H+ zero-day vulnerabilities, plus cetacean personhood

Paul Raven @ 13-07-2011

Couple of interesting nuggets here; first up is a piece from Richard Yonck at H+ Magazine on the risks inherent to the human body becoming an augmented and extended platform for technologies, which regular readers will recognise as a fugue on one of my favourite themes, Everything Can And Will Be Hacked. Better lock down your superuser privileges, folks…

In coming years, numerous devices and technologies will become available that make all manner of wireless communications possible in or on our bodies. The standards for Body Area Networks (BANs) are being established by the IEEE 802.15.6 task group. These types of devices will create low-power in-body and on-body nodes for a variety of medical and non-medical applications. For instance, medical uses might include vital signs monitoring, glucose monitors and insulin pumps, and prosthetic limbs. Non-medical applications could include life logging, gaming and social networking. Clearly, all of these have the potential for informational and personal security risks. While IEEE 802.15.6 establishes different levels of authentication and encryption for these types of devices, this alone is no guarantee of security. As we’ve seen repeatedly, unanticipated weaknesses in program logic can come to light years after equipment and software are in place. Methods for safely and securely updating these devices will be essential due to the critical nature of what they do. Obviously, a malfunctioning software update for something as critical as an implantable insulin pump could have devastating consequences.

Yonck then riffs on the biotech threat for a while; I’m personally less worried about the existential risk of rogue biohackers releasing lethal plagues, because the very technologies that make that possible are also making it much easier to defeat those sorts of pandemics. (I’m more worried about a nation-state releasing one by mistake, to be honest; there’s precedent, after all.)

Of more interest to me (for an assortment of reasons, not least of which is a novel-scale project that’s been percolating at the back of my brainmeat for some time) is his examination of the senses as equivalent to ‘ports’ in a computer system; those I/O channels are ripe for all sorts of hackery and exploits, and the arrival of augmented reality and brain-machine interfaces will provide incredibly tempting targets, be it for commerce or just for the lulz. Given it’s taken less than a week for the self-referential SEO hucksters and social media gurus douchebags to infest the grouting between the circles of Google+, forewarned is surely forearmed… and early-adopterdom won’t be much of a defence. (As if it ever was.)

Meanwhile, a post at R U Sirius’ new zine ACCELER8OR (which, given its lack of by-line, I assume to be the work of The Man Himself) details the latest batch of research into advanced sentience in cetaceans. We’ve talked about dolphin personhood before, and while my objections to the enshrinement of non-human personhood persist (I think we’re wasting time by trying to get people to acknowledge the rights of higher animals when we’ve still not managed to get everyone to acknowledge the rights of their fellow humans regardless of race, creed or class) it’s still inspiring and fascinating to consider that, after years of looking into space for another sentient species to make contact with, there’s been one swimming around in the oceans all along.

Dovetailing with Yonck’s article above, this piece extrapolates onward to discuss the emancipation of sentient machines. (What if your AI-AR firewall system suddenly started demanding a five-day working week?)

A recent Forbes blog poses a key question on the issue of AI civil rights: if an AI can learn and understand its programming, and possibly even alter the algorithms that control its behavior and purpose, is it really conscious in the same way that humans are? If an AI can be programmed in such a fashion, is it really sentient in the same way that humans are?

Even putting aside the hard question of consciousness, should the hypothetical AIs of mid-century have the same rights as humans?  The ability to vote and own property? Get married? To each other? To humans? Such questions would make the current gay rights controversy look like an episode of “The Brady Bunch.”

Of course, this may all a moot point given the existential risks faced by humanity (for example, nuclear annihilation) as elucidated by Oxford philosopher Nick Bostrom and others.  Or, our AIs actually do become sentient, self-reprogram themselves, and “20 minutes later,” the technological singularity occurs (as originally conceived by Vernor Vinge).

