Mike Gerwitz

Activist for User Freedom

summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMike Gerwitz <mtg@gnu.org>2017-03-22 01:14:08 -0400
committerMike Gerwitz <mtg@gnu.org>2017-04-02 22:04:29 -0400
commitfac26e2804d270fa8bc376f17cdaba407371333e (patch)
tree8c60d266e3e5674ec8cfde15dc8273852cab0829
parentf7de5bc7aa1e4a511403a044282823649f740f60 (diff)
downloadsapsf-fac26e2804d270fa8bc376f17cdaba407371333e.tar.gz
sapsf-fac26e2804d270fa8bc376f17cdaba407371333e.tar.bz2
sapsf-fac26e2804d270fa8bc376f17cdaba407371333e.zip
slides.org (Stationary): Add Smart TV et. al. IoT
-rw-r--r--images/guardian-doll-spy.pngbin0 -> 371705 bytes
-rw-r--r--images/tp/SHA256SUM5
-rw-r--r--images/tp/remote-list5
-rw-r--r--sapsf.bib87
-rw-r--r--slides.org265
5 files changed, 342 insertions, 20 deletions
diff --git a/images/guardian-doll-spy.png b/images/guardian-doll-spy.png
new file mode 100644
index 0000000..2258068
--- /dev/null
+++ b/images/guardian-doll-spy.png
Binary files differ
diff --git a/images/tp/SHA256SUM b/images/tp/SHA256SUM
index 82c6861..0d173a3 100644
--- a/images/tp/SHA256SUM
+++ b/images/tp/SHA256SUM
@@ -29,3 +29,8 @@ e52d8250d9a98ae68a68a758e1421231aebd4933cc44bc5a2364222984e1ee7f oracle-id-fuu.
cbf3495473a9b111b3ba9723d5ebb9476bd6abf9bf3af711bdbe803baf98067f target-logo.png
0a47a1e0b74fa4ec168d935357081a6d15e55ba77edad483ecb7fe14c3f6f4dc trustev-graph.png
566c10d0004fda789b9fba51f6700003524e061ec169bd9e08ee431e52fb4e43 nsa-spying.png
+4a27e17ef1396b982c85ca3f9cb768a9c61fdcf9d7c957bd5ffdadafafc50576 wikileaks.png
+0bfcdb6c578364279acf01795a5c0d85562c3882d30a618eb59a540904256777 cia-logo.png
+b175a0098b0473009587d312a497c317de02c2f38e5bdf7df8ea77f6e86818c5 lgtv-pwnd.png
+f9e8e3dcf3d383399bad9d1ebc52e156a74d32555166be50c8a027ebe17be69f amazon-echo.jpg
+e8e2401984351071453d07d23b75bcd67e430b9cce89c210797772f1e85bca29 the-onion-logo.png
diff --git a/images/tp/remote-list b/images/tp/remote-list
index ce9b372..099ff78 100644
--- a/images/tp/remote-list
+++ b/images/tp/remote-list
@@ -29,3 +29,8 @@ palantir.png https://web.archive.org/web/20170319035510/https://www.palantir.com
target-logo.png https://web.archive.org/web/20170319055701/https://upload.wikimedia.org/wikipedia/commons/thumb/c/c5/Target_Corporation_logo_%28vector%29.svg/240px-Target_Corporation_logo_%28vector%29.svg.png
trustev-graph.png https://web.archive.org/web/20170319060719/http://www.trustev.com/hs-fs/hubfs/JANUARY-2016/Technology/r-feb-t-circle1.png?t=1473256538000&width=1788&name=r-feb-t-circle1.png
nsa-spying.png https://web.archive.org/web/20170321034321/https://mikegerwitz.com/images/eff-nsa-spying.png
+wikileaks.png https://web.archive.org/web/20170321044026/https://wikileaks.org/static/gfx/wlogo-sm.png
+cia-logo.png https://web.archive.org/web/20170321044107/https://wikileaks.org/ciav7p1/logo.png
+lgtv-pwnd.png https://web.archive.org/web/20170322025944/https://www.bleepstatic.com/content/posts/2016/12/28/DarrenCauthonTV.jpg -scale 80%
+amazon-echo.jpg https://web.archive.org/web/20170322034016/https://upload.wikimedia.org/wikipedia/commons/thumb/5/5c/Amazon_Echo.jpg/208px-Amazon_Echo.jpg
+the-onion-logo.png https://web.archive.org/web/20170322042646/http://assets2.onionstatic.com/onion/static/images/onion_logo.png
diff --git a/sapsf.bib b/sapsf.bib
index e7e3e1b..e23b3cd 100644
