Again, you need 25 feet or less, no obstructions, and you need to know exactly what channel the pump is on, then you need to communicate with it, and then you could launch an attack.
First, however, you would have to find someone actually using one in public, with the "remote access" feature activated.
Is it possible? Sure. Likely? not really. It's not at all internet related, it's just a malfunction in the way the remote operates. It's not close to an IoT issue, as this is nearly a 10 year old design (long before IoT was even a thing).
Re: Re: Re: Re: Re: Re: Re: He might as well face it
You be Trolling so hard, you almost fall over.
One day you will learn the difference between "pissing and moaning" and just pointing out that there are almost always logical and much simpler alternate answers for most things. Paranoid people think there is a gunman behind every grassy knoll, the rest of us just find a nice place to take a break and enjoy the sun.
You learn more in life listening to the people you don't agree with initially than you do listening to those who tell you what you want to hear.
Because different devices use both different frequencies and different communication protocols, a "kill" beacon approach just wouldn't work out. The device in question here can operate on one of 16 different channels, in the 902–928 MHz frequency range.
Communication Time Minimum 0.5 seconds (approximately) Maximum 10.5 seconds (approximately)
Best case scenerio you need to be within three feet (arms length) for half a second, checking 16 different channels and negotiating whatever protocol might be required... worst case you are 9 feet away (less than 2 office cubicals) and the person needs to stay in that range for upwards to 10 seconds. Even the slowest of walkers would blow both of those scenarios away pretty quickly.
Moreover, how many people are walking around with these devices anyway? You might set a device up in central station in New York and only have a single person walk through the building in a day with one - or even one per week for all you know. It would only be a decent random attack if you were, say, hanging around a diabetic clinic or something similar. Otherwise, you would be wasting time.
Now devices that are internet connected, well, different story - but that is clearly NOT this story.
In fact, the device operates in the 902–928 MHz range, which is the edges of the cellular bands. So no, no wifi issue here, no remote access, no russian hackers remotely blowing up patients with too much insulin...
Umm, quite simply, it's not an internet device at all. It's not an IP device. It's a remote control (think remote control on your TV). Generally those use very low power radios in one of a very few frequency bands. They are not near to or in the range of wifi.
Read the article closely - you need to be within a very small distance with a device that can emit the correct frequency and codes for that particular insulin pump.
There is no internet story here, except that you are reading the story online.
Karl, there is a very basic difference between a "hacked" device and one that can have it's normal functionality access remotely: What you can do with it.
Unless someone specifically changed the firmware on the cameras or otherwise changed the software that it is running, they can only do what the device could do to start with. For the traffic cameras, that means seeing the video portion including it's location information.
Turning it into a DDoS bot would require a big step up the ladder to actually change the unit's basic function, such as blindly sending the video feed to a given IP (to create junk traffic). That would require a hack much beyond just noting a lack of a password.
Again, good try, but just like with cable, you seem to be beating the IoT drum a little to hard and often.
I agree. The issue here is insecure short range wireless communication, and has absolutely nothing to do with the internet or the internet of (broken) things. The quote from the company states that very, very, very clearly.
It brings up a more complex issue, specifically simple remote controls which have been made for years and likely have little or no real security on them. 10 years ago (when this insulin device was developed) it's very likely that nobody considered short range "hacks".
It's a good story - but it's not about IoT at all. Seems like just an excuse to bang the drum again.
1 - if you don't like it, don't read it. You stay you don't then you go on an on about it. Stupid shit indeed!
2 - Actually, the document count isn't what he touched, but what he has likely downloaded or copied. Stupid shit indeed!
3 - "manning, kiriakou, sterling, binney, drake, klein, browning, assange, etc are a MILLION times the person, a MILLION times the Patriot you are ". Let's see. Manning has issues (lots of them) and will live in prison for mos to rest of her life. Assange is potentially a rapist hiding out in an embassy to avoid facing the law. Patriots my ass. Stupid shit indeed!
Congrats on being not only vile and seemingly unable to express yourself without bad words, but also in seemingly being totally blind to reality. I am not getting educated by you, but I am laughing at you!