Give me liberty or give me death? Until an AI or dolphin can communicate this sentiment to us, we can’t prove if they can even conceptualize such concepts as “liberty” or “death.” Nor are dolphins about to take up arms anytime soon even if they wanted to — unless they somehow steal prosthetic hands in a “Day of the Dolphin”-like scenario and go rogue on humanity.

It would be mighty sad were things to come to that… but is anyone else thinking “that would make a brilliant movie”?


Steeling data

Paul Raven @ 25-03-2011

Via Bruce Schneier, here’s a piece about how a graduate student has reinvented – and hence blown the lid off of – a technology that can “transmit data at high rates through thick, solid steel or other barriers”. It can carry power, too.

Why is this a big deal? Well, not only is it a reinvention of something that BAE had built for the British government for purposes undisclosed, but it’s a technology that can cut through Faraday cages and eavesdrop on electronic communications that are supposed to be heavily shielded from the world outside:

If you had the through-metal technology now reinvented by Lawry, however, your intruder – inside mole or cleaner or pizza delivery, whatever – could stick an unobtrusive device to a suitable bit of structure inside the Faraday cage of shielding where it would be unlikely to be found. A surveillance team outside the cage could stick the other half of the kit to the same piece of metal (perhaps a structural I-beam, for instance, or the hull of a ship) and they would then have an electronic ear inside the opposition’s unbreachable Faraday citadel, one which would need no battery changes and could potentially stay in operation for years.

So Tristan Lawry has unwittingly levelled the espionage-tech playing field. It’s hard to hide secrets about hiding secrets.


Instruments of Politeness

Paul Raven @ 17-03-2011

Instrument of Politeness… which point out how much of what we call “politeness” is actually disguise and dissembling.

At present we can lie about our current situation because the only transmitted information is the actual conversation and background noise. In the future mobile phones will be able to estimate our activity by evaluating multiple sensors in the device. This information will not only be used by the device itself but shared with our environment. The project ‘Instruments of Politeness’ allows the user to lie about his current activity.

The gizmo there is designed to wobble your mobile device about in a manner that will appear to the accelerometers as if you’re taking a walk with it in your pocket (when in fact you might be at home, or in a pub, doing something generally less constructive than the errand you’re supposed to be doing).

Now, mix up whimsical little scams like this one with Scott Adams’ Noprivacyville; utopias (be they real or misdesignated) will always decay under the natural human propensity to secure a little personal advantage. Or, in other words: Everything Can And Will Be Hacked.

Via those fascinating folk at BERG, who – despite the name – seem to do very little involving actual rockets, but an awful lot of other cool stuff.


GPS jamming for fun and profit

Paul Raven @ 10-03-2011

The Royal Academy of Engineering says that developed nations are “too reliant” on GPS [via SlashDot]:

While most people equate GPS systems with the tiny screens which get drivers from point A to point B, the report says society’s reliance on the technology goes well beyond that. The Academy says the range of applications using the technology is so vast that without adequate independent backup, signal failure or interference could potentially affect safety systems and other critical parts of the economy.

[…]

In the U.K., on top of satellite navigation, GNSS is used for data networks, financial systems, shipping and air transport, agriculture, railways and emergency services. The European Commission recently estimated an €800 billion ($1.1 trillion US) chunk of the European economy is already dependent on GNSS.

The vulnerabilities in these systems, the Academy says, could have dire consequences if exposed.

But why worry, right? So long as we keep the satellites maintained, everything will be fine… though we do need to trust in the good will and continuing stability of the US Air Force for that, at least for now.

Well, actually, keeping the satellites running is only part of the game. You see, GPS signals can be jammed pretty easily, and cheaply too [via Jamais Cascio]:

Though illegal to use in the US, UK and many other countries, these low-tech devices can be bought on the internet for as little as $30. Sellers claim they’re for protecting privacy. Since they can block devices that record a vehicle’s movements, they’re popular with truck drivers who don’t want an electronic spy in their cabs. They can also block GPS-based road tolls that are levied via an on-board receiver. Some criminals use them to beat trackers inside stolen cargo. “We originally expected that jammers might be assembled by spotty youths in their bedrooms,” says Last. “But now they’re made in factories in China.”

