Tracking People By Smart Phone Accelerometers

Interesting research: "We Can Track You If You Take the Metro: Tracking Metro Riders Using Accelerometers on Smartphones":

Abstract: Motion sensors (e.g., accelerometers) on smartphones have been demonstrated to be a powerful side channel for attackers to spy on users' inputs on touchscreen. In this paper, we reveal another motion accelerometer-based attack which is particularly serious: when a person takes the metro, a malicious application on her smartphone can easily use accelerator readings to trace her. We first propose a basic attack that can automatically extract metro-related data from a large amount of mixed accelerator readings, and then use an ensemble interval classier built from supervised learning to infer the riding intervals of the user. While this attack is very effective, the supervised learning part requires the attacker to collect labeled training data for each station interval, which is a significant amount of effort. To improve the efficiency of our attack, we further propose a semi-supervised learning approach, which only requires the attacker to collect labeled data for a very small number of station intervals with obvious characteristics. We conduct real experiments on a metro line in a major city. The results show that the inferring accuracy could reach 89% and 92% if the user takes the metro for 4 and 6 stations, respectively.

The Internet of Things is the Internet of sensors. I'm sure all kinds of surveillance is possible from all kinds of sensing inputs.

Posted on June 8, 2015 at 6:09 AM • 34 Comments

Comments

ChristianJune 8, 2015 7:57 AM

Using GPS or phone data is obvious, but this is something I haven't thought much about. I suppose you could also collect data on traffic patterns too. Which areas have the most stop-and-go traffic, where are the bottle necks, etc.

The good and bad of technological surveillance...

MJune 8, 2015 9:36 AM

@Christian On Android, using the GPS requires permissions (at install time), using the accelerometer doesn't.

JasonJune 8, 2015 10:11 AM

Sounds like an interesting application for an app to help guide a partially sighted or blind person in a crowded, noisy and otherwise confusing transportation system, where traditional GPS-based or cellphone tower triangulation techniques wouldn't work.

Perhaps not so useful for a small, single line, two station underground/metro system, but ideal for the London tube network, for example.

Clive RobinsonJune 8, 2015 11:00 AM

Hmm,

While this attack is very effective, the supervised learning part requires the attacker to collect labeled training data for each station interval, which is a significant amount of effort.

That tells me quite a lot about how it works.

The question arises about rush hour and irregular stops for lights/points between stations. Based on what's said I'm guessing that a journy of only a couple of stops out of rush hour would normally fix your position but four or five stops in rush hour when between station stops are more likely.

This should work for other rail way journeys including trams that don't share roads very much (ie the South London Tram service which mainly runs on old railway routes, except for Croydon town center).

David HawthorneJune 8, 2015 11:01 AM

Trains are a horrible place to surveil and a horrible place to work. There tends to be bathrooms, multiple floors, multiple cabins, and a lot of people everywhere to bump up against, make small talk with, and who wear sunglasses and hats. There is good reason to drop or leave things and many places and ways to do it. There is good reason to use your bluetooth or wifi on a train. Without physical surveillance keeping your eyes on the person, you are screwed. Cell phones have never been trusted, they can operate as bugs for the other team. Even without GPS on, you are going to hit every cell tower. Having 360 degree video surveillance covert running is trivial, to see who is paying special eye contact or moving about with you.

If an organization is bound to follow the person wherever they go, they are in a pickle. They can be picked out from these ways on trains -- even if they are using dark shades, hats, don't get up to follow you to the bathroom or crossing cabins.

It is shooting puppies in a barrel full of water.

That is even without having a countersurveillance team or member working entirely independently.

Excellent place to talk to a lot of people, frequently. Have countersurveillance start up nearby, suspicious conversations -- or direct conversations. Trade stuff between each other and try and keep it secret. Or not. Walk around and change cabins frequently. Pass a lot of data across wifi, bluetooth, and cell. Accidentally miss proper spots, or just ride around all day, getting off at various places. All high traffic, and many tunnels and other underground enclosures. Always choose annoying second level seats where you can pretty well see almost everyone and they can't see you unless they specifically crook their head.

If you are less then such a person, then you just do not have a chance. No video, no awareness of all the data leakage. Maybe some dim idea that you can rely on peripheral vision or the "sense" you are being watched, but it does not matter, because you have no countersurveillance anyway, and whatever tactics you think you know are going to be obsolete and lame.

You are either on or off the radar. If on, you want to get off. If off, you want to stay on. If you do not know, then you are screwed.

