Is there ANY digital kit available these days that doesn't have a built-in zero-day vulnerability?
Makes me quite happy to still have my old tube amp and CRT TV.
AT&T's DirecTV wireless kit has an embarrassing vulnerability in its firmware that can be trivially exploited by miscreants and malware to install hidden backdoors on the home network equipment, according to a security researcher. Ricky Lawshae – a DEF CON veteran and infosec guru at Trend Micro's Digital Vaccine Labs – was an …
"You do realise that it is fairly easy to read the screen of a CRT from outside your house? Google tempest."
It's actually quite difficult. You might be able to do it with an unshielded monochrome monitor immediately on the other side of a lightly framed wall. But not with anything more modern, or further away. At most you can tell when the displayed image has changed to something significantly different.
Unless you mean using binoculars through a window. That works spectacularly well, no matter what the signaling and display technology.
Is difficulty not just synonymous with cost or importance? If looking through the window is not an option, they can either to the XKCD route (spanner or hammer) or do the "phone up your phone company records" route.
You would need to have something very important for them to bother that much. But a couple of videos on Defcon shows it's not as hard as most people think it is. Some pretty good demonstrations on there.
PS, I'd also love to see what could be done with the maths involved in detecting signals below the noise level. Some really clever "tricks" can be done with the right kit or right algorithms.
Well Tempest and Van Eck Phreaking demo here (NHK video but has audio translation into English) and for just a keyboard here. Years ago (in the Win95 era I think) a builder I knew had refurbished a house for a wealthy client. He said that in several rooms he'd been asked to put metal screening in the walls ceiling and floors and the rooms had metal cored doors. I can't remember what had been done to the windows but they were special too. He'd also had to use magnetic paint which was yet another oddity. I said I could think of a reason why the client was very keen to do this because the builder had always thought it odd. I explained about Faraday cages etc. and he said that made sense "the bloke was f*cking paranoid".
Cable/satellite companies just care about adding features for their customer's convenience, like wireless, streaming content off their DVR while away from home, and so forth. No doubt most are riddled with holes like this example, because they slap together open source tools without paying any attention to security.
On the eleventh day of Christmas a hacker gave to me, 11 MITM Piping, 10 IoTs a leaking, 9 ladies dildos spying, 8 trojans a milking, 7 bitcoin ransoms, 6 lords a pissing (over privacy), 5 Android cracks, 4 jailbreaks, 3 spam bots, an update through flash and IE and a raid by the cops for child pornography.
On the twelfth day of Christmas a hacker gave to me, 12 DNS hijacks, 11 MITM Piping, 10 IoTs a leaking, 9 ladies dildos spying, 8 trojans a milking, 7 bitcoin ransoms, 6 lords a pissing (over privacy), 5 Android cracks, 4 jailbreaks, 3 spam bots, an update through flash and IE and a raid by the cops for child pornography.
On the thirteenth day of Christmas a hacker gave to me, 13 Obi-wan errors, 12 DNS hijacks, 11 MITM Piping, 10 IoTs a leaking, 9 ladies dildos spying, 8 trojans a milking, 7 bitcoin ransoms, 6 lords a pissing (over privacy), 5 Android cracks, 4 jailbreaks, 3 spam bots, an update through flash and IE and a raid by the cops for child pornography.
Those boxes are strictly in the local network an if I pay for that device I damn well have every right to be root on it.
It should be noted that the most likely attacker (the vendor) probably already has root access in the form of potentially malevolent firmware updates. There have been many examples of vendors taking away features or deliberately or accidentally bricking devices. That seems to be much more common than fixing actual security bugs.
"if I pay for that device I damn well have every right to be root on it"
You've got a right for goods to be fit for purpose, of adequate quality, or similar phrasing in a lot of jurisdictions, but I'm not aware of any laws anywhere giving an end user the right to root access on computer controlled devices.
Or do you know better?
"but I'm not aware of any laws anywhere giving an end user the right to root access on computer controlled devices."
Actually the German constitutional court derived the right of "Integrity and secrecy of information processing systems" some years ago. Just because there aren't any explicit laws, doesn't mean you don't have a right.
you run a "reflection attack"
Yup. All the attacker needs is for you to visit a page with a CSRF vulnerability. Of which there are approximately one zillion.
Pivot-and-escalate is one of the most common attack approaches. Everyone in IT should know that.
It's not a problem that the owner (or renter, or however the agreement with AT&T works) can get root. It's a problem that anyone can, trivially.
And he used to be a U-verse customer instead, as I still am. Wonder what he found there.
Personally, I've had two (or is it three) different Motorola DVR STBs go wonky, losing recordings when I swap them out, and three or four (or five now?) "gateway" units (mostly Arris) develop issues. And the latest gateway unit has issues handling the multiple Wi-Fi networks that AT&T loves to offer.
Details of feature: simultaneously delivering 802.11b on 2.4MHz AND .11n or -ac) on 5MHz, each with both a "regular" SSID AND a "guest" SSID. My issues:
- The 5MHz barely works at all, the 2.4 sometimes goes missing and needs a reboot. Not sure they're working well together even though it's set to. Doesn't matter anyway because my total bandwidth is a smaller pipe than a prostate with cancer. (Apologies to any mates suffering.)
- Some of my devices aren't working right on the MAC filter (which every time I get a new unit I have to repopulate); I think the "normal" and "guest" SSIDs were sharing the whitelist even though I set guest to not filter.
- For now, I keep the non-guest SSID beacons off, but I'm not sure if things will stay working in that state much longer.
And my only other choice is Comcast. For now, AT&T is the lesser of two evils.
Not even farfetched. Computers that have the Synaptics touchpad inside are all, as in all OEM's, able to function as a keylogger with the insertion of one registry key. I can easily understand how it can happen "accidently" due to debugging as an option in the dev build remaining in the OEM build. Just botched delivery. Engineers supposed to remove it get pulled off to piss on another hot project. Whoops.
Or malicious intent from whatever source. The NSA flat refuses to answer the question of whether coercion has ever been used against corporations to insert this class of bug. Ditto IME. Funny, NSA has an "undocumented kill switch" for the IME in Intel chips. Everyone else didn't have a clue, or couldn't publically discuss the matter. [I wish I had a copy of the NDA I had to sign before being tossed on the middenheap by the US Navy for disability. Five pages, small type. Very small type.]