about security.  Gadgets "betray" us in the sense that they do things which may be a surprise to those who use them. Vamosi explains it this way,
When Gadgets Betray Us, if you haven’t already guessed, is a book about breaking things and not necessarily putting them back together. It is about hardware hacking, a relatively new area of research and concern: how our cars are vulnerable to attack, how our mobile phone conversations can be intercepted, how our contactless credit cards, driver’s licenses, and passports can all be copied at a distance. The addition of basic authentication and strong encryption to most hardware would significantly reduce the vulnerabilities described in this book; yet, hardware manufacturers have so far shown little interest in securing their gadgets. Only by being more aware of the risk can consumers choose wisely.
Vamosi hopes that his book will increase the likelihood that a dialogue will occur between product manufacturers and the research community. By the research community he means community of hackers in the world. The fear Vamosi expresses is that with the advent of "hardware hacking," many of the products people purchase can easily relay information about us to others that we are not aware of. He also sees this new type of hacking as a danger to the national security of countries.

He attributes this to a lack of security protocols being adopted by hardware manufacturers, or if security protocols are adopted, they are outdated and easily compromised. Although many examples are given, and some in great detail, the most alarming one is concerning the new electrical smart grid that is being built in America. He states,
“With the advancement of the ‘Smart Grid’ and AMR systems, without the proper security precautions, the electric grid is now more vulnerable than ever,” said Jonathan Pollet, founder of Red Tiger Security.24 Speaking at Black Hat USA 2010, Pollet said that his company conducts penetration tests for utilities in which he and his team, with the permission of the utility, attempt to hack their way inside. After one hundred such assignments, his company logged over 38,000 software vulnerabilities in the operating systems used on the SCADA networks. He also found a number of personal, commercially available software applications such as BitTorrent on these systems; the personal software may have vulnerabilities as well.
In case you do not know what SCADA stands for, it is the software protocol that has been used for years to control industrial machinery throughout the world. This industrial machinery extends to essential infrastructure like electricity, gas and water treatment, oil, wind farms, and large communication systems.

He then moves on to devices used to capture cell phone messages and conversations. Apparently, GSM systems used by such companies as AT&T and T-Mobile, as well as the majority of cell phone carriers worldwide, are vulnerable to "man in the middle attacks." This is due according to Vamosi to the old security protocols that GSM systems now use which have been hacked a long time ago (A5/1 first created in 1988, first hacked in 1998). His argument is that companies like AT&T hope that the obscurity of these hacks for these older security protocols, will not be available for most people, and, although this may be true, the new breed of cybercriminal will have access to them. Once the hacker gets control of your GSM phone, he can then control the camera and the microphone towards whatever purpose he might wish including to eavesdrop on a conversation, even when the phone is off. Very interesting reading on this subject. This reminds us of the scene in the film The Dark Knight where Batman has set up all the cell phones in Gotham City to act as a sonar network unbeknownst to those carrying them. There is a rather interesting discussion here on the subject. Another variant is to use cell phones to spot high levels of radiation. Some believe it could be done. We include a video of the short scene in the movie to remind our readers. If you cannot see the embedded video, here is the link:

If you want to see much more detailed information, we provide an hour long video of a hacking conference with well known hackers, Marcel Holtmann, Martin Herfurt and Adam Laurie. If you cannot see the embedded video here is the link:

Vamosi also speaks about the public surveillance cameras used in the UK. This supposed powerful system can be easily compromised by those who know what they are doing. Vamosi cites the work of a man named Adrian Pastor.
...Adrian Pastor’s research in the United Kingdom has focused on public street-corner surveillance systems used in that country. Using this combined work, attackers could bypass both a street-corner security camera and internal security cameras so that local law enforcement wouldn’t see them coming and going or what they did while inside. Remarkably, both sets of attacks could be pulled off remotely by someone not physically near the building being robbed.
So much for the vaunted "security" surveillance of the UK!

If you wish for some more shockers as to how cars can be controlled, we will quote Vamosi.
With the right software, such as Martin Herfurt’s Car Whisperer, you can hear conversations held in the Bluetooth-enabled car ahead of you when the driver’s mobile phone is not in operation. In other words, the Car Whisperer can eavesdrop on conversations. You only need a Bluetooth USB, an antenna, and a Linux computer. The Car Whisperer can also inject audio into a car’s speaker system, such as “Attention! This is the police. Please pull over now and come out with your hands up.”
We have only covered a small portions of the things discussed in this book. If you are interested in how your technology can be controlled without you knowing it, we strongly recommend this book.

1 comment:

Anonymous said...

Rather! This was a very fantastic article. Thanks on your offered details.