Wednesday, November 21, 2012

Worried about The Future... and... Hacking PEOPLE!

I don't know why I'm writing this. It's my musings on some (technological) things about the future that frighten and excite me. It's some geek talk, but it's gonna wind up in everyone's living room (and kitchen and laundry room). Just remember that when they said everyone will have a computer in their house, or telephone in their pocket, no one believed them.

Right now, there's a happy little bubble in my house. My internet service provider sends some of that delicious internet down a series of tubes into a DSL Modem/Router in my living room. They also assign a nifty little IP address to that device, so that it (and things attached to it) can be identified, and do internet type things out there on that wonderful internet. I don't really trust Little Brother's equipment, so I've bridged it to a third party router, which, unlike the ISP's device, I own wholly. I've replaced it's firmware with some open source firmware. I connect all of my devices to that, including our cellphones. I know it's not a perfect bubble, but, for the most part, by properly utilizing my router's firewall (and my devices' firewalls, too), I can control, to a large degree, what can come and go.

I'm the gatekeeper, so to speak.

But all that is scheduled to change rather quite soon.





IPv4 vs. IPv6

Let's start with that nifty IP address I talked about. Not familiar with an IP address? It's a unique number assigned to each device. Think of it as a postal address - without it, your mail can't get in or out of your mailbox. Currently, my home network has been assigned an IPv4 (That's Internet Protocol version Four) address, and it resembles something like this: 123.231.213.132 (not really my IP).

Well what sucks about IPv4 is that there really aren't that many unique address available. In fact, it only provides for 4,294,967,296. That seems like a lot - it's over four billion - but we already have more than that many IP devices on the planet, and the internet is almost out of IPv4 addresses. But the internet gods were aware of this limitation, and they came up with some tricks to make these four billion addresses last a little bit longer, and one of those methods was the use of private addresses.

You see, in my private little internet bubble, I have my own set of addresses, and so do you. Chances are, if you go into MS-DOS (remember when that was a thing?) and type the command ipconfig you're going to see something like 192.168.1.100 as your IP address. Well, there are millions of other computers out there with that exact same IP address, but it doesn't matter because that's a private address; it really doesn't leave your own little internet bubble. It doesn't really go past your router (okay, it sort of does via Network Address Translation, but shut up).

The long term solution to running out of IPv4 addresses is IPv6, which is good and bad at the same time. With version four, all the signals have to go through my router's firewall in order to get to my devices. It creates a bottle neck, sure, but it provides a central point where I can set security options to keep the bad guys out. But, with version six, there will be so many unique IP addresses (the number won't fit on this page it's so big, so I'm going to write it as 2128 instead) that there will really no longer be a need for a router in your house - all of your home devices can connect directly to the internet, albeit through your Internet Service Provider's modem. And while that used to mean one or two computers, it now includes video games consoles, laptops, tablets, cellphones, house-phones (VOIP), and more and more frequently, televisions and DVD players, and now with products like Roku and Google TV, they're basically bringing back that train-wreck from the 90's known as WebTV.

Oh, but don't worry, because very soon you'll be adding washing machines and refrigerators to that list. (more on that later)

4G LTE 

So it's not that scary yet. We've sort of all been using something similar, in a way, to IPv6, known as a MAC address, but don't worry about that, it's not important for this post. And don't worry, because in the little scenario that I've described, those signals still have to come through that "modem" your internet service provider gave you - and that has some security features built into it.

Not for long. You may have heard of something called 4G in television advertisements for "really really fast cellphones" or some such thing. Well, it goes a little further than that. LTE, once it's fully deployed in this country, will provide a wireless internet connection capable of speeds faster than whatever your internet service provider is able to offer your house right now. "AWESOME!" you may think, because now that means that you can, with LTE devices (or adapters for legacy devices) get rid of all of those wires in your house. Just bring your computers, printers, Xboxes and Playstations into your house, turn them on, and they're already online and working together in harmony.

