slides.org (Stationary): Add Smart TV et. al. IoT
parent
f7de5bc7aa
commit
fac26e2804
Binary file not shown.
After Width: | Height: | Size: 363 KiB |
|
@ -29,3 +29,8 @@ e52d8250d9a98ae68a68a758e1421231aebd4933cc44bc5a2364222984e1ee7f oracle-id-fuu.
|
|||
cbf3495473a9b111b3ba9723d5ebb9476bd6abf9bf3af711bdbe803baf98067f target-logo.png
|
||||
0a47a1e0b74fa4ec168d935357081a6d15e55ba77edad483ecb7fe14c3f6f4dc trustev-graph.png
|
||||
566c10d0004fda789b9fba51f6700003524e061ec169bd9e08ee431e52fb4e43 nsa-spying.png
|
||||
4a27e17ef1396b982c85ca3f9cb768a9c61fdcf9d7c957bd5ffdadafafc50576 wikileaks.png
|
||||
0bfcdb6c578364279acf01795a5c0d85562c3882d30a618eb59a540904256777 cia-logo.png
|
||||
b175a0098b0473009587d312a497c317de02c2f38e5bdf7df8ea77f6e86818c5 lgtv-pwnd.png
|
||||
f9e8e3dcf3d383399bad9d1ebc52e156a74d32555166be50c8a027ebe17be69f amazon-echo.jpg
|
||||
e8e2401984351071453d07d23b75bcd67e430b9cce89c210797772f1e85bca29 the-onion-logo.png
|
||||
|
|
|
@ -29,3 +29,8 @@ palantir.png https://web.archive.org/web/20170319035510/https://www.palantir.com
|
|||
target-logo.png https://web.archive.org/web/20170319055701/https://upload.wikimedia.org/wikipedia/commons/thumb/c/c5/Target_Corporation_logo_%28vector%29.svg/240px-Target_Corporation_logo_%28vector%29.svg.png
|
||||
trustev-graph.png https://web.archive.org/web/20170319060719/http://www.trustev.com/hs-fs/hubfs/JANUARY-2016/Technology/r-feb-t-circle1.png?t=1473256538000&width=1788&name=r-feb-t-circle1.png
|
||||
nsa-spying.png https://web.archive.org/web/20170321034321/https://mikegerwitz.com/images/eff-nsa-spying.png
|
||||
wikileaks.png https://web.archive.org/web/20170321044026/https://wikileaks.org/static/gfx/wlogo-sm.png
|
||||
cia-logo.png https://web.archive.org/web/20170321044107/https://wikileaks.org/ciav7p1/logo.png
|
||||
lgtv-pwnd.png https://web.archive.org/web/20170322025944/https://www.bleepstatic.com/content/posts/2016/12/28/DarrenCauthonTV.jpg -scale 80%
|
||||
amazon-echo.jpg https://web.archive.org/web/20170322034016/https://upload.wikimedia.org/wikipedia/commons/thumb/5/5c/Amazon_Echo.jpg/208px-Amazon_Echo.jpg
|
||||
the-onion-logo.png https://web.archive.org/web/20170322042646/http://assets2.onionstatic.com/onion/static/images/onion_logo.png
|
||||
|
|
87
sapsf.bib
87
sapsf.bib
|
@ -1123,3 +1123,90 @@
|
|||
url = {https://www.eff.org/nsa-spying},
|
||||
urldate = {2017-03-20},
|
||||
}
|
||||
|
||||
@online{eff:samsung-tv-policy,
|
||||
author = {Higgins, Parker},
|
||||
title = {Big Brother Is Listening: Users Need the Ability To Teach Smart
|
||||
TVs New Lessons},
|
||||
organization = {Electronic Frontier Foundation},
|
||||
date = {2015-02-11},
|
||||
url = {https://www.eff.org/deeplinks/2015/02/big-brother-listening-users-need-ability-teach-smart-tvs-new-lessons},
|
||||
urldate = {2017-03-20},
|
||||
}
|
||||
|
||||
@online{vault7:y0,
|
||||
title = {Vault 7: CIA Hacking Tools Revealed},
|
||||
organization = {Wikileaks},
|
||||
url = {https://wikileaks.org/ciav7p1/index.html},
|
||||
urldate = {2017-03-21},
|
||||
}
|
||||
|
||||
@online{vault7:weeping,
|
