On Distrusting Your Toaster and Other Tiny Dystopias

AdamElkus May 18, 2012

Close to 16 years ago, Matt Devost, Brian Houghton, and Neal Pollard warned you not to trust your toaster. The title referred literally to computer-connected toasters and more broadly at the problem of security vulnerabilities in a networked world. Since then, the cybersecurity world has focused more narrowly on corporate and government network security and critical infrastructure protection. But Devost’s paper was about the wider world of danger represented by the networking of more and more systems–including the humble toaster.

Ars Technica has an interesting story on a new bug discovered in high-def Samsung TVs:

[The] bug, found in a wide range of high-definition TVs from Samsung, was disclosed on Thursday by Luigi Auriemma, an Italy-based researcher who regularly finds security flaws in Microsoft Windows, video games, and even the industrial-strength systems used to control dams, gas refineries, and other critical infrastructure. While poking around a Samsung D6000 model belonging to his brother, he inadvertently discovered a way to remotely send the TV into an endless restart mode that persists even after unplugging the device and turning it back on. The TV was connected by ethernet cable to a home network, so Auriemma thought it would be funny to use a computer connected to the same network to send it a message that contained a series of custom headers. Without warning, the TV spiraled into an endless loop of restarts. For about five seconds, the device would appear to work correctly, but then would stop responding to commands entered by remote control or through the panel. A few seconds later, the TV would restart and repeat the process. Unplugging the power cord or ethernet cable did nothing. Auriemma had just stumbled upon a crippling denial-of-service attack. Auriemma said he sees no reason the attack couldn’t be carried out over the Internet if the TV had a public IP address and used no filters.

A similar bug was discovered in Sony Bravia TVs with the hping networking tool. A researcher was able to use hping to disrupt basic operations fairly easily. Of course, the exploit described is not really that significant in and of itself. But it is a harbinger of a larger trend we have written about at CTOVision: the security problems of a post-computer and possibly post-device ecosystem. More and more devices are becoming networked and thus vulnerable to exploits. And why would they not be? They are being designed with convenience in mind. But the Internet itself is really only the beginning, not the end, of where everyday vulnerabilities exist and may exist in the future.

Samuel Liles has also pointed out the degree to which present thinking ignores the Internet of Things. The protocol J1939 as part of the CANBUS standard connects cars to features of the Internet but not the Internet itself, for example. A recent report also found a range of plausible external automobile attack vectors ranging from the ODB-II port common in many modern automobiles to long-range wireless digital access channels.

From the perspective of everyday personal security and corporate security, these may be more pressing than whatever Chinese or Russian hack is on the news. Existing and future vulnerabilities in basic, everyday devices—especially when so many of them are or will be networked to the Internet–are a pressing problem that has yet to receive the attention they deserve.

About AdamElkus

Adam Elkus is a PhD student in Computational Social Science at George Mason University. He writes on national security, technology, and strategy at oodaloop.com for OODA, War on the Rocks, and his own blog Rethinking Security. His work has been published in The Atlantic, Journal of Military Operations Foreign Policy, West Point Counterterrorism Center Sentinel, and other publications.

Gain Decision Advantage With Innovative Enterprise Software

For over 10 years CTOvision has consistently provided strategic context on the nature of technology and how to best leverage it for your personal and business objectives. We maintain the site in a way meant to help you find insights you need as fast as possible. To kick off a search use the search box […]

Gain Powerful Insights Into The Future With OODA Loop’s Technology Tracking

In a continuation of our journey to bring the best, most actionable technology content to enterprise decision-makers we have merged our research and reporting activities into the OODAloop.com site (both CTOvision.com and OODAloop.com are owned and operated by OODA LLC). CTOvision will focus only on one small niche, a vision for a technology enabled future. […]

Mitigating Advanced Threats with Scalable and Automated Malware Analysis: An interview of Chad Loeven and Mike Hylton

Mitigating Advanced Threats with Scalable and Automated Malware Analysis: An interview of Chad Loeven and Mike Hylton Scalable automated malware analysis has become a critical component of enterprise defense. When properly implemented it can be key to mitigating malware threats that otherwise bypass perimeter defenses. In this post we provide context enterprise architects and security […]

CTOvision and OODA: Big Changes Coming Soon

In a continuation of our journey to bring the best, most actionable technology content to enterprise decision-makers we are merging our research and reporting activities into the OODAloop.com site (both CTOvision.com and OODAloop.com are owned and operated by OODA LLC). This will give our community access to the same technology summaries we currently produce as […]

The Short Story From Arthur C. Clarke Every Officer in The Military Should Read and Heed

Like so many others in the national security domain I am tracking what I can about the new US Space Force, the newest US military force. I believe their mission is important and establishing Space Force was the right move. Space is, by definition, a domain that will require deep technological expertise to enable mission […]

This One Little Configuration Change Will Make It Harder For People To Steal Your Information

Editor’s note: We are aiming this tutorial at the non-technical person. Please share with anyone in your life who could benefit from this. -bg Cyberspace is a complex domain and our adversaries are always seeking new ways to steal information or spread their malicious code or hold our data for ransom. This is the big reason […]

Think Twice Before Deciding To Use A Personal VPN: You could be getting some really bad advice

From the 1930s to 1950s (far too long) the medical community just would not wake up to the fact that cigarettes could cause harm (see More Doctors Smoke Camels). Why did they stick with this misperception for so long? When so many good people come to the wrong conclusion it probably means some deeply human […]

Science Fiction Gadgets You Can Get Today

Technology is advancing pretty fast, at times influenced by the exciting world of Science Fiction. This video captures 10 of the tech developments first seen in SciFi that are available now. A key point of this, if you want to know what is in our future, watch more SciFi!

Super Bowl Ads Indicate Big Businesses Think You Are Afraid of AI

Tom Loftus provided an insightful review of some of Super Bowl ads in the 4 Feb 2019 Wall Street Journal. Like AI parody in SNL, these ads really poked fun at computers: Seriously, did anyone catch the commercials? If the Super Bowl is the zeitgeist, then it is safe to say that America is not […]

HBO’s Westworld: The Man In Black is a special kind of Twitter user

HBO’s Westworld is a modern take on the Michael Crichton SciFi tale of a robotic amusement park. The HBO version has a new twist. The creators/writers were all exposed to years of Twitter, which has influenced every episode and the entire arch of two seasons of the show. Now that season two is wrapping up, […]

Related