The Shared Security Podcast Episode 45 – Implantable Wearables, Spotify Privacy, Hacking Self-Driving Cars

This is the 45th episode of the Shared Security Podcast (formally the Social Media Security Podcast) sponsored by the Streetwise Security Zone. This episode was hosted by Tom Eston and Scott Wright recorded September 24, 2015. Below are the show notes, commentary, links to articles and news mentioned in the podcast:

How The Internet of Things Could Revolutionize Our Lives, Work

The above article does a good job of painting a Utopian future, with your office doors opening and computers logging you in with appropriate privileges “without having to manually tap into 10 different interfaces every day.” You may also enjoy dreaming of entering a restaurant where the menu is customized to your social preference, saving you the hassle of actually having to turn multiple pages. This may be a good thing, or it may just be a sign that we are getting lazy.

Did you ever see the Disney movie “Wall-E”, where all the humans looked like the Michelin man, and floated around on hovering chairs? Isn’t it just a little bit sad that we are getting so excited about not having to move any muscles to get our jobs done?

Not only does this image of the future seem a little unhealthy, but I just can’t help but think about all the potential vulnerabilities in all the interfaces between these devices and systems that have to work with each other to accomplish these feats. I think this is especially true, in light of the point raised in the article about the lack of standardization between devices that I think will almost always exist.

– Scott

A Smartwatch Could Reveal What You’re Typing by How Your Hand Moves

This is one of those articles that pops up every year or so that describes how somebody has demonstrated a way to capture keystrokes or other personal movements of individuals through vibrations, light rays, electromagnetic variations, etc. It’s just a reminder that when we adopt a new form factor or a whole new device, somebody is going to try to find a way to spy on your actions when using it.

In most cases, these demonstrations are done in very controlled environments, and can be very hard to reproduce. In other, more successful cases, the researchers probably end up getting bought out or employed by large and powerful organizations, never to be heard from again… ;o)

– Scott

Top 10 Implantable Wearables Soon To Be In Your Body

Is there such a thing as being too close to technology?

It will be interesting to see how far people are willing to go to be connected. This article discuses a number of ways I which scientists (or franken-scientists) are experimenting with implanting everything from phones to speakers to video displays in peoples’ bodies.

I think it’s more likely that many of us will accept some of the new medical applications of implantable technologies. Sensors for real-time monitoring of sugar levels, cholesterol and other undesirables could be really valuable. Of course, the swallowable pill for colonoscopies is the one many of my friends are waiting for…

There may even be devices you can take as pills that will monitor and dispense therapeutic chemicals that make you feel full, or even contraceptives.

It’s also possible that with the right materials and smart functionality, entire organs could be replaced. Maybe this is how we evolve into Cyborgs…

My security and privacy concerns around these devices are along the lines of them being hijacked by attackers, which could literally be fatal in some cases. But you also have to worry a little about how those devices could be detected and matched to your identity for tracking purposes.

– Scott

You Can’t Do Squat About Spotify’s Eerie New Privacy Policy

It’s not just Google, Linked In and Facebook who want to know everything about you. Spotify is seriously trying to get in on the act.

Did you know that Spotify’s privacy policy is hoping you might break the law, while their fine print is saying you agree to do the due diligence? Spotify’s privacy policy apparently wants you to implicitly accept how they use information about your phone’s contacts, even when they know it may not be legal for you to share it with Spotify without their permission? They literally expect you to seek every contact’s permission to let Spotify use their contact information for its vague purposes, before you use Spotify on your phone.

Unfortunately, as the article points out, it is becoming the norm for businesses to try to monetize the personal information they have about you.

– Scott

Self-driving cars can be hacked using a laser pointer

Before you get in that self-driving car…

The next wave in vehicle technology, if you haven’t been paying attention to it, is the self-driving vehicle. Google has been test-driving self-driving vehicles for a number of years now, with some success.

I think there are some great benefits to be had from automating vehicles, especially in environmental and safety areas. Think of the gas that can be saved if the optimal acceleration and routing is used every day by all (or most) vehicles on the road. And automated safeguards are very likely to save a lot of lives where human error is often the cause.

However, we have to keep in mind all the bad things that can happen when a computer can completely control a car. In this article, a simple laser pointer can be used to cause the Laser-based ranging and imaging systems on self-driving cars to believe there are objects where they aren’t. This kind of attack has to be considered, and in general, any malicious action from an outsider has to be considered by the cars’ control systems. They have to do more complex checks for “reasonability” of their sensor inputs.

So, I’m glad we have hackers actively researching the latest vehicle automation technologies. This way, we have a chance of having vehicles come off the production lines with security built in. I’m not so naïve as to think they will be totally safe. There are some real risks that need to be thought out, and some won’t be resolved before we’re driving them (I mean, they’re driving us). Things like legal liability when a vehicle makes a decision that directly ends up injuring or killing people.

– Scott

Check out our friends over at ZeroFOX

ZeroFOX provides detection and defense for social media security threats.  We hope to have the team at ZeroFOX share more of their research and technology with us in future episodes.

– Tom

Please send any show feedback to feedback [aT] sharedsecurity.net or comment below. You can also call our voice mail box at 1-613-693-0997 if you have a question for our Q&A section on the next episode. Be sure to visit our website, follow us on Twitter and like us on Facebook. Thanks for listening!

Play
Facebooktwittergoogle_plusredditlinkedinmail

Leave a Reply

Your email address will not be published. Required fields are marked *