HolesOfPotAndChuckJune 8, 2015 12:02 PM

Some time back, years maybe, the city of Boston attempted to lure drivers into letting them access driver's phone acceleromter data while driving around, so they could map streets with highly irregular surfaces (pothole, chuckholes) so they could dispatch repair crews.

This seemed an over-the-top attempt to get location tracking data on drivers in Boston. The city has plenty of cabs, buses, utility vehicles, and police cars that can accomplish street surface tracking without accessing data from cell phones.

Tracking location on the metro lines isn't the issue - tracking people (wherever) IS the issue. Just one more thing to add to the list of what our overlords know about us but that we will NEVER know about them.

Bob S.June 8, 2015 12:02 PM

I don't see this technique (accelerometer tracking) as practical or effective. However, it is abundantly clear the internet of things is being designed and managed to generate mass surveillance data.

Some people may want to lower their internet profile by simply going air gap except under the most non-controversial situations. So, check your bank balance, get directions to the pizza place then pull the battery or buy a Faraday effect case.

Is there a real need for everyone to be connected to the grid all the time?

I would also like to see idiot proof opsec apps and hardware. For example, an app that changes the device fingerprint automatically without input of the user. I find myself goofing up on occasion. Although I am certainly not doing anything remotely considered "wrong" it bugs me when I do that.

OK, I guess that makes me an idiot, but there are a lot of us around.

winterJune 8, 2015 2:07 PM

Actually, Sherlock Holmes did exactly this attack to determine that a will had been written on a train entering a certain London station.

It was a story about a nasty man in a hidden room.

Mike AmlingJune 8, 2015 2:47 PM

The authors regard "it is too expensive for the attackers to collect sufficient labeled training data for every station interval in a large-scale metro system" as a challenge. I don't think so. As a hobby, my son and I traveled the entire length of every Chicago metro (CTA and Metra) train line, years ago. (Maybe somebody else has taken every bus line.)

I would imagine that a lot of metro lines around the world have some intervals between stations that are easily recognized by the curves and their approximate distances from the stations, e.g. the Chicago loop. Others, straight lines at a characteristic maximum speed, may be harder to distinguish. Slow zones, as distinguishers, may be ephemeral.

Some metro systems provide realtime feeds of bus and train locations (which servers use to provide their app clients with expected waiting times). With that data, it should be possible to recognize which bus/train a given phone is on by, if nothing else, the time of starts and stops. This is a different, and I would think easier, method than the authors' idea of gathering all required infrastructure data well before the phone's accelerometers are tapped.

tyrJune 8, 2015 5:23 PM


Just out of curiosity, how many times would you have to
drop or or toss and catch a phone for the data to be
hopelessly buggered? I'm assuming they expect the
phone to be snugly safe in a pocket detecting only
the motion of the conveyance. This might lead to
paid phone jugglers who ride along busking for pay.

Clive RobinsonJune 8, 2015 6:21 PM

@ tyr,

just out of curiosity, how many times would you have to drop or or toss and catch a phone for the data to be hopelessly buggered?

This is the "inertial navigation" question, the answer depends on two basic things, the quality of the sensor and the precision to which you store / process it's output data.

A sensor is limited in a number of ways including linearity, hysterisys, offsets and ultimately thermal noise that is inversly proportional to the signal bandwidth.

This means that you have an interesting trade off, to reduce the noise you have to reduce the signal bandwidth, which means high frequency low level signals at some point don't get seen. However whilst the sensor might produce low frequency signals you get into an issue with integration and offset effects in subsiquent circuits. Thus in low cost systems you "AC" not "DC" couple thus low frequency signals can be lost, if you do DC couple then amplification has to be kept low or "self correcting / offset removing" tricks have to be used. One such is to have low DC gain that is monitored to give "static" orientation, whilst AC coupling and amplifying to give "dynamic" movment.

Which ever way it's done you have to be able to have sufficient precision in the conversion, processing and storage, such that sampling errors don't cause positional inaccuracies beyond a tolerable degree.

The sensors in phones are designed mainly for screen orientation and dynamic game play, not inertial navigation. Thus if you can somehow use the "dead band" between the "static" DC/low frequency signal and the "dynamic" AC/high frequency signal you could in theory build up sampling errors sufficient to make absolute positioning unreliable.