--- a/sapsf.bib
+++ b/sapsf.bib
@@ -1123,3 +1123,90 @@
url = {https://www.eff.org/nsa-spying},
urldate = {2017-03-20},
}
+
+@online{eff:samsung-tv-policy,
+ author = {Higgins, Parker},
+ title = {Big Brother Is Listening: Users Need the Ability To Teach Smart
+ TVs New Lessons},
+ organization = {Electronic Frontier Foundation},
+ date = {2015-02-11},
+ url = {https://www.eff.org/deeplinks/2015/02/big-brother-listening-users-need-ability-teach-smart-tvs-new-lessons},
+ urldate = {2017-03-20},
+}
+
+@online{vault7:y0,
+ title = {Vault 7: CIA Hacking Tools Revealed},
+ organization = {Wikileaks},
+ url = {https://wikileaks.org/ciav7p1/index.html},
+ urldate = {2017-03-21},
+}
+
+@online{vault7:weeping,
+ title = {Weeping Angel (Extending) Engineering Notes,
+ SECRET~// REL~USA,UK},
+ organization = {Central Intelligence Agency},
+ url = {https://wikileaks.org/ciav7p1/cms/page_12353643.html},
+ urldate = {2017-03-20},
+ annotation = {Covert surveillance through Samsung Smart TVs.},
+}
+
+@online{bleep:lgtv-ransom,
+ author = {Cimpanu, Catalin},
+ title = {Android Ransomware Infects LG Smart TV},
+ organization = {Bleeping Computer},
+ url = {https://www.bleepingcomputer.com/news/security/android-ransomware-infects-lg-smart-tv/},
+ urldate = {2017-03-20},
+ annotation = {Android ransomware on an LG Smart TV.}
+}
+
+@online{engadget:murder-echo,
+ author = {Steele, Billy},
+ title = {Policy seek Amazon Echo data in murder case},
+ organization = {Engadget},
+ date = {2016-12-27},
+ url = {https://www.engadget.com/2016/12/27/amazon-echo-audio-data-murder-case/},
+ urldate = {2017-03-21},
+}
+
+@online{guardian:murder-echo,
+ title = {Amazon refuses to let police access US murder suspect's Echo
+ recordings},
+ subtitle = {Company has declined to provide audio recordings by smart
+ speaker system at house where man died, according to a
+ report},
+ organization = {The Guardian},
+ date = {2016-12-28},
+ url = {https://www.theguardian.com/technology/2016/dec/28/amazon-refuses-to-let-police-access-suspects-echo-recordings},
+ urldate = {2017-03-21},
+}
+
+@online{gizmodo:echo-wiretap,
+ author = {Novak, Matt},
+ title = {The FBI Can Neither Confirm Nor Deny Wiretapping Your Amazon
+ Echo},
+ organization = {Gizmodo},
+ date = {2016-05-11},
+ url = {https://paleofuture.gizmodo.com/the-fbi-can-neither-confirm-nor-deny-wiretapping-your-a-1776092971},
+ urldate = {2017-03-21},
+}
+
+@online{w:file:echo,
+ author = {Morrison, Frank},
+ title = {File:Amazon Echo.jpg},
+ organization = {Wikipedia},
+ date = {2014-10-17},
+ url = {https://en.wikipedia.org/wiki/File:Amazon_Echo.jpg},
+ urldate = {2017-03-21},
+}
+
+@online{guardian:doll-spy,
+ author = {Oltermann, Philip},
+ title = {German parents told to destroy doll that can spy on children},
+ subtitle = {German watchdog classifies My Friend Cayla doll as
+ `illegal espionage apparatus' and says shop owners could
+ face fines},
+ date = {2017-02-17},
+ organization = {The Guardian},
+ url = {https://www.theguardian.com/world/2017/feb/17/german-parents-told-to-destroy-my-friend-cayla-doll-spy-on-children},
+ urldate = {2017-03-22},
+}
diff --git a/slides.org b/slides.org
index 516d7fb..544a518 100644
--- a/slides.org
+++ b/slides.org
@@ -90,11 +90,9 @@ Some of us are /still/ being tracked at this very moment!