A good example may be what happened in the Ukraine and Crimea. Some would suggest that Russia's play in this area (and many others) has been a result of weakened US intelligence and the inability to take action before Russia pushes forward. This sort of lines up pretty clearly with Snowden ending up in Russia, there are many sites and more than a few news organizations suggesting that he is employed by the Kremlin as a sort of digital spy now.
You could also look at Syria, and Russia's sudden willingness to step in to help a leader who they would otherwise have ignored. Perhaps their intimate knowledge of US actors in the area, and that the US would be surprised by their actions allowed Russia to do what they might not otherwise do.
The potential is that part of the rise of ISIS (or ISL if you prefer) was due to diminished US spy operations, the loss of operatives in the region (no longer want to deal with the US), and lessons learned from the whole affair which encouraged the group to better disguise their communications.
The real difficulty in showing SPECIFIC harm is that none of us know all of the gears, levers, and whatnot involved in international politics. We can stand back and say "gee, since late 2013 the US is suddenly on the back foot and getting surprised by a lot of things they use to be ahead of the curve on", and conversely, we can also say that "Russia seems to be way more on the ball these days and is pushing hard where they never dared before".
It's likely that the Snowden effect will not be entirely clearly understood for a long time to come. World politics are glacial, slow moving things. If you look yesterday and today, perhaps there is not enough movement to show anything. But over a longer period of time...
Mike, the number of documents involved isn't hundreds or thousands, it's potentially more than a million. That isn't a narrow, focused piece of whistleblowing, that is data dumping the whole damn program and letting his selected media friends ransack through it looking for juicy tidbits.
That is way to wide of a scope to be just pointing out a problem, it was intended to f-ck up multiple programs and really screw the US solidly, and for an extended period of time.
"So, why do you feel the need to always lie here? It's kinda pathetic."
So why is your answer to anyone willing to point out the obvious always a put down or an insult rather than a discussion? I think a million plus documents qualify as a data dump. You may not. Just because we don't agree doesn't make my point a lie, but your saying so clearly looks like you are being defensive.
Re: Response to: Whatever on Oct 4th, 2016 @ 2:30am
Generally, the courts rule when there is a case before them, you know, someone gets charged with something and then their lawyer can argue that the law is not constitutional. The courts generally deal with real cases, and not hypothetical ones.
Generally injunctive relief is sought in this manner when inaction would lead to someone breaking the law. Say a change in business record keeping, or something of similar nature.
What the EFF is trying to do here is get the courts to re-write or change a law before it's ever been applied. Without an actual defendant, the courts should send them packing. They have no standing and no case on which the courts can rule, only an injunction against what is a theoretical situation for the moment.
The gentleman can publish his book, and if the authorities decides to charge him THEN the EFF might be able to come to his aid. For the moment, they are swinging at empty air.
From what I can tell, the court is most likely to tell them to go away, and come back when it's actually relevant (ie, he's been charged with something). For the moment, they are asking for an injunction to effectively try to re-write the law before it's even applied. Their true remedy is to deal with congress and work for change.
Wendy, I am a UK citizen. I understand the complexities of the whole UK / Northern Ireland / Ireland thing. I also understand that there is the legal question of "doing business in...".
If the tool available to be used in the UK? Yes. Is the UK part of the EU? Yes. Does the UK have a legal system that tends to frown on "[pirate innovations"? yes. It's the perfect place therefore to filing suit.
Ireland has it's only legal system which tends to lean (aggressively) in support to technology companies who have brought jobs to the country, investment, and little or no tax revenue. Filing there wouldn't be as productive.
As both are part of the EU, so a good ruling in the UK against the tool would be a great start towards applying it to other parts of the EU.
"Why would you be suing based on the location of the hosting provider, rather than the location of the person running the site? Especially a cloud provider who you even note aren't tied to a single geographical location."
Same reason you charge someone with a crime where it happens, not in some random non-related location. California is logical as it is the location of the source material as well as both service providers involved, and England is reasonable as it's still in the EU.
"So, as usual, screw the people using the tools for legal purposes because there's imaginary profits to be had. "
No, no, no... there are few clearly legal uses, but plenty of illegal uses. Like DVD cloning software, the rare legal uses do not in any way outweigh the illegal ones.