Tag Archives: security

Blog

Wi-fi makes walls see-through

wi-fi routerRemember me mentioning the special paint for making wi-fi cold-spots?

Well, here’s a reason you might want to invest in some – via Bruce Schneier we discover that some folk at the University of Utah have found a way to surveil the inside of a building using wireless signals:

The surveillance technique is called variance-based radio tomographic imaging and works by visualizing variations in radio waves as they travel to nodes in a wireless network. A person moving inside a building will cause the waves to vary in that location, the researchers found, allowing an observer to map their position.

The researchers, electrical engineering graduate student Joey Wilson and his faculty advisor Neil Patwari, have tested the technique with a 34-node wireless network using the IEEE 802.15.4 wireless protocol, according to the MIT Technology Review. By “interrogating” the space with signals and multiple receivers, the researchers found they were able to read the waves to detect the location of a moving object within a meter of accuracy.

OK, so it’s not quite kit you can buy from the local Electronics Barn… but you can pretty much guarantee that now the proof-of-concept has been done, all sorts of smart types will be looking at making affordable homebrew versions. [image by delta_avi_delta]

Blog

How dangerous could a hacked robot really be?

2 Comments

Robot scorpionThat’s the question SlashDot posed as they relinked to a research study at Washington University’s the University of Washington Computer Science & Engineering department entitled “A Spotlight on Security and Privacy Risks with Future Household Robots: Attacks and Lessons”, which reports on the potential for currently available household robots being hacked and exploited by malicious (or simply pranksome) third parties. [image by jurvetson]

Q. What robots did you study?

The RoboSapien V2, the Rovio, and the Spykee. Our versions were purchased in or before October 2008.

Q. Are you saying that I shouldn’t purchase one of these robots?

No. We are saying that there are security vulnerabilities relating to the specific versions of the robots that we studied. Any purchase decision will necessarily be made based on many factors, only one of which might be the vulnerabilities we identified. You may conclude that despite the vulnerabilities, one of these robots is right for you. In addition, we studied only three specific versions of the RoboSapien V2, the Rovio, and the Spykee. We have no reasons to believe that comparable robots from these or other manufacturers are more or less secure than the ones we studied.

Obviously the idea of your RoboSapien running amok in your absence is an admittedly minor worry – you’re unlikely to suffer more than chipped skirting boards or table legs. But looking just a little further ahead, the Washington crew are making a lot of sense; household bots are likely to become more prevalent pretty quickly, in direct proportion with their ability to do genuinely useful (or destructive) stuff. Security is rarely a high concern in consumer electronics, and the relentless ubiquity of spam is clear proof that you can’t realistically expect the average user to take adequate precautions either… so what seems like a bit of a gag now will probably be headline stories within a decade.

And it’s not just the household where the robot population is increasing – the damned things are cropping up everywhere, in all sorts of shapes and sizes and with all sorts of capabilities. Take, for example, the swarm of robotic bees that Harvard researchers are developing:

Harvard researchers recently got a $10 million grant to create a colony of flying robotic bees, or RoboBees to among other things, spur innovation in ultra-low-power computing and electronic “smart” sensors; and refine coordination algorithms to manage multiple, independent machines.

So, how dangerous could a hacked robot really be? Well, do I have any volunteers to enter that swarm of angry and compromised robotic bees?

Didn’t think so. 😉

Blog

Wi-fi cold-spots and hot-boxes

No wi-fi logoI’ve been saying for a few years now that once we reach a saturation point with wireless internet access, cafes and other establishments will start advertising the absence of wi-fi in the same way the currently advertise its availability. Even an always-online geek like myself sometimes feels the urge to retreat from the cloud, after all, even if only so I can sit down in peace with a book for an hour or two.

But there are plenty of other reasons why you might want to spend time somewhere that wi-fi can’t reach you… or alternatively somewhere where there’s wi-fi available which can only be accessed by someone inside the building or room in question. The classical way to make a room impermeable to high-frequency signals is a Faraday cage, but that’s neither cheap or architecturally simple. Now there’s a much simpler option which may aid the proliferation of wi-fi cold-spots in urban areas – a special paint based on an aluminium-iron oxide that resonates in the same frequency range used by wi-fi routers.

And not just cold-spots. I can definitely see a market for wi-fi hot-boxes – rooms with carefully controlled physical access (think burly doormen and surly cashiers) wherein you and a bunch of, er, associates can set up an ad-hoc LAN connected to the web through a heavily encrypted router. No one outside that room – even the establishment’s proprietors – could know what data had been passed around within it.

If you’ll excuse me, I’m off to book a one-way ticket to Mexico City and draw up a business proposal…

Blog

Biomimicry in computer security: ants vs. worms

ant headWe have a tendency to name software entities after biological creatures whose behaviours they remind us of – think of viruses in general, or worms. Now a bunch of computer security geeks are coming from the other direction, taking inspiration from nature’s creatures for the next weapon in the never-ending war against malware and viruses… few species are more effective at responding to intrusions into their system than the ant, after all. [via SlashDot; image by CharlesLam]

Unlike traditional security devices, which are static, these “digital ants” wander through computer networks looking for threats, such as “computer worms” – self-replicating programs designed to steal information or facilitate unauthorized use of machines. When a digital ant detects a threat, it doesn’t take long for an army of ants to converge at that location, drawing the attention of human operators who step in to investigate.

The concept, called “swarm intelligence,” promises to transform cyber security because it adapts readily to changing threats.

“In nature, we know that ants defend against threats very successfully,” explains Wake Forest Professor of Computer Science Errin Fulp, an expert in security and computer networks. “They can ramp up their defense rapidly, and then resume routine behavior quickly after an intruder has been stopped. We were trying to achieve that same framework in a computer system.”

[…]

“Our idea is to deploy 3,000 different types of digital ants, each looking for evidence of a threat,” Fulp says. “As they move about the network, they leave digital trails modeled after the scent trails ants in nature use to guide other ants. Each time a digital ant identifies some evidence, it is programmed to leave behind a stronger scent. Stronger scent trails attract more ants, producing the swarm that marks a potential computer infection.”

Let’s just hope it takes the black-hat kids a long time to code up a software aardvark, eh?

Blog

3D-printing your way out of jail

1 Comment

keysWell, printing your way out of your handcuffs, anyway – BoingBoing points us to a story of a Dutch hacker type who has used a 3D printer to duplicate a working version of the master keys for the handcuffs used by the Dutch police force. [image by stevendepolo]

And you thought filesharing was a threat to the fabric of society! How long before we can print Yale lock keys from photographs taken 200 feet away? Erm, actually, that was possible late last year…

Will technology render all physical security essentially useless, and if so, how soon? How will we protect property if we have no way of securing it? Is this how the notion of property will die?