However this system is not "positioning" but "timing movment" via accelerations and comparing to a series of known profiles to get a non optimal "best fit" thus the confidence on each leg of the journy is very low. However the more station to station legs travaled the higher confidence as the algorithm can be considered a multiple lag matched filter. This would be quite difficult to fool even with a lot of drops, shakes and turns, in effect you would have to run down the train whilst it was slowing and stopping for each station and the train is just not long enough for you to do it.

tyrJune 8, 2015 10:56 PM


@Clive

Thanks. That makes sense. I was thinking in terms of
a much higher sampling rate and less filtration being
done. I was also remembering the test of the postal
service with packaged accelerometers that broke most
of them in transit.

FigureitoutJune 8, 2015 11:08 PM

While I do realise the risk from IoT, keep in mind there are some true benefits w/ minimal costs (moving traffic on roads, which has costs of pollution and waste of gasoline, and not having to touch a flusher or faucet or paper towel dispenser in bathroom) as long as companies aren't given requirements for more $$$ for more connectivity. Give us bluetooth/wifi/camera/audio requirements and you know what companies are going to do...Other than that you're looking at some costly attacks that can be mitigated or found if not launched across the board.

Or you could just flush w/ your foot, spreading all the bacteria from your shoes to the flusher, then someone will touch and not wash hands and shake your hands (maybe give you a "nookie" in your hair lol). And we have solutions for doors too if you're germophobic enough (dirty bars may be nice, how many drunk bastards touch that handle).

Maybe have some doctors and nurses who work at hospitals saying how nice it is to turn on/off lights, and turn on faucets w/o physically touching before they cut you open for a quadruple bypass or cancer or disposing of biohazard waste (which will somehow end up in our water supply, but that's a separate problem). This will contain the next supervirus much more than other "touch solutions". We're getting power levels so small and efficient it could even potentially be called "green" depending on how much pollution from PCB's and batteries (which is probably a lot...).

So it could work in many situations w/ far more benefits than costs and w/ basically no identifying info unless surveillance requirements are given or it's a jumpoff point for other sensors snuck in or backdoors in our chips (hello chips w/ 5+ radios). But you have people chomping at the bit to embed electronics in their bodies b/c "it's cool" so prepare yourselves people. It's coming.

Marcos El MaloJune 9, 2015 1:08 AM

@Clive

Wouldn't you only need to place accelerometers on all the subway trains? Then you could match accelerometer signatures in real time, whatever the time of day or traffic pattern.

I imagine a surveillance agency could even test by speeding up or slowing down the train (assuming they have spy movie like control of the metro).

Marcos El MaloJune 9, 2015 1:14 AM

@Figureitout

Swallowable Computing will be the next big thing after Wearable Computers.

rgaffJune 9, 2015 1:28 AM

@ Marcos

and injectable :)

@ all

there are certainly far easier targetable ways of following someone... but I think the reason why this research is flagged on a security blog is because it requires absolutely zero added infrastructure and allows mass surveillance of everyone everywhere (that has a phone)... which means, from past experience, we should probably therefore assume our beloved government is already doing it to everyone everywhere, and all other such criminal organizations are not far behind! Plus the fact that accelerometer access does not require special permission means that any phone app could be a carrier for literally anyone to follow everyone.

Kyle RoseJune 9, 2015 10:14 AM

This kind of story is why I'm so disappointed in the current selection of fitness trackers: they should be able to tell not only how many steps I've taken but *what I'm doing*: playing hockey, walking, running, rowing, swinging, having sex, etc. That I need to manually tell it "Hey, I'm starting a workout!" is IMO completely unnecessary.

Clive RobinsonJune 9, 2015 11:15 AM

@ Figureitout,

Aside from "security" IoTs have another couple of issues to do with being always on.

The first problem is the communications part is likely to draw a couple of watts or more of power from a supply. If we assume ten IoT light bulbs in a house that's 20 watts or, 175Kwh units per year or about 25GBP. Now multiply that by 25million homes it's one heck of a load of green house gases or additional load on the national grid. Depending on who you belive that's 1/20th of the average homes annual domestic electricity bill. Now think of a few other gizmos fridge / overn / microwave / washing machine / TV / HiFi / etc etc and you could be looking at a 10-20% increase in domestic electricity consumption... which will like the "TV on standby" issue cost consumers and the environment dearly...

A quick tale for you, I'm in the process of switching lighting from mains electric to LED lights with solar energy. However I've bumped into a problem, the 48vDC to 220vAC inverters are not very efficient at low or zero power output. Thus as I tend to only use a couple of lights for an average of four hours a day the inverter is chewing up more electricity than the bulbs... So I'm looking at boat/caravan LED lights that run of either 12 or 24 volts DC, which is going to mean a more extensive re-wire than I anticipated...