||||
title = {Weeping Angel (Extending) Engineering Notes,
|
||||
SECRET~// REL~USA,UK},
|
||||
organization = {Central Intelligence Agency},
|
||||
url = {https://wikileaks.org/ciav7p1/cms/page_12353643.html},
|
||||
urldate = {2017-03-20},
|
||||
annotation = {Covert surveillance through Samsung Smart TVs.},
|
||||
}
|
||||
|
||||
@online{bleep:lgtv-ransom,
|
||||
author = {Cimpanu, Catalin},
|
||||
title = {Android Ransomware Infects LG Smart TV},
|
||||
organization = {Bleeping Computer},
|
||||
url = {https://www.bleepingcomputer.com/news/security/android-ransomware-infects-lg-smart-tv/},
|
||||
urldate = {2017-03-20},
|
||||
annotation = {Android ransomware on an LG Smart TV.}
|
||||
}
|
||||
|
||||
@online{engadget:murder-echo,
|
||||
author = {Steele, Billy},
|
||||
title = {Policy seek Amazon Echo data in murder case},
|
||||
organization = {Engadget},
|
||||
date = {2016-12-27},
|
||||
url = {https://www.engadget.com/2016/12/27/amazon-echo-audio-data-murder-case/},
|
||||
urldate = {2017-03-21},
|
||||
}
|
||||
|
||||
@online{guardian:murder-echo,
|
||||
title = {Amazon refuses to let police access US murder suspect's Echo
|
||||
recordings},
|
||||
subtitle = {Company has declined to provide audio recordings by smart
|
||||
speaker system at house where man died, according to a
|
||||
report},
|
||||
organization = {The Guardian},
|
||||
date = {2016-12-28},
|
||||
url = {https://www.theguardian.com/technology/2016/dec/28/amazon-refuses-to-let-police-access-suspects-echo-recordings},
|
||||
urldate = {2017-03-21},
|
||||
}
|
||||
|
||||
@online{gizmodo:echo-wiretap,
|
||||
author = {Novak, Matt},
|
||||
title = {The FBI Can Neither Confirm Nor Deny Wiretapping Your Amazon
|
||||
Echo},
|
||||
organization = {Gizmodo},
|
||||
date = {2016-05-11},
|
||||
url = {https://paleofuture.gizmodo.com/the-fbi-can-neither-confirm-nor-deny-wiretapping-your-a-1776092971},
|
||||
urldate = {2017-03-21},
|
||||
}
|
||||
|
||||
@online{w:file:echo,
|
||||
author = {Morrison, Frank},
|
||||
title = {File:Amazon Echo.jpg},
|
||||
organization = {Wikipedia},
|
||||
date = {2014-10-17},
|
||||
url = {https://en.wikipedia.org/wiki/File:Amazon_Echo.jpg},
|
||||
urldate = {2017-03-21},
|
||||
}
|
||||
|
||||
@online{guardian:doll-spy,
|
||||
author = {Oltermann, Philip},
|
||||
title = {German parents told to destroy doll that can spy on children},
|
||||
subtitle = {German watchdog classifies My Friend Cayla doll as
|
||||
`illegal espionage apparatus' and says shop owners could
|
||||
face fines},
|
||||
date = {2017-02-17},
|
||||
organization = {The Guardian},
|
||||
url = {https://www.theguardian.com/world/2017/feb/17/german-parents-told-to-destroy-my-friend-cayla-doll-spy-on-children},
|
||||
urldate = {2017-03-22},
|
||||
}
|
||||
|
|
265
slides.org
265
slides.org
|
@ -90,11 +90,9 @@ Some of us are /still/ being tracked at this very moment!
|
|||
|
||||
This isn't a tinfoil hat presentation.
|
||||
It's a survey of facts.
|
||||
/Actual/ facts, not alternative ones! (Dig at Kellyanne Conway, for those
|
||||
reading this in the future.)
