re: The Internet of Things...

quote:

---

I realize it's a bit irrational, but everything is cracked eventually, and sometimes serious security holes go unnoticed for decades as we found out with Shell Shock last week.

---

4096-bit encryption has been broken using side-channel attacks. Supposedly, it wasn't even that difficult. Now, that was with access to the machine without protective measures in place to stop them. Everything can and will be cracked, but it has to be cracked to allow us to see where things went awry.

Personally, I don't think Shellshock is as surprising as everyone makes it out to be. Sure, it's a huge deal, and it's insane that it was out there for so long. With the amount of people with security and hacking skills, it was inevitable that something we all use would have been vulnerable all along. Those reconnaissance don't even take much skill. It's just a gaping vulnerability in software that almost everyone uses (not including the general public with no computer skills or experience). I'd almost wager that the initial "attack" was an accident that they realized could be replicated. Looking at some of the attack methods, they're not complex at all. This isn't a "cracking" issue. It's a "wide open door" issue.

Things like WiFi locks are obviously crackable, but as with everything else, the people who will suffer from it are the ones who put themselves in the line of fire. There are already ways to break into a car wirelessly by intercepting the signal from the keyfob. As with anything else, you have to exercise caution with how you use the technology. If there are multiple levels of authentication (such as device pairing, encryption, and whatnot), it'll be seen as far less enticing to pursue an attack. WiFi is a standard that most of the world uses, and while attacking it isn't terribly hard, it takes some time. The only way it'd be easy enough to quickly break in without some major software flaw or a brute force attack (which would take serious time) is for them to be given access unintentionally.

I just don't have the deep fear that a lot of people I know have. Everything will be hit at some point so you just have to keep yourself as safe as possible and roll with it. The easiest attacks are the ones where you're given access without much work. I've dealt with and learned about security and hacking since I was around 12 years old. Grey hat shite and tinkering with Kali now that I don't have time to keep up with the constant changes of it all. All of that said, I just can't see myself justifying an irrational fear of being targeted. I know what they're capable of. I just think the chance of being hit is unlikely.