Clive RobinsonJune 9, 2015 11:24 AM

@ Marcos El Malo,

Wouldn't you only need to place accelerometers on all the subway trains? Then you could match accelerometer signatures in real time, whatever the time of day or traffic pattern.

Err no...

You are thinking of the problem in terms of "targeted surveillance" not "bulk / industrial surveillance".

If they are pulling data from 30-300 phones on each train depending on the time of day they will effectivly match each other for overlaping parts of the journey.

Thus no need to make the expense or worse visable evidence of fitting accelerometers to the individual trains...

David HawthorneJune 9, 2015 12:03 PM

@rgaff

but I think the reason why this research is flagged on a security blog is because it requires absolutely zero added infrastructure and allows mass surveillance of everyone everywhere (that has a phone).

I felt a bit bad leaving only a critical statement, I should have added that I think this is an important study and useful to have. Yes, there is gps monitoring; yes, there is cell tower monitoring; and, yes, there is some potential for deriving accurate data accelerometer monitoring... as people have expected.

If my example sounded pretty well worked out, it should, because I have read of such cases. Trains make an excellent chokepoint for countersurveillance. Contrast against cars.

Adding even something else to be cognizant of only makes it even better for countersurveillance because there is even more for them to be distracted over.

All that said, I do not think there is any plausible reason for anyone to have to actually deal with such matters, of course. That sort of situation is exceedingly rare for anyone to find themselves in.

As for domestic, mass surveillance, I think the same rule holds true, however. Such strategies are idiotic, however. There is far too much data, and they get swamped. Same manner of principle: distraction.

99.9999999% noise. And 98.99999% of it might be mistaken for "signal".

In the past, where domestic, mass surveillance "works", it has immense "false positives", and relies on an immense civilian "army" spread through the society. Like block and four block area designated "civilian watchdogs".

David HawthorneJune 9, 2015 12:12 PM

@FigureItOut

While I do realise the risk from IoT, keep in mind there are some true benefits w/ minimal costs...Other than that you're looking at some costly attacks that can be mitigated or found if not launched across the board.

Yes, "IoT" has significant benefits. It can be abused for "mass surveillance". The commercial value of that makes it inevitable, commercially. The governmental value of it for law enforcement or intelligence is much weaker. There, it is good for forensics, or when they have a bona fide "suspect" to try and keep track of.

In the later case, however, the problem is overshooting, which governments tend to do. In doing so, they try and drink up an ocean to find a little bit of gold. Or try and look for a lost coin in the dead of night where the coin is not even there in the first place. It works against their intended purposes, and destroys the sanctity of society.

They want to target millions, when they just need to target a handful.

Choosing the former means they will never know who that handful is. So, besides for constitutional reasons, or agreeing with the ideology of free nations... as opposed to considering that ideology one's enemy... it simply does not work. It backfires. And significantly so.

Except, for forensics.

"IoT", however, has significant dangers if implemented incorrectly as it often is: the systems tend to be poorly secured because of the obscurity of it and the stiff competition to get to market; the systems tend to not have the foresight to be extensible, they can too often not have mass update functionality and so leave the systems prone to trivial attack by an ever increasing crowd of possible attackers.

Therefore, the systems can be used against both commercial, individual, and governmental intentions if - at the very least - these factors are not taken seriously.


tyrJune 9, 2015 2:34 PM


Having lived through the vast leap forward of a
computerized "paperless office" the IoT brings
visions of horror to my imagination. The clueless
used their paperless office of the future to
generate mounds of useless papers they never
bothered to read.

Being surrounded by devices poorly understood
that were never even considered for synergy is
the stuff that made Stephen King a rich man.

I'm sure our AI overlord will find some new uses
for all of this gadgetry. : ^ )

The mindset that adds controls to batteries and
ink containers to swindle the customers may be
a large part of the problem. I don't remember
asking for that in a customer survey.

rgaffJune 9, 2015 3:13 PM

@ tyr

IoT SHOULD only be deployed gradually, and only where there's a real benefit... not just 'cause... The problems is when there IS a perceived benefit but it comes with secret costs like suddenly now corporations and governments and police worldwide are monitoring your every heartbeat.... eh.. what? I didn't sign up for that! That wasn't in the product brochure! This stuff should be benefitting me not them! I paid for it! It's mine. It works for me, not me for them. That's the real problem. And that's not going away as a general rule, because like the paperless fiasco taught us, these things are used while they're still poorly understood.

