Isn't IoT gear dangerous enough already?
DARPA to geeks: Weaponize your toasters … for America!
The US Military Defense Advanced Research Projects Agency (DARPA) is asking the American public to put on its collective black hat and find new ways to turn everyday technology into weapons of online destruction. Uncle Sam's hacker hut said that its new project, dubbed Improv, would seek to uncover new ways in which everyday …
COMMENTS
-
-
Sunday 13th March 2016 21:08 GMT ecofeco
Right?
I really don't understand the purpose of this DARPA project. I mean why don't they do what everyone else does and just contract it out to some overseas country whose name(s) shall remain anonymous for now and get the same results results everyone gets? A shit product that is already vulnerable.
I'm shocked that DARPA is this behind the times.
-
-
Saturday 12th March 2016 01:29 GMT Anonymous Coward
Only in the Land of the free
Unfortunately us Brits won't be able to join in with our special friends. I think we will fall afoul of the Computer Misuse Act off of 1990. I wonder if the US has anything similar?
The basic idea as presented here second hand (probably third), is a fair one if you are patriotically motivated, provided you want to assist "DARPA's mission is to create strategic surprise" whatever that means.
Mind you, given the sheer number of router manufacturers who have recently 'fessed up to hard coded credentials (Cisco, Juniper, D-Link, Fortinet - non exhaustive list) that mysteriously wormed into their firmwares why not? There are clearly a lot of bad actors out there.
-
Saturday 12th March 2016 05:32 GMT Lysenko
Computer Misuse Act off of 1990...
The CMA only covers malicious meddling with other people's property. It doesn't stop you devising attack vectors against gadgets any more than the illegality of burglary prevents you from designing lock picking tools.
The point of the act is to stop self certified "white hat" researchers walking up to random strangers front doors and breaking in without permission, claiming it is necessary in order to demonstrate that Yale locks have security vulnerabilities.
Buy your own damn lock to play with and get the hell off my lawn!
-
-
Saturday 12th March 2016 10:25 GMT Lysenko
MS from messing with your settings
Caveat: We're discussing a law here. Judges opinions matter. Privacy warriors - not so much.
MS probably have permission if you dredge through the EULA in enough detail and apply relevant precedents. You cannot generally get out of a license/contract on the basis that you couldn't be bothered reading it and/or obtaining relevant legal advice about the implications. If you've got an active copy of Win10 then at some point you took positive action to assent to the EULA. Same applies to Android (which I suspect is a bigger privacy hole in any case).
That's a completely different kettle of fish to something like port scanning, which is essentially the same as walking down a public street trying all the car door handles. Telling plod you're doing legitimate research into automotive security isn't going to get you out of a trip to the station.
-
Sunday 13th March 2016 12:58 GMT John Brown (no body)
Re: MS from messing with your settings
"you took positive action to assent to the EULA."
The EULA may or may not have any force in regards to this. A EULA cannot trump law in the UK. You can't sign away your legal rights in these cases. It's notable that whenever a EULA is challenged it always seems to end up with an out of court settlement so as not to risk any legal precedents,being set by a judge. These companies know their EULA is probably not enforcible and rely on scare tactics for the majority and paying off anyone with the resources to actually challenge it.
-
-
-
-
-
-
Saturday 12th March 2016 09:13 GMT allthecoolshortnamesweretaken
Re: Toasters
Well, howdy-doodely-doo!
-
Saturday 12th March 2016 14:06 GMT Warm Braw
Re: Toasters
If you look at an an intelligent toaster done properly you can see how the IoT crowd just don't get it.
-
Sunday 13th March 2016 20:34 GMT Haku
@allthecoolshortnamesweretaken
Little known fact, Talkie Toaster is infact an incarnation of Box, a portable handheld supercomputer from the earlier BBC TV show Star Cops.
-
-
-
Saturday 12th March 2016 07:17 GMT Anonymous Coward
"DARPA's mission is to create strategic surprise"
Errrr...no, it isn't. DARPA's mission is to burn through about $3bn a year (possibly a lot more on the various skunk projects) trying to develop yet more toys for the peevish children running the Pentagon. And that's because the Pentagon aren't satisfied with spending more on "defence" than the next eight biggest spending nations combined.
I suppose DARPA's 3bn is drop in the ocean of US total defence spending of around half a trillion dollars a year, but even so, it is an intriguing exercise to imagine the good things that the US could achieve if it spent rather more on improving lives rather than forcibly ending them.
-
Saturday 12th March 2016 09:25 GMT Christoph
Re: "DARPA's mission is to create strategic surprise"
Well, it isn't all spent on that. The main purpose is of course gigantic profits for the arms firms. But there's also the massive payoffs to make sure that the politicians keep voting them the funds, the attacks on anyone who objects, and of course the critically important bribes and propaganda to make sure that there's always at least one war somewhere to test out the new toys, to use them up so that replacements have to be bought, and to show the public that all that defence money really is needed.
-
Sunday 13th March 2016 12:01 GMT Anonymous Coward
Re: "DARPA's mission is to create strategic surprise"
So, basically, the US defense industry is a way to increase the velocity of money to counteract the way that the rich are trying to reduce it.
As Bernie Sanders points out, you could get exactly the same effect by giving the money to middle and low income people.
It would be interesting to imagine what would happen if the US (and the UK) suddenly stopped spending all money on "defence" (other then civil emergency provision). Would we get invaded? Would we be economically better off even if we pensioned off all the Armed Forces? Would people like Liam Fox be begging on the streets?
-
-
Sunday 13th March 2016 21:14 GMT ecofeco
Re: "DARPA's mission is to create strategic surprise"
Going a little farther off topic, that $4 trillion spent of the 10 year war would have rebuilt a lot of infrastructure and provide a lot of local jobs.
