Author Topic: How legit are these guys?  (Read 1320 times)

0 Members and 1 Guest are viewing this topic.

Offline MrOmnosTopic starter

  • Frequent Contributor
  • **
  • Posts: 260
  • Country: np
  • BE in Electronics and Communication
How legit are these guys?
« on: February 19, 2018, 05:13:47 pm »
 

Offline dmills

  • Super Contributor
  • ***
  • Posts: 2093
  • Country: gb
Re: How legit are these guys?
« Reply #1 on: February 19, 2018, 06:02:26 pm »
Nothing really new there, RF and power attacks have been a thing since at least the 1960s (When we were doing it to to the Soviet Embassy crypto suite, and they were returning the favour). Monitoring the current consumption to extract the plaintext right from the teleprinter was very much a thing.

They are rather over stating the case for some of it, but what do you expect of a media piece about embedded hacking? Printers have been low hanging fruit for a long time, postscript being what it is, and VIOP is the original Internet of Shit application, no surprise that some phones are exploitable.

Now pulling it off in a office you control is a very different trick to pulling it off on an unknown network in some corp that you don't control, that is the sort of thing that takes multiple exploratory attacks to map out the system before you can run something like an attack on the phone system and hope to exfiltrate the data in a useful way (In other words it takes some real effort).

Regards, Dan.
 

Offline Halcyon

  • Global Moderator
  • *****
  • Posts: 5629
  • Country: au
Re: How legit are these guys?
« Reply #2 on: February 20, 2018, 01:53:32 am »
They are 100% legitimate. Some Government departments and Non-Government organisations around the world spend all day, every day trying to find vulnerabilities in everyday devices (and not necessarily so they can patch/fix them either).

Think of all the devices you have in your car or home which has a microphone and/or camera in it, they are all potentially vulnerable to be exploited, many, very very easily. I can think of one fairly common type of household item which required nothing more than parking outside someone's home with a laptop to gain access to view and capture audio and HD video.
 

Offline CNe7532294

  • Regular Contributor
  • *
  • Posts: 108
  • Country: us
Re: How legit are these guys?
« Reply #3 on: February 20, 2018, 06:13:27 am »
They're very legit. Even as I type/speak/write, you read/see, and vise versa everything is recorded thru all sorts of ways. Of course that data gets dumped when its not flagged. After all, who wants to keep around useless noise. If God doesn't exist then people with resources most certainly do. The only thing is whatever data gathered on you and me may never have action taken upon it simply because of gov't incompetence (laziness/ failure of internal communication) and/or the law doesn't require it (no warrant so can't use this data in a case).

As for corporate espionage, that most certainly exists. These whiz kids and others like them get to own their toys and then some because companies know they're vulnerable at all times. They pay them as a counter measure against espionage and perhaps more than that depending on how moral/ethical they are or how far they're willing to go.

Remember, ceramic caps do have the possibility of being micro phonic. Dave's covered this tons of times as did others like keysight in one of their oscilloscope vids (your probe has a MLCC in there). This one example of what you could do fyi. Why do you think IoT gets hyped up but by the end of the day nothing but gimmicks (lol Nest) and a few real uses (Ring) come out of it. As I said in the Windows thread, most people including some businesses don't even encrypt their drives! That company I used to work for was somewhat tied to an insurance/billing company. That insurance company went under when they were fined for a breach. A violation of HIPAA. So even the act of just being hacked is a scary scenario. Therefore yes they are legit enough to be paid for their services.
 

Offline Halcyon

  • Global Moderator
  • *****
  • Posts: 5629
  • Country: au
Re: How legit are these guys?
« Reply #4 on: February 20, 2018, 07:14:49 am »
The only thing is whatever data gathered on you and me may never have action taken upon it simply because of gov't incompetence (laziness/ failure of internal communication) and/or the law doesn't require it (no warrant so can't use this data in a case).

I will point out that most of the data gathered will never see the light of day and will be destroyed because Government agencies simply have no interest in 95% of the population.

I do giggle at you Americans though, I've come across people (crooks) here who demand to see a warrant (because that's what they've seen on American television and think that's how law enforcement operate) only to tell them that a warrant isn't required for many things, including being able to access data that has been stored. Same goes for certain operations, yes, they need to be approved by some kind of authority (be it internal or otherwise) and no, you, as the target, don't need to know about it.

It's a pretty good system and I sleep well at night knowing our guys and girls in blue are doing a damn good job.

I can think of many court cases in Australia where data was obtained (lawfully) without a warrant. Needless to say, the types of people facing court in these kinds of matters aren't the sort of people you want walking around in society.
« Last Edit: February 20, 2018, 07:16:35 am by Halcyon »
 


Share me

Digg  Facebook  SlashDot  Delicious  Technorati  Twitter  Google  Yahoo
Smf