But now there's no more gatekeeper. Sure, the manufacturers will tell you that the device you just bought from them comes equipped with a "secure firewall" of its very own, but so does everything else already, and if those were all secure, there would be no such thing as hacking. Hell, your door locks aren't even safe. Ever seen a locksmith do what he can do? Search YouTube for 'lock picking' and in a few hours, you'll know it too.

Enter the RFID tag

"So what?" you're asking. That's because you're probably thinking that I'm talking about some pimple covered angsty teenager sitting in his parent's basement trying to hack into peoples computers to steal photos while they listen to Depeche Mode, drink Mountain Dew, and occasionally pick chunks of Nacho Cheese Doritos from their braces. Hardly, but I'll get more into what the bad guys on the internet look like nowadays, and what they're actually after.

Allow me to digress a little, as I fear that none of you know what an RFID tag is. I'm going to keep my explanation as short ans simple as possible. It's a little device that can be as small as a postage stamp and has no power source of its own, that can transmit a serial number to a receiver over a distance of maybe ten feet on a good day. (Different versions with different ranges and capabilities do exist, however). These things are in the key card that you use to get into your office or parking deck, they're in that chip the vet implanted into your cat or dog, they're on the semi-trucks that get to skip the weigh stations and zip through the toll booth on the turnpike, and a crap ton of other places. As far as this post is concerned, the most important place that these tags are located is in the products that you buy.

What are they doing in those products? Well, right now, they're not doing a whole heck of a lot. Some track inventory in warehouses and shipping lines, some set off the alarm at the store, and some do something as wacky as track where products travel through the store as you shop! (For parents out there, some track your children's ever step while they're at school: Texan schoolgirl expelled for refusing to wear RFID tag [via The Register] )

Eventually, the tags that are on products at, say, the supermarket, will replace the bar-codes that the cashier scans. Imagine just pushing your cart through the line, and every single item is scanned at once. (AT&T "You Will" montage - ads from 1993 - skipped to shopping cart ad)

Tony, Are you crazy?

"Okay, so what does that have to do with my internet devices getting hacked into or whatever?" Good question. Let me tell you something that you're not going to believe. I didn't believe it at first, and I don't want to believe it now. In the near future, you won't be able to buy a new refrigerator, washing machine, dryer, dishwasher, or car, that doesn't have its own "always on" connection to the internet. And even worse, these devices, at least the fridge and the washer, are going to scan the RFID chip of every item that goes into them.

If you know how to use a search engine, or, even better, go on over to one of my top five favorite websites The Register and use their search bar to look this up. I'm not making it up. I kinda wish I was.

"But Tony, that's pretty crazy sounding. I'm surely not going to demand a internet capable refrigerator at the appliance store." Well, neither will I, nor most people I know, but it doesn't matter. Appliance companies will provide these if there is a customer demand for it, and there is, but keep in mind, when it comes to the business of data aggregation, you and I are not the customer, we're the commodity! Companies want to know exactly what is in your refirgorator, cupboard, and wardrobe, and to an extent, they're already getting this information if you shop with any sort of plastic - especially that little card that gives you cheaper groceries and a discount on gasoline (I'm looking at you, every major supermarket ever).

But that doesn't really seem to worrisome to me. I don't really care all that much that Acme and Giant Eagle know that I'm buying tortillas, hummus, and chickpeas, which would suggest digestive problems to their evil computer overlord, which thus commands the self check-out machine to print coupons for probiotics. Really not that big of a deal.

And there will be some benefits to the average Joe too. I for one, have an uncanny attention to detail when it comes to certain things (did you see the formatting in that DOS command? Why do I smell creamed corn every time I open a can of my cats' food?), but I will often times not remember to check the expiration date on the milk jug - or even smell it - until after I've taken a sour bite of breakfast cereal. So, if you're out for the day, working or going to school or whatever, and you get a message from my your that the milk's gone bad, and you're low on eggs and out of cheese, that means you can just grab that stuff on the way home, and have more time that you can spend doing things that you want to do. That's cool. I'll take that. And when there's a product recall (Don't eat that beef, it's got mad cow disease) the fridge will tell me via a text, or email, or in a robot voice when I open the door "TONY YOU FAT SLOB PUT THAT BURGER DOWN OR YOUR GONNA DIE OF SALMONELLA!" And finally, there will be a little tablet computer in the fridge door, so you can automatically generate a shopping list, check the weather, or watch a broadcast of the news in the morning while you eat breakfast (or Spongebob if you have kids, or whatever). I still think it's high-tech when I can get a glass of ice water from the fridge door, but that tablet thing is cool too.