|
||||
Since time isn't on my side here,
|
||||
I'm going to present a broad overview of the most pressing concerns of
|
||||
today.
|
||||
today, as it relates to everyone here.
|
||||
Every slide has numeric citations,
|
||||
which are associated with references on the final slides.
|
||||
I won't be showing them here---you can get them online.
|
||||
|
@ -138,7 +136,8 @@ They are something we carry with us everywhere.
|
|||
They are computers that are always on.
|
||||
|
||||
A phone is often synonymous with an individual;
|
||||
they are a part of us.
|
||||
they are a part of us---
|
||||
we feel /incomplete/ when we're missing our phones.
|
||||
In other words: they're excellent tracking devices.
|
||||
#+END_COMMENT
|
||||
|
||||
|
@ -179,9 +178,7 @@ Unless it is off or otherwise disconnected (like airplane mode),
|
|||
its connection to the cell tower exposes your approximate location.
|
||||
If the signal reaches a second tower,
|
||||
the potential location can be calculated from the signal delay.
|
||||
You can also triangulate.
|
||||
These data persist for as long as the phone companies are willing to persist
|
||||
it.
|
||||
More towers, you can also triangulate.
|
||||
|
||||
Some people don't use phones primarily for this reason.
|
||||
|
||||
|
@ -308,6 +305,8 @@ The Guardian newspaper releases a leaked court order,
|
|||
which orders Verizon to collect ``telephony metadata'' on /all/ calls,
|
||||
/including domestic/.
|
||||
|
||||
These matadata include <read above>.
|
||||
|
||||
That ``business records'' provision of FISA that Ron Wyden was talking about
|
||||
was partly declassified by the then-DNI James Clapper shortly after that
|
||||
publication.
|
||||
|
@ -372,7 +371,7 @@ If you connected to any hidden networks,
|
|||
your phone may broadcast that network name to see if it exists.
|
||||
|
||||
It exposes unique device identifiers (MACs),
|
||||
which can be used to uniquely identify you.
|
||||
which can be used to identify you.
|
||||
|
||||
Defending against this is difficult,
|
||||
unless you take the simple yet effective route:
|
||||
|
@ -479,9 +478,14 @@ A study by the Wall Street Journal found that 47 of the 100 Android and iOS
|
|||
apps in 2010 shared your location with not only the developers,
|
||||
but also with third parties.
|
||||
|
||||
An example is Angry Birds,
|
||||
which for whatever the hell reason was sending users' address books,
|
||||
locations, and device IDs to third parties.
|
||||
|
||||
You need to know what data you're leaking so that you can decide whether
|
||||
or not you want to do so.
|
||||
And you need the option to disable it.
|
||||
Or modify the program to disable it.
|
||||
|
||||
Sometimes your location is leaked as a side-effect.
|
||||
Navigation systems, for example, usually lazy-load map images.
|
||||
|
@ -520,8 +524,8 @@ Based on the signal strength of nearby WiFi networks,
|
|||
your position can be more accurately trangulated.
|
||||
|
||||
Some of these data are gathered by Google Street View cars.
|
||||
Your phone might also be reporting back nearby networks in order to improve
|
||||
the quality of these databases.
|
||||
Devices that /have/ GPS, like your phone might also be reporting back nearby
|
||||
networks in order to improve the quality of these databases.
|
||||
|
||||
Sometimes this can be more accurate than GPS.
|
||||
And it works where GPS and maybe even cell service don't, such as inside
|
||||
|
@ -560,7 +564,7 @@ The OS situation on mobile is lousy.
|
|||
You carry around this computer everywhere you go.
|
||||
And you fundamentally cannot trust it.
|
||||
|
||||
Take BLU phones for example.
|
||||
Take BLU phones for example---cheap little phones that come with advertising.
|
||||
In November of last year it was discovered that these popular phones
|
||||
contained software that sent SMS messages, contact lists, call history,
|
||||
IMEIs, etc to third-party servers without users' knowledge or consent.
|
||||
|
@ -725,7 +729,7 @@ Well one of the most obvious threats,
|
|||
is a warrant or subpoena.
