Down The Rabbithole Cavalry-esque Discussion

For those of you who don’t already listen to it, the Down The Rabbithole (DtR) podcast is a long-running podcast hosted by Raf Los (aka. Wh1t3 Rabbit) and James Jardine. Over the holiday weekend I was catching up on the podcast and ran across a great Cavalry-esque episode I thought I’d draw your attention to.

On the April 7th Newscast Raf and James discussed the downfall of Windows XP and how this will affect life critical systems. They went beyond the superficial issues and talked about the bad assumptions that have led to decision making failures for several years in the computer technology space. The true costs, they mention, won’t be on the Internet, they’ll come when computer security affects humanity. Our inability to accurately predict the future leads to public safety, human life and trust problems.

They also discuss wholly managed devices, such as the Google Nest thermostat. What are the implications of that management? If an update breaks a device what are the ramifications? They also talked about the fact that the updates themselves can be an attack vector, similar to my comments in the BBC article on ghosts in the Internet of Things.

We’re placing ever more trust in those who are behind our connected systems. We are trusting that they are acting in good faith. And we are trusting that their decision making process is sound. Shouldn’t we KNOW that these decisions are worthy of our trust?

BBC Future Story, Featuring The Cavalry

bbc_icon

Last week BBC Future published a piece called Internet of Things: The ‘ghosts’ that haunt the machine. The article discusses the potential long-term network congestion that could come about from noisy IoT devices. The Cavalry gets a mention and a quote, in the context of the potential for takeover of the devices, either by targeting the endpoints or by taking over expired domains for update servers, etc.

Once the ghost machine is taken over, the potential for damage is considerable, says Beau Woods, a founding member of I Am The Cavalry, an organisation focusing on protecting the general public from digital attacks. “What could someone malicious do if they could modify or replace the software on the device? This could range from pranks, like funny photos on a fridge screen, to making profits by inserting advertisements on your television, to interception by digitally eavesdropping on your home network, to disablement through wrecking the software on the device, to doing physical damage by overloading the electronics or burning out a motor. In automobiles, medical devices, public transport, airplanes and other more critical systems the damage could be much more severe.”

The story hit the front page of the BBC website, which gave us some good exposure to a global audience.