This isn't a tinfoil hat presentation.
It's a survey of facts.
-/Actual/ facts, not alternative ones! (Dig at Kellyanne Conway, for those
- reading this in the future.)
Since time isn't on my side here,
I'm going to present a broad overview of the most pressing concerns of
- today.
+ today, as it relates to everyone here.
Every slide has numeric citations,
which are associated with references on the final slides.
I won't be showing them here---you can get them online.
@@ -138,7 +136,8 @@ They are something we carry with us everywhere.
They are computers that are always on.
A phone is often synonymous with an individual;
- they are a part of us.
+ they are a part of us---
+ we feel /incomplete/ when we're missing our phones.
In other words: they're excellent tracking devices.
#+END_COMMENT
@@ -179,9 +178,7 @@ Unless it is off or otherwise disconnected (like airplane mode),
its connection to the cell tower exposes your approximate location.
If the signal reaches a second tower,
the potential location can be calculated from the signal delay.
-You can also triangulate.
-These data persist for as long as the phone companies are willing to persist
- it.
+More towers, you can also triangulate.
Some people don't use phones primarily for this reason.
@@ -308,6 +305,8 @@ The Guardian newspaper releases a leaked court order,
which orders Verizon to collect ``telephony metadata'' on /all/ calls,
/including domestic/.
+These matadata include <read above>.
+
That ``business records'' provision of FISA that Ron Wyden was talking about
was partly declassified by the then-DNI James Clapper shortly after that
publication.
@@ -372,7 +371,7 @@ If you connected to any hidden networks,
your phone may broadcast that network name to see if it exists.
It exposes unique device identifiers (MACs),
- which can be used to uniquely identify you.
+ which can be used to identify you.
Defending against this is difficult,
unless you take the simple yet effective route:
@@ -479,9 +478,14 @@ A study by the Wall Street Journal found that 47 of the 100 Android and iOS
apps in 2010 shared your location with not only the developers,
but also with third parties.
+An example is Angry Birds,
+ which for whatever the hell reason was sending users' address books,
+ locations, and device IDs to third parties.
+
You need to know what data you're leaking so that you can decide whether
or not you want to do so.
And you need the option to disable it.
+Or modify the program to disable it.
Sometimes your location is leaked as a side-effect.
Navigation systems, for example, usually lazy-load map images.
@@ -520,8 +524,8 @@ Based on the signal strength of nearby WiFi networks,
your position can be more accurately trangulated.
Some of these data are gathered by Google Street View cars.
-Your phone might also be reporting back nearby networks in order to improve
- the quality of these databases.
+Devices that /have/ GPS, like your phone might also be reporting back nearby
+ networks in order to improve the quality of these databases.
Sometimes this can be more accurate than GPS.
And it works where GPS and maybe even cell service don't, such as inside
@@ -560,7 +564,7 @@ The OS situation on mobile is lousy.
You carry around this computer everywhere you go.
And you fundamentally cannot trust it.
-Take BLU phones for example.
+Take BLU phones for example---cheap little phones that come with advertising.
In November of last year it was discovered that these popular phones
contained software that sent SMS messages, contact lists, call history,
IMEIs, etc to third-party servers without users' knowledge or consent.
@@ -725,7 +729,7 @@ Well one of the most obvious threats,
is a warrant or subpoena.
Most of us aren't going to have to worry about a crime.
-Data can be compromised.
+But data can be compromised.
And it isn't possible for you to audit it;
you have no idea who has you on camera.
@@ -733,7 +737,6 @@ This creates a chilling effect.
You're going to act differently in public knowing that someone might be
watching,
or could be watching later on if recorded.
-And some will be paranoid---you don't know if cameras are around.
If you have a surveillance system,
or any sort of public-facing cameras,
@@ -829,7 +832,7 @@ This thing also integrates the 911 system, radiation detectors, criminal
This is the direction we're heading in---
these things will only spread.
In fact,
- the NYPD will get 30% of the profits from selling it to others.
+ the NYPD will get a 30% cut when Microsoft sells it to others.
