Abusing the Internet of Things: Blackouts, Freakouts, and Stakeouts
Nitesh Dhanjani's 2015 O'Reilly book Abusing the Internet of Things: Blackouts, Freakouts, and Stakeouts is a very practical existence-proof of the inadequacy and urgency of Internet of Things security.
The usual O'Reilly book is a kind of cook-book for accomplishing normal technical tasks, each recipe serving to illustrate broader technical principles. Millions of skilled technical people have followed the steps in O'Reilly books to master Perl and Ruby and Python, become master network administrators, or just master shell scripting.
Abusing the Internet of Things is structured just like one of those cookbooks, only the recipes explain the (relatively simple) steps you need take to compromise everything from a smart lightbulb -- one recipe explains how to plunge a smart lighting system into permanent, irrevocable darkness -- to a smart baby-monitor (this was published months before a family in San Francisco woke to discover a griefer terrorizing their toddler through his bedside monitor) to a smart TV to -- what else? -- a smart car.
In so doing, Dhanjani -- who has presented widely on the subject, including an excellent talk at Black Hat Asia -- illustrates the utter shoddiness of IoT security, and incontrovertibly illustrates the risks from bad information security when every corner of our homes is infiltrated by computers.
But this isn't just a cautionary tale. After walking the reader through a series of examples, complete with source-code and exercises for the student, Dhanjani flips the script, and uses all he's discussed to build a secure, smart doorbell that's connected to the public Internet, with security in it by design. The distance between the approach in this exercise and the approaches taken by the vendors Dhanjani outs as security bumblers is the clincher, the proof that the things you buy are broken because no one cared enough about them to make them hard to break.
Two final chapters sum up the scenarios for future IoT attacks, and dramatize the institutional processes that produce such poor quality devices for our consumption.
The book is written in a spritely, writerly fashion, with many grace notes and interesting case studies -- including an account of how you could use someone's hacked email account to steal their Tesla automobile.
This book is a marvellous thing: an important intervention in the policy debate about information security and a practical text for people trying to improve the situation.
Abusing the Internet of Things: Blackouts, Freakouts, and Stakeouts [Nitesh Dhanjani/O'Reilly]
(Image: "Activate the world" (or: what "mobile" really means), Mike, CC-BY)
“[T]he virtuous & forthright Comey resembles the degenerate & deceitful Trump. Both are the main characters in their own cinematic dramas… a mindset that blinds each of them to the consequences of their actions on other people.” Adam Serwer brings the truth in this Atlantic piece on the James Comey book everyone’s losing their goddamn […]
Paper Girls 4: duelling invisible megabots, time travel and the prime directive, now with more Hugo nominations!
Paper Girls is the outstanding Stranger-Things-esque graphic novel series by Brian K Vaughan and Cliff Chiang, a tale of time-travel, meddling, war and coming of age whose mind-bending twists and turns earned it a Hugo nomination this year. Now Paper Girls 4 is on shelves, and it's time to party like it's 1999.
Richard Moss’s been working on The Secret History of Mac Gaming [Amazon] for years, and now it’s finally out. Written by Richard Moss , with additional contributions by Craig Fryar Designed by Darren Wall Illustrated by JJ Signal Published by Unbound Made possible by 1,265 crowdfunding backers Available March 22 online and in the UK; […]
Another year, another iteration of Samsung’s Galaxy smartphone—except this time around Samsung sought to redefine what a smartphone can do completely. Boasting a 6.2″ Quad HD+ Super AMOLED (2960×1440) infinity display, and an elite 10nm 64-bit Octa-Core Processor with 6GB RAM, the S9+ is an absolute powerhouse with a price tag to match. However, you […]
Competition in the job market is getting stiff, and while experience and a four-year degree can put you on the map, most employers prefer applicants versed in the tools that power their industry. To this end, certifying your skills with Salesforce is a smart move. The world’s #1 Customer Relationship Management (CRM) platform, Salesforce is […]
Warmer weather is coming, and so too is the hankering for iced coffee. But, since most of us don’t have the time—or foresight—to make a batch of cold brew the night before, we’ll be chilling our cups of Joe with ice cubes and watering them down in the process. The HyperChiller Coffee Chiller offers a different […]