General > General Technical Chat
How BLE/ Mesh networks (IE your light bulbs) can spy on you
james_s:
--- Quote from: NiHaoMike on July 07, 2021, 03:15:28 am ---
--- Quote from: ataradov on July 06, 2021, 11:53:31 pm ---How exactly can you use TPM data for car theft?
--- End quote ---
You could spoof a flat tire to get the driver to stop, then robbing them is much easier. Granted, it's not that helpful when lightly rear ending them would be far easier and just as effective. (I saw a post on Facebook warning about that a few years back.)
--- End quote ---
If my car was still handling reasonably ok I would continue driving until I came to a safe place to stop and check it. I think it would be obvious that something is going on though if the pressure suddenly dropped without the obvious effect of a blowout though.
ataradov:
--- Quote from: TimFox on July 07, 2021, 02:43:36 am ---When sending innocuous pressure data, the coder may well neglect the security of the connection. This firmware flaw needed to be fixed once it was discovered.
--- End quote ---
But the coder may also misinterpret the encrypted data. Coding errors have nothing to do with any of this.
It is perfectly fine to send tire pressure monitor data in the open.
ataradov:
--- Quote from: NiHaoMike on July 07, 2021, 03:15:28 am ---You could spoof a flat tire to get the driver to stop, then robbing them is much easier.
--- End quote ---
Yes sure, I'm not against encrypting the data. It is just not as huge of a security hole as some try to portray it.
In any case, TPMs have used security for many years now, so the issue is pretty much solved.
TimFox:
I agree that the TPM monitor safety problem has probably been solved, but it is an historical example of unexpected consequences of putting data out there.
I'm not complaining about sending my tire pressure information in the open for all to read.
I'm concerned about the path into the computer not being secure, so that malefactors can enter bad stuff into the computer.
This has been documented, and presumably fixed as the technology matured.
I do complain about the attitude that since the information is innocuous, we don't have to be careful about how it is handled.
Mazo:
Fella working in the IoT sector atm here,the company produces smart everything(including bulbs) that are cloud connected.Yes we know when your smart bulb is on,how much electricity you are consuming and whatever info our devices harvest and bonus they can be manipulated remotely.The world still turns.About the network "hopping" that is possible,yes it is even going to be a feature in the future so that your smart sensor on the other end of the yard gets that Wi-Fi signal which is otherwise lacking there using other smart devices as "extender".If this bothers you,buy "dumb" lamps.
AFAIK nobody is interested in that kind of info :)
Navigation
[0] Message Index
[#] Next page
[*] Previous page
Go to full version