Skip to main content
banner image
venafi logo

Your Smart TV Might Be Susceptible to Mind-Control [Encryption Digest 8]

Your Smart TV Might Be Susceptible to Mind-Control [Encryption Digest 8]

smart television security
August 15, 2019 | Katrina Dobieski

 

What happens in a world without encryption, and the proper ethics that go with it? This week we’ll investigate how fragile our system of trust is in a world where we protect against hacks, then hack to protect.


With the means at our disposal—and any lapse in principles—your television could be remote controlled by your neighbor’s drone, a simple pentest of your organization’s defenses could get ugly, and private transportation information from Brazil could end up on a malware site.
 

And, in an admittedly worst-case scenario, democracy could be challenged by any lapse in voting security. The importance of good encryption and the ethics to match, all in this week’s Encryption Digest.
 

 

"Many of our findings are uncomfortable” | When Pentesting Goes Too Far

 

What’s the difference between a pentest and a data compromise? Lately, those terms have not been mutually exclusive.

 

Just last week, Blackberry announced Brazil’s civilian air-traffic control details were found on a public malware repository. Their report, Thin Red Line – Penetration Testing Practices Examined, calls into question many practices common to pentesters, and scrutinizes many well-known companies seeking to plant their flag in the field.

 

Penetration testing, or ethical hacking, is a way of proving the secureness of various encrypted systems in the hopes of catching vulnerabilities before an attacker does. Nothing is off limits; cross-site scripting, hash cracking, busting down backdoors.

 

After reaching elbow-deep into the data, Kevin Livelli, Director of Threat Intelligence at BlackBerry® Cylance®, surfaces to report: “[M]any of our findings are uncomfortable.”

 

Related Posts:

 

 

Heads Up: Your Smart TV Might be Susceptible to Mind-Control

We may have discovered the most convoluted way to share Netflix accounts.

]

 

 

Remember that remote insulin shot that remained unencrypted, leaving it open for hackers to swipe the radio frequency and inject shots of their own? Well, apparently, we’re still not doing enough to secure the airwaves. At Defcon last week, security researcher Pedro Cabrera noted the ease with which someone could override the television frequency of an unencrypted TV connection and broadcast their own channel instead.

 

Far from a chance at stardom, he predicts these will be used for social engineering attacks—say, the phishiness of a scam email meets an unassuming pay-per-view lookalike.

 

"No one expects to have this kind of social engineering attack on their smart TV," he says.

 

Well, not before now.

 

Like you were there: At Defcon, Cabrera demonstrated the attack by broadcasting a signal from a hovering drone equipped with a software-defined radio. But he adds, "If I want to target my neighbor, the easiest way is with an amplifier and a directional antenna...then for sure my signal will be received.” Good to know.

 

Related Posts:

 

 

Sword in the Stone: Can You Crack the $10M Darpa Voting Machine?

Best. Voting Machine. Ever.

 

Or so we hope. Darpa, the government’s crack squad of science tech [Defense Advanced Research Project Agency] poured $10 million dollars into developing an uncrackable voting machine. Did it work? Well, they unleashed the best of Defcon on it this past weekend to find out. At the Voting Village, scores of would-be-hackers took their best shot at breaching the impenetrable beast.

 

 

“All of this is here for people to poke at,” says principle researcher Dan Zimmerman of Galois, verifiable systems firm in charge of creation. “I don’t think anyone has found any bugs or issues yet, but we want people to find things.”

 

The encryption was strong with this one, as we have it on good information that no one was able to find anything - but the opportunities are still out there. Darpa’s voting machine will be taking a two-year university tour to discover the weak link that could bring it down.

 

Food for thought: There’s a sort of unspoken ethics in the hacking community, especially with community-good efforts like this one. We all want a safer voting machine...don’t we? Or does the public tour increase attack vectors by potentially trusting intimate voting machine knowledge to the wrong hands? Leave your thoughts in the comments below.

 

Related Posts

 


“A business cannot stick their head in the sand” | CipherCloud Founder Tells Encryption Like It Is

 

Last week Pravid Kothari, founder of CipherCloud, came out against corporate lethargy when it comes to secure data encryption.

 

“Companies will have to begin to weigh the risk and reward of doing the minimum and stepping up to a strong encryption and tokenization techniques... In these times, a business cannot stick their head in the sand and do nothing.”

 

 

If you haven’t secured your number one machine identity assets, you may want to do so now. Still on the fence? We’ll let Pravid preach.

 

Reasons to care about encrypting your cash cow:

  • The average breach comes with a fee of 8% of your revenue. If you’re not Facebook or Equifax, you probably can’t survive that.
  • If you send unencrypted data to cloud applications like Office 365, Salesforce, Dropbox, Slack, AWS and Azure, it will most likely remain that way – everywhere except their backend storage.
  • If you store your private keys on the same server as the encrypted data, it’s like leaving the keys in the car.

 

And a data breach for your business in the future? Pravid says it’s “assumed”.

 

 

Related Posts

Like this blog? We think you will love this.
microsoft-office-macro-ban-backtrack
Featured Blog

Microsoft Backs Off Internet Office Macro Ban [Update]

Microsoft disabled macro years ago by default

Read More
Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

See Popular Tags

You might also like

TLS Machine Identity Management for Dummies
eBook

TLS Machine Identity Management for Dummies

Certificate-Related Outages Continue to Plague Organizations
White Paper

CIO Study: Certificate-Related Outages Continue to Plague Organizations

About the author

Katrina Dobieski
Katrina Dobieski

Katrina writes for Venafi's blog and helps optimize Venafi's online presence to advance awareness of Machine Identity Protection.

Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon
Venafi Risk assessment Form Image

Sign up for Venafi Cloud


Venafi Cloud manages and protects certificates



* Please fill in this field Please enter valid email address
* Please fill in this field Password must be
At least 8 characters long
At least one digit
At last one lowercase letter
At least one uppercase letter
At least one special character
(@%+^!#$?:,(){}[]~`-_)
* Please fill in this field
* Please fill in this field
* Please fill in this field
*

End User License Agreement needs to be viewed and accepted



Already have an account? Login Here

×
get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more