|
||||
|
||||
Most of us aren't going to have to worry about a crime.
|
||||
Data can be compromised.
|
||||
But data can be compromised.
|
||||
And it isn't possible for you to audit it;
|
||||
you have no idea who has you on camera.
|
||||
|
||||
|
@ -733,7 +737,6 @@ This creates a chilling effect.
|
|||
You're going to act differently in public knowing that someone might be
|
||||
watching,
|
||||
or could be watching later on if recorded.
|
||||
And some will be paranoid---you don't know if cameras are around.
|
||||
|
||||
If you have a surveillance system,
|
||||
or any sort of public-facing cameras,
|
||||
|
@ -829,7 +832,7 @@ This thing also integrates the 911 system, radiation detectors, criminal
|
|||
This is the direction we're heading in---
|
||||
these things will only spread.
|
||||
In fact,
|
||||
the NYPD will get 30% of the profits from selling it to others.
|
||||
the NYPD will get a 30% cut when Microsoft sells it to others.
|
||||
#+END_COMMENT
|
||||
|
||||
|
||||
|
@ -944,7 +947,7 @@ But it's a useful comparison against precedent.
|
|||
#+END_COMMENT
|
||||
|
||||
|
||||
*** AUGMENT Internet of Things [7/7]
|
||||
*** AUGMENT Internet of Things [13/13]
|
||||
**** READY Internet-Connected Cameras :B_fullframe:
|
||||
:PROPERTIES:
|
||||
:DURATION: 00:00:35
|
||||
|
@ -1002,7 +1005,6 @@ It also indexes other interesting things.
|
|||
For example,
|
||||
it was used to find unsecured MongoDB instances so that the attackers
|
||||
could hold data for ransom.
|
||||
Secure your databases.
|
||||
|
||||
So people can find your stuff.
|
||||
If an attacker knows that some device is vulnerable,
|
||||
|
@ -1114,9 +1116,6 @@ How about inside hospital rooms?
|
|||
This patient has an ice pack strapped to the side of her face.
|
||||
I'm pretty sure this feed was outside of the United States;
|
||||
I can't imagine that this type of thing would make it past HIPAA audits.
|
||||
I hope.
|
||||
I couldn't find the feed again to try to figure out what hospital it might
|
||||
be to notify them.
|
||||
|
||||
How about inside someone's home?
|
||||
This looks to be a bedroom.
|
||||
|
@ -1143,6 +1142,232 @@ Even if you can't find a camera on this site,
|
|||
#+END_COMMENT
|
||||
|
||||
|
||||
**** READY Smart TVs (Samsung Privacy Policy) :B_fullframe:
|
||||
:PROPERTIES:
|
||||
:BEAMER_env: fullframe
|
||||
:DURATION: 00:00:30
|
||||
:END:
|
||||
|
||||
#+BEGIN_QUOTE
|
||||
``Please be aware that if your spoken words include personal or other
|
||||
sensitive information, that information will be among the data captured and
|
||||
transmitted to a third party through your use of Voice Recognition.''
|
||||
|
||||
\hfill---Samsung SmartTV Privacy Policy, 2015
|
||||
|
||||
\cite{eff:samsung-tv-policy}
|
||||
#+END_QUOTE
|
||||
|
||||
#+BEGIN_COMMENT
|
||||
So while we're on the topic of being in someone's home...
|
||||
|
||||
Samsung's SmartTV privacy policy caused a big fuss a couple years ago by
|
||||
blatantly stating that your personal conversations will be sent to
|
||||
third-party servers for voice recognition.
|
||||
|
||||
It was compared to George Orwell's telescreens.
