Free porn and eavesdropping from a distance

| No Comments

I've been talking about security and encryption quite a lot over the past couple of weeks, and I know not too many people are actually interested in those things, but allow me to give you two very real world examples as why it could be important to you as well.

The Car Whisperer by trifinite The first article and tool I'd like to link to is the Car Whisperer project by a group called trifinite. They manage to inject audio into a car using a directional antenna and a laptop running linux. How do they do it? They use the fact that most car or handsfree bluetooth set manufacturers use "standard" codes such as "0000" or "1234". Once the pairing with the device is done - without the person carrying the bluetooth appliance noticing anything, the Car Whisperer tools allows audio to be sent through the speakers, but eavesdropping is possible as well. They just turn on the microphone and can hear anything that's being said in the car driving by! How does this affect you, you may ask? Do you own a mobile phone, a bluetooth headset or a car equipped with it? Stop reading this post, step out and verify what pincode is required to access those devices. Change it to something less standard. Turn off bluetooth if you don't use or need it.

The second article deals with hotel TV systems broadcasting data in the open and unsecured over infrared. While most people won't notice or consider that a risk at all - you can't see it, so it ain't there, right? - the technical director of The Bunker, Adam Laurie, demonstrated the exploits last week to Wired. He was able to access pay-content for free (free porn!!), but was also able to see the bills of other people, even read mails that were sent using the system and finally got into the back-end system as well.

I think these examples are proof that no matter how trivial some technologies seem, unless they are developed, installed and set up correctly with security in mind, they can and will be (ab)used. It's not because something hasn't happened yet the systems are secure. In fact, your system may have been penetrated and abused for quite a long time, you just don't know yet.

Leave a comment

Monthly Archives

Pages

OpenID accepted here Learn more about OpenID
Powered by Movable Type 5.04

About this Entry

This page contains a single entry by ServMe published on August 3, 2005 9:45 AM.

Strap me in, put me away and get rid of the key was the previous entry in this blog.

The word I'm looking for is... is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.