For example, the lights in my house... well... do I really NEED to control them from around the world? er.. no.. not really.. but it would be nice to never have to flick a switch and automatically save costs as it senses I'm no longer there... so why not automate the switches and cut off most of that worldwide control/monitoring capability... anyone? Or, at the very least, make it completely end to end strongly encrypted (with "ends" being my mobile device to my physical house, not ever some nasty third party)!

GeorgeJune 9, 2015 4:15 PM

re: accelerometers & metro
"You are thinking of the problem in terms of "targeted surveillance" not "bulk / industrial surveillance"."

This is a bit redundant in UK major cities already wired for video surveillance. The mass transit is a big application of video dragnet for the purpose of public safety, and data collection forensics.

re: tracking potential & power consumption
To me these are more like fun apps like the MS app for telling your age. They're least bit accurate but they are fun, and novelty. People love these apps because they crave for the power of surveillance for the masses. Track your spouse, children, best friends, etc. just for the giggles. Nothing too serious.

Clive RobinsonJune 9, 2015 4:44 PM

@ George,

This is a bit redundant in UK major cities already wired for video surveillance. The mass transit is a big application of video dragnet for the purpose of public safety, and data collection forensics.

There are a couple of problems with video surveillance, firstly it's optical with the attendent problems, secondly you can only use it against people you already have a reasonable image of.

With the best will in the world CCTV systems have a series of trade offs. The first and most obvious is they are line of sight only, which with their cost usually means they are mounted well above head hight and set to cover as much ground area as possible. Which means that the resolution is quite poor at a moderate distance and they are effectivly usless if the person looks down towards the ground and tucks in behind other passengers, at best you get maybe the jacket/sweat shirt and baseball/golf hat. Which means if there are four or five people working together swapping hats and jackets / sweats or putting on light weight rain gear like Kags you are not going to see the person who got on get off. It's only if you have "real time" CCTV coverage from the train coaches that you can catch the swaps and maintain coverage.

GeorgeJune 9, 2015 10:27 PM

@ Clive Robinson, "It's only if you have "real time" CCTV coverage from the train coaches that you can catch the swaps and maintain coverage."

CCTV is by default "catch all" or "bulk" so I'm not sure why "real time" coverage is needed to follow swaps. Forensic searches can very well be applied, faces deliberately covered can be flagged, etc. such general mass surveillance methodologies apply. The mass transit examples you used to evade surveillance can also be applied to accelerometers; they are wearable objects, and I'm sure you know that already, so what am I missing?

Clive RobinsonJune 10, 2015 12:00 AM

@ George,

CCTV is by default "catch all" or "bulk" so I'm not sure why "real time" coverage is needed to follow swaps. Forensic searches can very well be applied, faces deliberately covered can be flagged etc

The problem is resources in terms of time and personnel.

Forensically piecing together a railway journy can take days if not weeks as was evidenced by 7/7. The manpower involved was extrodinary and the bombers took no effort to disguise them selves or disassociate themselves.

If you remember back that was a very high priority throw every resource we have at it case. The then British PM Tony Blair was giving an opening talk up in Scotland on an intergovernmental conferance of major importance, and the attack made him look impotent in the eyes of the world.

Thus the piecing together of the 7/7 bombers movments made entirely on public transport was not lacking in human resources yet it took quite a bit of time.

As I've said in the past CCTV is not a preventative measure it's rarely even a reactive measure it's at best a "closing the stable door" measure. It's deterance value is only effective to move crime on to another area without CCTV, when CCTV coverage increases crime stats move they don't go down over the wide area. The criminals simply show an evolutionary response and within months the crime levels where CCTV is rises again. Whilst it provides dignitaries with "spin" even the general public now know it's by and large a waste of resources thus CCTV is security theater at it's best.

The few places CCTV does work is where significant well trained man power is deployed against well known targets thus overall it becomes more costly than more traditional policing methods.

Whilst mobile phones can be swapped it appears to be only the younger quite experienced criminals that do it. Older or less experienced criminals don't appear to practice that sort of OpSec even though it gets in the media sufficiently frequently to be known about ( getting official figures on this is difficult as they are not reported in any manner usefull for analysis).

Further mobile phones are currently much more amenable to remote automatic surveillance than CCTV and thus produce near real time information with comparatively minimal resources.

What we don't currently have is information on how one type of surveillance can be used to make other forms of surveillance more effective.