|
||||
|
||||
<Read above>
|
||||
#+END_COMMENT
|
||||
|
||||
|
||||
**** READY Smart TVs (Weeping Angel) :B_fullframe:
|
||||
:PROPERTIES:
|
||||
:BEAMER_env: fullframe
|
||||
:DURATION: 00:00:30
|
||||
:END:
|
||||
|
||||
***** Wikileaks
|
||||
:PROPERTIES:
|
||||
:BEAMER_col: 0.15
|
||||
:END:
|
||||
|
||||
#+BEGIN_CENTER
|
||||
#+ATTR_LATEX: :height 1in
|
||||
[[./images/tp/wikileaks.png]]
|
||||
#+END_CENTER
|
||||
|
||||
***** Title
|
||||
:PROPERTIES:
|
||||
:BEAMER_col: 0.60
|
||||
:END:
|
||||
|
||||
#+BEGIN_CENTER
|
||||
#+BEAMER: {\Huge Weeping Angel}
|
||||
\par\incite{vault7:weeping,vault7:y0}
|
||||
|
||||
- Suppress LEDs for ``fake off''
|
||||
- Record audio
|
||||
- Remote shell and file transfer
|
||||
- Extract WiFi credentials
|
||||
- ``TODO'': Record video
|
||||
#+END_CENTER
|
||||
|
||||
#+BEGIN_COMMENT
|
||||
But it might not be Samsung that's listening.
|
||||
|
||||
Recently,
|
||||
Wikileaks released what it refers to as ``Vault 7'',
|
||||
an unprecedented doxxing of the CIA.
|
||||
|
||||
Weeping Angel was one of the projects.
|
||||
It targets Samsung Smart TVs and can suppress LEDs to enter what they call a
|
||||
``fake off'' mode,
|
||||
covertly listening to the environment.
|
||||
As of their 2014 notes,
|
||||
video surveillance was explicitly on their TODO list.
|
||||
I find it unlikely that they didn't succeed given that they appear to have
|
||||
root access to the device.
|
||||
#+END_COMMENT
|
||||
|
||||
***** CIA
|
||||
:PROPERTIES:
|
||||
:BEAMER_col: 0.15
|
||||
:END:
|
||||
|
||||
#+BEGIN_CENTER
|
||||
#+ATTR_LATEX: :height 0.85in
|
||||
[[./images/tp/cia-logo.png]]
|
||||
#+END_CENTER
|
||||
|
||||
|
||||
#+BEGIN_COMMENT
|
||||
If Samsung isn't listening,
|
||||
then others might be.
|
||||
#+END_COMMENT
|
||||
|
||||
|
||||
**** READY Smart TV Ransomware (LG)
|
||||
:PROPERTIES:
|
||||
:DURATION: 00:00:15
|
||||
:END:
|
||||
|
||||
#+BEGIN_CENTER
|
||||
#+ATTR_LATEX: :height 2in
|
||||
[[./images/tp/lgtv-pwnd.png]]
|
||||
|
||||
\incite{bleep:lgtv-ransom}
|
||||
#+END_CENTER
|
||||
|
||||
#+BEGIN_COMMENT
|
||||
Remember:
|
||||
if the CIA exploited a vulnerability,
|
||||
it's very possible that other adversaires have as well;
|
||||
it isn't just the CIA you have to worry about.
|
||||
|
||||
This is an LG Smart TV owned by Android ransomware.
|
||||
#+END_COMMENT
|
||||
|
||||
|
||||
**** READY Amazon Echo---Always Listening
|
||||
:PROPERTIES:
|
||||
:DURATION: 00:00:45
|
||||
:END:
|
||||
|
||||
***** Echo echo echo echo...
|
||||
:PROPERTIES:
|
||||
:BEAMER_col: 0.3
|
||||
:END:
|
||||
|
||||
#+BEGIN_CENTER
|
||||
#+ATTR_LATEX: :height 2in
|
||||
[[./images/tp/amazon-echo.jpg]]
|
||||
|
||||
\incite{w:file:echo}
|
||||
#+END_CENTER
|
||||
|
||||
|
||||
***** Summary
|
||||
:PROPERTIES:
|
||||
:BEAMER_col: 0.7
|
||||
:END:
|
||||
|
||||
- Voice recognition on Amazon's servers; have recordings
|
||||
\cite{engadget:murder-echo,guardian:murder-echo}
|
||||
- Warrant issued in murder case for recordings
|
||||
\cite{engadget:murder-echo,guardian:murder-echo}
|
||||
- Always listening; ``wake word'' doesn't matter (they control the software;
|
||||
device can be compromised)\cite{gizmodo:echo-wiretap}
|
||||
- <2-> Should do voice recognition on the device
|
||||
- <2-> Run free software
|
||||
- <2-> Connect to /your own server/ for actions
|
||||
- <2-> Hardware switch for microphone
|
||||
|
||||
#+BEGIN_COMMENT
|
||||
Personal assistants have become pretty popular.