Last is worried that jammers could cause as much havoc on land as he discovered on the Galatea, and he’s not alone. In November 2010, a NASA-appointed executive committee for “space-based positioning, navigation and timing” warned that jamming devices could cause disaster if activated in cities. It is not known how many are out there, but the panel is concerned that the risk of interference is growing fast. And in future, devices called “spoofers” – which subtly trick GPS receivers into giving false readings – may make the problem even worse…

Repeat after me: Everything Can And Will Be Hacked. But the Royal Academy’s warning is worth considering; we’re at a civilisational stage where a global positioning system is a necessity. The problem with GPS is its hierarchical structure: everything depends on the sats, which are rather hard (and expensive) to maintain. I’m no expert on this sort of thing, but shouldn’t it be possible to build some sort of surface-based network that can achieve a similar result? Some smartphones can do rough positioning by signal triangulation, and I’m betting you could find a way to make that method more effective and widespread for the same budget as a few satellite launches.

That said, there’s a whole lot of the planet that doesn’t have cellphone towers (the oceans, for a start), so ground-based systems are always going to be a crude and limited second-tier fallback… if I was working for a commercial space outfit right now, I’d be keeping the necessity for GPS maintenance on the boardroom whiteboard as a potential revenue stream.


Pirate Bay founder calls for peer-to-peer DNS

Paul Raven @ 01-12-2010

One tends to still think of the internet as a sort of dimensionless new frontier, a conceptual un-space hovering somewhere between anarchy and ad-hocracy, beyond the reach of the archons of meatspace… and to a great extent it is. But not entirely, as Homeland Security’s seizure of more than eighty infringing web domains over the past weekend demonstrates*. The protocols of the internet itself are inherently anarchic, but the domain name sytem that sits on top of it (effectively governing how we see the web, and more importantly who we see there) is a classic hierarchy… and ICANN has demonstrated that it knows exactly which side of its monopolistic bread is buttered, so to speak.

So cue the beleaguered co-founder of the Pirate Bay, Peter Sunde, calling for a peer-to-peer replacement for the DNS system. Ars Technica points out that it’s not going to be easy, cheap, or bulletproof:

There are a number of obstacles standing in the way of P2P DNS. First of all, today Google has a huge array of enormous DNS servers to serve up all the *.google.* domains, while I have an aging Pentium 4 box running DNS and mail for just me. In a new system, people looking for Google may hit my server—as well as the other way around, of course. So I’ll have to invest in a bigger server. With a peer-to-peer system, people also have to depend on the kindness of strangers: random people around the Net have to send people in your direction. This is hard to make secure, and it’s much slower than the existing DNS.

But the biggest problem of all is the ownership of domain names. In a DHT, information is found through hashes of the desired object. With file sharing, this is a hash over the file to be shared. If two people want to share the same file, you actually want to find them both, and download pieces from both of them—that way, the download goes faster. But with the DNS, things work much better if a domain name only maps to a single destination.

[…]

Today, ICANN and the TLDs decide who gets which domain. The Pirate Bay proposes to replace them with an algorithm, one that would reside in the P2P DNS software. The stakes are high: even a small fraction of the traffic of a popular site, or even just an interesting search term, can be worth a lot of money. It’s hard to imagine that with such high stakes there wouldn’t be any abuse of such an open system, or at the very least, widely diverging points of view of what’s best.

All systems will be abused; gaming the set-up is human nature. Everything can and will be hacked. The question here is who we’d rather was able to play the game: should it be anyone with the energy and wherewithal to learn the ropes, or just the unelected appointees of powerful nation-states?

[ * Good on ya, HS; nothing’s gonna spike the wheels of The Terrorists like preventing people from downloading hip-hop albums for free! ]


Next Page »