#+END_COMMENT
@@ -944,7 +947,7 @@ But it's a useful comparison against precedent.
#+END_COMMENT
-*** AUGMENT Internet of Things [7/7]
+*** AUGMENT Internet of Things [13/13]
**** READY Internet-Connected Cameras :B_fullframe:
:PROPERTIES:
:DURATION: 00:00:35
@@ -1002,7 +1005,6 @@ It also indexes other interesting things.
For example,
it was used to find unsecured MongoDB instances so that the attackers
could hold data for ransom.
-Secure your databases.
So people can find your stuff.
If an attacker knows that some device is vulnerable,
@@ -1114,9 +1116,6 @@ How about inside hospital rooms?
This patient has an ice pack strapped to the side of her face.
I'm pretty sure this feed was outside of the United States;
I can't imagine that this type of thing would make it past HIPAA audits.
-I hope.
-I couldn't find the feed again to try to figure out what hospital it might
- be to notify them.
How about inside someone's home?
This looks to be a bedroom.
@@ -1143,6 +1142,232 @@ Even if you can't find a camera on this site,
#+END_COMMENT
+**** READY Smart TVs (Samsung Privacy Policy) :B_fullframe:
+:PROPERTIES:
+:BEAMER_env: fullframe
+:DURATION: 00:00:30
+:END:
+
+#+BEGIN_QUOTE
+``Please be aware that if your spoken words include personal or other
+sensitive information, that information will be among the data captured and
+transmitted to a third party through your use of Voice Recognition.''
+
+\hfill---Samsung SmartTV Privacy Policy, 2015
+
+\cite{eff:samsung-tv-policy}
+#+END_QUOTE
+
+#+BEGIN_COMMENT
+So while we're on the topic of being in someone's home...
+
+Samsung's SmartTV privacy policy caused a big fuss a couple years ago by
+ blatantly stating that your personal conversations will be sent to
+ third-party servers for voice recognition.
+
+It was compared to George Orwell's telescreens.
+
+<Read above>
+#+END_COMMENT
+
+
+**** READY Smart TVs (Weeping Angel) :B_fullframe:
+:PROPERTIES:
+:BEAMER_env: fullframe
+:DURATION: 00:00:30
+:END:
+
+***** Wikileaks
+:PROPERTIES:
+:BEAMER_col: 0.15
+:END:
+
+#+BEGIN_CENTER
+#+ATTR_LATEX: :height 1in
+[[./images/tp/wikileaks.png]]
+#+END_CENTER
+
+***** Title
+:PROPERTIES:
+:BEAMER_col: 0.60
+:END:
+
+#+BEGIN_CENTER
+#+BEAMER: {\Huge Weeping Angel}
+\par\incite{vault7:weeping,vault7:y0}
+
+- Suppress LEDs for ``fake off''
+- Record audio
+- Remote shell and file transfer
+- Extract WiFi credentials
+- ``TODO'': Record video
+#+END_CENTER
+
+#+BEGIN_COMMENT
+But it might not be Samsung that's listening.
+
+Recently,
+ Wikileaks released what it refers to as ``Vault 7'',
+ an unprecedented doxxing of the CIA.
+
+Weeping Angel was one of the projects.
+It targets Samsung Smart TVs and can suppress LEDs to enter what they call a
+ ``fake off'' mode,
+ covertly listening to the environment.
+As of their 2014 notes,
+ video surveillance was explicitly on their TODO list.
+I find it unlikely that they didn't succeed given that they appear to have
+ root access to the device.
+#+END_COMMENT
+
+***** CIA
+:PROPERTIES:
+:BEAMER_col: 0.15
+:END:
+
+#+BEGIN_CENTER
+#+ATTR_LATEX: :height 0.85in
+[[./images/tp/cia-logo.png]]
+#+END_CENTER
+
+
+#+BEGIN_COMMENT
+If Samsung isn't listening,
+ then others might be.
+#+END_COMMENT
+
+
+**** READY Smart TV Ransomware (LG)
+:PROPERTIES:
+:DURATION: 00:00:15
+:END:
+
+#+BEGIN_CENTER
+#+ATTR_LATEX: :height 2in
+[[./images/tp/lgtv-pwnd.png]]
+
+\incite{bleep:lgtv-ransom}
+#+END_CENTER
+
+#+BEGIN_COMMENT
+Remember:
+ if the CIA exploited a vulnerability,
+ it's very possible that other adversaires have as well;
+ it isn't just the CIA you have to worry about.
