New Consumers Union report catalogs the potential collateral damage from the crypto warsOn December 23, 2017 by Ilene
In a new white paper, Consumers Union (publishers of Consumer Reports) looks at the “consumer stake in the encryption debate”: they note that governments want to ban working cryptography so that cops can spy on crooks, but the reprt does an excellent job enumerating all the applications for crypto beyond mere person to person communications privacy.
Crypto, after all, is the way that manufacturers authenticate their software updates for devices, secure the transmissions between those devices, and protect the integrity of sensitive information like financial transactions, vehicle telemetry, and health data.
Posing the crypto wars as finding a balance between your right to privacy and cops’ ability to fight crime misses out on these important equities. Asking us to give up working crypto is also asking us to give up the certainty that our medical implants, cars and voting machines aren’t being remotely sabotaged.
Cryptography is essential to the delivery of these updates, as it allows a device to know
what. Manufacturers use digital signatures to ensure that only genuine updates are
delivered, guarding against code that might be sent
from malicious actors, such as criminals
looking to remotely turn on microphones, steal data, or attack other nearby devices.
This is not
a theoretical danger:
Users of Adobe Flash, Android, and multiple web browsers have been
targeted in the past with invitations to download and install fake software updates.
The problem could become more acute as consumers adopt a coming tidal wave of new
driven devices. Mobile phones have become omnipresent and virtually omniscient
personal assistants, with minority and vulnerable consumers being especially likely to be
dependent on smartphones for their access to the internet.
Homes are becoming “smarter” as
embedded, largely invisible computer chips control televisions, refrigerators, thermostats, home
cameras, and light switches. Even cars
once the quintessential mechanical product
depend heavily on digital technologies.
To use all of these digital products and services, consumers must blindly trust hundreds of
millions of lines of computer code as they navigate their day
day lives. And just as
programmers spend their days creating and improving their code, hackers work hard at finding
vulnerabilities that can enable them to turn baby monitors into spy devices,
phones and laptops,
and potentially even control a car’s brakes and steering.
Many of these
vulnerabilities carry the risk of being exploited in an environment where the stakes are high:
Hackers have remotely hijacked connected Jeeps,
redirected yachts by “spoofing” GPS
and locked home thermostats at 99 degrees Fahrenheit.
If these connected
products used encryption, it would be much harder for hackers to exploit these vulnerabilities
and place consumers at risk.
The Consumer Stake in the
Encryption Debate [Consumers Union]
In cryptographic and security circles, the “evil maid” problem describes a class of attacks in which a piece of unguarded hardware, is tampered with by someone who gains physical access to it: for example, a hotel chambermaid who can access your laptop while you’re out of the room.
On December 15, Ars Technica ran a story by veteran security reporter Dan Goodin in which Goodin reported on a disclosure by Google researcher Tavis Ormandy, who had discovered that Keeper Security’s password manager, bundled with Windows 10, was vulnerable to a password stealing bug that was very similar to a bug that had been […]
In Partial Information Attacks on Real-world AI, a group of MIT computer science researchers report on their continuing work fooling Google’s image-classifier, this time without any knowledge of how the classifier works.
With new, innovative apps and programs dropping everyday, it pays to have a powerful computer. But forking out the cash for a pre-made rig can get expensive — especially when it’s perfectly feasible to build your own at a much lower price point. Of course, not all of us have the IT acumen of a […]
Humans have been sporting belts since the Bronze Age and not much has changed concerning their functionality. Sure, there have been minor improvements, like reversible designs or buckles that double as bottle openers, but no major breakthroughs have been made in terms of fit. That is, until now. Boasting a unique, hole-free construction, Men’s Trakline […]
Perhaps 2017 wasn’t your most productive year, but that’s okay because the Tim Ferriss Tribe of Mentors Dream Setup Giveaway gives you a chance to make 2018 a year of successful resolutions backed by a trove of productivity-boosting tools. 100 percent free to enter, this giveaway grants you the chance to take home a host […]