|
||||
Amazon Echo is one of those ``always-listening'' devices that can do your
|
||||
bidding.
|
||||
But since it performs voice recognition on Amazon's servers,
|
||||
they have access to recordings of your data.
|
||||
A court has issued a warrant for those recordings in a murder case in
|
||||
December of this past year.
|
||||
|
||||
Look: a device like this---one that is always listening---
|
||||
is a security nightmare.
|
||||
It doesn't matter if it has some sort of ``wake word'';
|
||||
functionality can be hidden from you or changed with an update.
|
||||
You do not have control over that device or the software that it is running.
|
||||
If an attacker owns the device,
|
||||
they're sitting there in your living room.
|
||||
A device like this needs to do voice recognition locally,
|
||||
run free software,
|
||||
connect to a server of /your choosing/ for actions.
|
||||
and have a hardware switch for the microphone.
|
||||
#+END_COMMENT
|
||||
|
||||
|
||||
**** READY Consder the Benign
|
||||
:PROPERTIES:
|
||||
:DURATION: 00:00:20
|
||||
:END:
|
||||
- Water meter used in murder case as evidence\cite{guardian:murder-echo}
|
||||
- 140 gallons between 1AM and 3AM in Winter?
|
||||
- Thermostat?
|
||||
- Usage patterns could hint at when you're home
|
||||
- Window/door sensors?
|
||||
|
||||
#+BEGIN_COMMENT
|
||||
Consider what devices in your home might have access to.
|
||||
|
||||
That murder case I just mentioned with the Echo---
|
||||
they also gathered data from the water meter which showed that the
|
||||
suspect used 140 gallons between 1AM and 3AM.
|
||||
During Winter, nonetheless.
|
||||
|
||||
Your thermostat could reveal usage patterns to determine remotely when you
|
||||
might be home.
|
||||
There are door and window sensors.
|
||||
#+END_COMMENT
|
||||
|
||||
|
||||
**** READY Creepy-Ass Children's Toys?
|
||||
:PROPERTIES:
|
||||
:DURATION: 00:00:15
|
||||
:END:
|
||||
|
||||
#+BEGIN_CENTER
|
||||
#+BEAMER: \uncover<2>{
|
||||
#+ATTR_LATEX: :height 0.15in
|
||||
[[./images/tp/the-onion-logo.png]] ???
|
||||
#+BEAMER: }
|
||||
#+ATTR_LATEX: :height 2.35in
|
||||
[[./images/guardian-doll-spy.png]]\incite{guardian:doll-spy}
|
||||
#+END_CENTER
|
||||
|
||||
#+BEGIN_COMMENT
|
||||
What about creepy-ass children's toys?
|
||||
I took a screenshot of this Guardian article because...
|
||||
A couple years ago you'd only find a headline like this in something like
|
||||
The Onion.
|
||||
|
||||
``German watchdog classifies My Friend Cayla doll as `illegal espionage
|
||||
apparatus'.''
|
||||
|
||||
/What the hell./
|
||||
#+END_COMMENT
|
||||
|
||||
|
||||
|
||||
**** READY ALPRs Wide Open
|
||||
:PROPERTIES:
|
||||
:DURATION: 00:00:20
|
||||
|
@ -1158,7 +1383,7 @@ Even if you can't find a camera on this site,
|
|||
- Other researcher found some accessible via telnet\cite{darius:alpr-telnet}
|
||||
|
||||
#+BEGIN_COMMENT
|
||||
Speaking of just connecting.
|
||||
Alright, well, stupid things happen outside the home too.
|
||||
Those ALPRs we just talked about.
|
||||
|
||||
Turns out that they have web interfaces.
|
||||
|
|
Loading…
Reference in New Issue