27
linuxxx
35d

!dev - cybersecurity related.

This is a semi hypothetical situation. I walked into this ad today and I know I'd have a conversation like this about this ad but I didn't this time, I had convo's like this, though.

*le me walking through the city centre with a friend*
*advertisement about a hearing aid which can be updated through remote connection (satellite according to the ad) pops up on screen*

Friend: Ohh that looks usefu.....
Me: Oh damn, what protocol would that use?
Does it use an encrypted connection?
How'd the receiving end parse the incoming data?
What kinda authentication might the receiving end use?
Friend: wha..........
Me: What system would the hearing aid have?
Would it be easy to gain RCE (Remote Code Execution) to that system through the satellite connection and is this managed centrally?
Could you do mitm's maybe?
What data encoding would the transmissions/applications use?
Friend: nevermind.... ._________.

Cybersecurity mindset much...!

Comments
  • 9
    That’s a walking wiretap right there.

    Kinda like Android phones are by default!
  • 3
    Yes... And no.

    I don't like taking things for granted.

    While I use a smartphone (zuk z2 pro / mokee) and have a smart TV (panasonic with firefox os) I avoided Alexa and other gadgets / assistants like the plague. I don't care that much about internet traces - devRant the only social platform I use.

    Most conversation of you and your friend takes place in my brain... (example Alexa)

    "oh that looks shiny. Wants..."
    "wait - how can this work"
    "oh great. it requires internet access.... everything goes to the cloud..."
    "Not so shiny anymore... But if it stores data in the cloud... And it's voice based... What's the legal context? Can it be used in court?"
    <hitting the internet>
    "OK. It's official: Never ever do I want such a thingie in my house. Enact P
    perma life ban"

    And to add some context....the legal context is very very very muddy
  • 0
    The downstream is hackable there is an talk where someone could read the downstream and saw that really important stuff was received in plain text.
  • 2
    @Root And iOS devices! Or, until proven otherwise by means of publicly review able code, I'll presume it isn't as privacy friendly/secure :)
  • 0
    @Root and iOS phones, they are literally listening to you all the time waiting for you to say Siri and then storing what you say so they can recognize you saying Siri in the background better later on....
  • 0
    @justamuslimguy Fortunately that data doesn’t leave the device.
  • 0
    @Root I'd like to see the source code so I can check that and make a reproducible build
  • 0
    @linuxxx Me too ๐Ÿ˜•
    But it’s Apple, so. There’s no way to know. But they don’t seem to lie about security things so I’m at least a little okay with taking them at their word? Still not happy about it.
  • 0
    @Root how do you know that?
  • 2
    @Root I get what you're saying, I just don't agree since Apple is integrated within PRISM and the other possible apple devices backdooring program ran by the NSA (the reason Snowden dropped all Apple devices when fleeing)
  • 1
    @linuxxx Yeah, I know. ๐Ÿ™
    We can’t trust bloody anything.
Add Comment