For instance there are quite complex analytical systems employed on mobile phones to identify suspect numbers. In the case of "burner phones" there is generally no other information to link the phone to a person (which is why countries like Australia make getting mobile phone service identity linked). To be of use burner phones have to be on for greater periods of time than are needed for communication and the location is known whilst the phone is on. Thus it might be possible to link the phone time&position against other ID based systems such as credit and travel cards the burner phone user might use whilst the phone is on. In the UK like Singapore and one or two other places almost all public transport automated ticket gate barriers have CCTV directed on them. Thus the use of a card to open a gate ties one or two people to a very specific spot at a very specific time which is under recorded surveillance that is more focused than the more normal wide area cameras, thus affording better images of the individuals. Thus by using several surveillance systems in a "stepping stone" like way the holder/user of a burner phone could be identified unless they practice very good OpSec.

If you hunt back on this blog you will find a number of conversations between RobertT, Nick P, myself and one or two others on technical ways to improve the OpSec on burner phones.

FigureitoutJune 10, 2015 1:56 AM

Marcos El Malo
--Yikes, I prefer my computers on a desk, thank you very much.

Clive Robinson
--Always on and all over the place so it's out there for attacker's at their whim, maybe wasting my goddamn time debugging trolling.

Depends on communications, there are definitely some way below that...What brand of IoT lightbulb is this? What's it compared to?

Agree w/ all the other appliances, I don't really see a benefit there, just gimicky sh*t that's going to break lol. Why would I want a text that my toast or laundry is ready or broadcasting that "twitter data" (worthless blurbs of every minute detail I don't care about data)?--Just more garbage data flooding my life and wasted seconds putting in my password and opening up message app. It's funny, I'm in the midst of some testing, and even w/ this one thing I was getting wayyy too much crap, I think it triggered spam filter on mail server and I had to switch lol and I think got hacked a few times (kept making another account) as it wouldn't let me sign in via HTTPS or it's simply glitchy lol...This audio warning is hilarious though, you should hear it lol; it's the kind of silly sh*t I love torturing attackers w/ lol.

RE: lights
--220VAC? What kind of LED's are these, trying to heat up your tea lol? We got some from China recently, something my dad did (another excuse to use his new nail gun lol), I'm not sure on the power or brand (14V it's pretty damn bright, got spots in my eyes now so thank you :p) but polarity isn't labeled. We were thinking of starting a little business swapping out all these older bulbs and putting in these way too bright LED's that take so little power. Thing w/ solar that gets me is the panel always goes bad, it's annoying; I wonder then just how more "efficient" solar is if it used coal power to make it and they last like a year or 2 before they put out nothing.

David Hawthorne
--There's different areas of the "IoT". I'm mosting in the "intrAnet of things" or LANoT, someone else has to have a setup to capture data and put that on internet, maybe this ( https://www.adafruit.com/products/2282?PageSpeed=noscript ), the supposed range is fairly impressive from what I've seen and made way better w/ a 2.4GHz yagi.

Problem is hacks take seconds and investigations take years, and people's skill can change wildly (what once was a threat, now isn't and vice versa). Best strategy is to just push actual security for citizens (yes even the foreign agents here too) instead of leaving us vulnerable so you can do your job a bit more easily searching for "the one" to prosecute or recruit or copy an attack method for "LOVEINT" or whatever it is you guys actually do :p. There'll be another one once you find the one.

They're not "extensible" b/c it's too costly still, but conversely once they get powerful enough to be "extensible" the attack surface increases as well and infections become easier. The more serious attacks will be w/ devices w/ internet interfaces like wifi/bluetooth or full on wired ethernet (in which case it's just a sitting duck online), otherwise the threat is probably overblown b/c there's already systems open to such attacks if people are so inclined and they sit there insecurely (if they fail, people die). Mass update functionality could be used to spread malware too.

Food MuleJune 10, 2015 4:46 AM

@ Figureitout
> They're not "extensible" b/c it's too costly still, but conversely

It sounds like you're referring to the ones that must communicate thru a proxylike gateway bridging low powered networks to the outside. This could be a mobile phone or just a box with enough power. But why would anyone care enough to take on a limited device? What can you do on it?


FigureitoutJune 10, 2015 10:47 PM

Food Mule
sounds like you're referring
--Nope none of that. My threat model is high, we use a chip that *could* do remote firmware flashing (some bullsh*t feature that needs to die) but we've removed hardware necessary for it and I removed any traces of firmware for it I can see. There's a small amount of attacks that would actually matter you could do to it besides physical attacks. You're asking questions I would like the answer to as well (won't answer the 2nd one b/c security); there's many other systems that are quite open right now...

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.