Those features are not to entice us into buying smart fridges, however, they're there to placate us. It's a reasonable justification to have a fridge that never disconnects from the internet.

I already don't really like the fact that ISPs can determine what electronics you have, and what you're doing with them, in your own home, nor do I like the fact that the electric company knows everything I own that is plugged in (with a reasonable guess), and when I and my family do what, when we're out, and when we sleep through the use of those SmartMeters (oh, you didn't know that? GOOGLE IT!), but now Maytag, GE, Levi, the milk man, the meat man, every store, every business with a product or service is going to know everything I eat and wear too? It's all a little too much for me.

But what about those "hackers" that I was talking about? Well it's really rare that a particular hacker is going to try to get into your specific computer to find something useful there like a credit card number, or nude photo of you, or in the future trick you into drinking spoiled milk, but hackers are looking for cheap or free distributed computing power.

Here's a scenario: A cyber criminal writes a virus and embeds it in a Justin Beiber MP3 that he then uploads to a file sharing network (remember LimeWire? LOL). That virus spreads from computer to computer, but because of some really really really really really really really really simple tricks (and I cannot stress how simple these tricks are) you anti-virus never picks it up. You never become aware of it because its purpose is to harvest credit card numbers (maybe from your computer, but more likely from a compromised bank server, but processed on your computer), or crack a password to a huge network (like Playstation or Amazon), or send out massive amounts of spam email, or force your computer into participating in a distributed denial of service attack.

That's the stuff that goes on in the world of hacking, and how would us poor rubes even know we were facilitating this business? What I just described in  that above paragraph is sometimes something called a "bot net". These bot nets have to be controlled from a central point. Where do bad guys like to make that central point so that they can remain some what anonymous when the authorities catch on? Well, try this: A printer in a hospital. It's always on. It prints all the time exactly as it should. Who would suspect a hospital printer of being the control point for a million and one infected computers? When was the last time you heard of an anti-virus for ptiners? Or DVD players? Or refrigerators?

So at the point of RFID this and that, smart appliances, IPv6, and LTE, every device is all on its own in this brave new world, with no gatekeeper to protect it, becoming the unknowing pawns of internet crime or warfare.

But don't worry, there will still always be that one kid that really does want to break into your any home network just to see if he or she can, and to see how much they can mess with you. Trust me. If you check the nerdy type news outlets, it's in the news all of the time. They've been around forever, and they're not going away. (OH MY GOD DON'T FORGET STATE-SPONSORED HACKERS [U.S. Air Force, Isreali Army, People Republic of China Army, etc] AND HACKTIVISTS [Anonymous, Occupy, LulzSec]!)

I didn't really get worried about all of this until, back in March of this year, former CIA Director General David Petraeus said that the CIA cannot wait to spy on you through your damned fridge! Although I doubt they'll be interested in little 'ol me. CIA Chief: We’ll Spy on You Through Your Dishwasher


(Sidenote: Things that are being hacked via WiFi or Bluetooth that you didn't think of: internal defibrillators and pacemakers, car security systems, x-ray machines. Google it)



Here are all seven ads from that "You Will" campaign in 1993. Notice that the voice commands featured (opening the door) are today being achieved with RFID tags.

<iframe width="420" height="315" src="http://www.youtube.com/embed/5MnQ8EkwXJ0" frameborder="0" allowfullscreen></iframe>

See also:

Ready or not, IPv6 is coming

Proprietary software puts pacemaker users at risk

Hacking attacks can turn off heart monitors

WTF are... connected appliances?



No comments:

Post a Comment