+
+This is an LG Smart TV owned by Android ransomware.
+#+END_COMMENT
+
+
+**** READY Amazon Echo---Always Listening
+:PROPERTIES:
+:DURATION: 00:00:45
+:END:
+
+***** Echo echo echo echo...
+:PROPERTIES:
+:BEAMER_col: 0.3
+:END:
+
+#+BEGIN_CENTER
+#+ATTR_LATEX: :height 2in
+[[./images/tp/amazon-echo.jpg]]
+
+\incite{w:file:echo}
+#+END_CENTER
+
+
+***** Summary
+:PROPERTIES:
+:BEAMER_col: 0.7
+:END:
+
+- Voice recognition on Amazon's servers; have recordings
+ \cite{engadget:murder-echo,guardian:murder-echo}
+- Warrant issued in murder case for recordings
+ \cite{engadget:murder-echo,guardian:murder-echo}
+- Always listening; ``wake word'' doesn't matter (they control the software;
+ device can be compromised)\cite{gizmodo:echo-wiretap}
+ - <2-> Should do voice recognition on the device
+ - <2-> Run free software
+ - <2-> Connect to /your own server/ for actions
+ - <2-> Hardware switch for microphone
+
+#+BEGIN_COMMENT
+Personal assistants have become pretty popular.
+Amazon Echo is one of those ``always-listening'' devices that can do your
+ bidding.
+But since it performs voice recognition on Amazon's servers,
+ they have access to recordings of your data.
+A court has issued a warrant for those recordings in a murder case in
+ December of this past year.
+
+Look: a device like this---one that is always listening---
+ is a security nightmare.
+It doesn't matter if it has some sort of ``wake word'';
+ functionality can be hidden from you or changed with an update.
+You do not have control over that device or the software that it is running.
+If an attacker owns the device,
+ they're sitting there in your living room.
+A device like this needs to do voice recognition locally,
+ run free software,
+ connect to a server of /your choosing/ for actions.
+ and have a hardware switch for the microphone.
+#+END_COMMENT
+
+
+**** READY Consder the Benign
+:PROPERTIES:
+:DURATION: 00:00:20
+:END:
+- Water meter used in murder case as evidence\cite{guardian:murder-echo}
+ - 140 gallons between 1AM and 3AM in Winter?
+- Thermostat?
+ - Usage patterns could hint at when you're home
+- Window/door sensors?
+
+#+BEGIN_COMMENT
+Consider what devices in your home might have access to.
+
+That murder case I just mentioned with the Echo---
+ they also gathered data from the water meter which showed that the
+ suspect used 140 gallons between 1AM and 3AM.
+During Winter, nonetheless.
+
+Your thermostat could reveal usage patterns to determine remotely when you
+ might be home.
+There are door and window sensors.
+#+END_COMMENT
+
+
+**** READY Creepy-Ass Children's Toys?
+:PROPERTIES:
+:DURATION: 00:00:15
+:END:
+
+#+BEGIN_CENTER
+#+BEAMER: \uncover<2>{
+#+ATTR_LATEX: :height 0.15in
+[[./images/tp/the-onion-logo.png]] ???
+#+BEAMER: }
+#+ATTR_LATEX: :height 2.35in
+[[./images/guardian-doll-spy.png]]\incite{guardian:doll-spy}
+#+END_CENTER
+
+#+BEGIN_COMMENT
+What about creepy-ass children's toys?
+I took a screenshot of this Guardian article because...
+A couple years ago you'd only find a headline like this in something like
+ The Onion.
+
+``German watchdog classifies My Friend Cayla doll as `illegal espionage
+ apparatus'.''
+
+/What the hell./
+#+END_COMMENT
+
+
+
**** READY ALPRs Wide Open
:PROPERTIES:
:DURATION: 00:00:20
@@ -1158,7 +1383,7 @@ Even if you can't find a camera on this site,
- Other researcher found some accessible via telnet\cite{darius:alpr-telnet}
#+BEGIN_COMMENT
-Speaking of just connecting.
+Alright, well, stupid things happen outside the home too.
Those ALPRs we just talked about.
Turns out that they have web interfaces.