But it pales in comparison to the $26 trillion given to Wall St as a reward for their failure.
At least DARPA produces things we all can eventually use. Wall St? Not so much. The last security derivative I used was fit only for toilet paper. Literally.
-
Saturday 12th March 2016 07:27 GMT Allan George Dyer
How about...
i) Many homes have a supply of combustible gas that can used in arson attacks.
ii) Most homes have a moderately high voltage electrical supply that can be used for electrocution or triggering arson attacks.
iii) Hey, look, there's half a brick here, you could use it as a blunt instrument for violent assaults...
What? it said NEW? Damn, I was on a roll...
Don't forget, wooden clogs can be thrown or dropped into moving machinery, for the original sabotage.
-
Sunday 13th March 2016 12:07 GMT Anonymous Coward
Re: How about..."Most homes have a moderately high voltage electrical supply "
Pedant note: Just about all British homes have a low voltage electricity supply. Low voltage is anything with a peak between conductors < 1500V, i.e. about 1000VAC, according to the IEC and the BSi implementation of IEC standards.
The US is of course different from the rest of the world, but US houses are still not high voltage within the US definition.
-
-
Saturday 12th March 2016 08:04 GMT Fruit and Nutcase
Fire!
With reference to the current Tumble Dryer recall, I think the required engineering is already there with some classes of domestic appliances - just need to be able to get them to go into self-destruct mode at command.
Which appliances caused the most fires?
14% washing machines (1,723)
12% tumble dryers (1,456)
11% dishwashers (1,324)
9% cookers (1,080)
7% fridges / freezers (861)
5% central heating (606)
4% toasters / grills (495)
4% microwaves (427)
3% TVs (372)
2% washer dryers (225)
1% irons (92)
(Proportion and number of fires caused by faulty appliances between January 2011 and March 2014 based on government fire data.)
Source: Which?
ref: http://www.bbc.co.uk/news/uk-33124925
Tumble Dryer recall
http://www.bbc.co.uk/news/business-34901765
-
Saturday 12th March 2016 08:12 GMT Anonymous Coward
Seems arse about face
Since it seems likely that the US will be at least one of the fastest adopters of IoT gadgets, wouldn't DARPA be serving US interests better by finding innovative ways of de-weaponising them? ISTM that any "strategic surprise" from IoT devices running amok is likely to be most keenly experienced by the US.
-
-
Sunday 13th March 2016 11:24 GMT Dave 126
Re: Seems arse about face
>I could just imagine the fun that the Monty Pyhon team would have had with 'Flying Toast as weapons of mass destruction'.
Spike Milligan had already beaten them to it with the "The Jet-Propelled Guided NAAFI" episode of the Goon Show. (A NAAFI in this context was a canteen run by the Navy Army Air Force Institute for the benefit of British military personnel.)
Good Heavens, Sir! It's a plan of a new Guided NAAFI! A self-contained missile capable of carrying eighty-two staff, ten NAAFI pianos, sixty thousand gallons of tea and twelve tons of buttered crumpets, being shot six thousand miles up and set fully operative at the point of impact in sixteen seconds. It sounds quite impossible.
The good thing about radio comedy is that the special effects budged is unlimited!
http://www.thegoonshow.net/scripts_show.asp?title=s06e19_the_jet_propelled_guided_naafi
EDIT: Audio here: https://www.youtube.com/watch?v=rwSQ0CBQuA0 Enjoy!
-
-
Saturday 12th March 2016 09:39 GMT allthecoolshortnamesweretaken
Re: Seems arse about face
Cue Jack Ramsay...
-
Saturday 12th March 2016 16:54 GMT choleric
Re: Seems arse about face
Nope. DARPA are the red team in this exercise.
War 101: "Know your enemy."
Absolute genius. Douglas Adams couldn't have done it better. "It turned out that the ultimate weapon of global destruction was not the nuclear bomb but the humble toaster. The world ended shortly after 7.30am on a Thursday as the world's toasters burned their owners to a crunchy crisp."
-
-
-
Sunday 13th March 2016 12:15 GMT Dave 126
Re: Sorry, DARPA
>Sorry, DARPA. Those of us with a clue don't work on consumer goods anymore.
I'm sure they will be inconsolable.
Seriously though, it makes no odds to me if I'm blown up by explosives derived from fertiliser or by those from a military supply chain. The results are the same if the timer used is purpose-made, or constructed from a cheap digital wristwatch.
-
-
Saturday 12th March 2016 12:27 GMT Mephistro
"(DARPA) is asking the American public to put on its collective black hat and find new ways to turn everyday technology into weapons of online destruction."
The American public? They would be better off asking the PRC!.
Seriously now, how can these fuckwits expect such actions not to bite their arses in a near future?
Idiocracy, the documentary, coming soon to your screens. Sigh.
-
-
-
Sunday 13th March 2016 00:53 GMT Mike 16
Re: Gone Phishing
The "Submit a proposal, win a free ticket to Cuba" (but not the part with the music and Pina Coladas) was exactly the first thing that crossed my mind. OTOH, the very obviousness of it leads to thought about how spam is carefully larded with typos and preposterous claims to filter out recipients with a clue. Now the hard part is to fill in the result:
a) People who think about freelance McGyvering
b) People who have some interesting ideas
c) People dumb enough to tip their hands.
What method finds the ((a & b) & !c) folks? Do they review your extant publications (or github profile) and if you _don't _ submit a proposal, send in the drones?
-
-
Saturday 12th March 2016 18:28 GMT Marcus Fil
And over at MI6
Now pay attention 007 there have been some changes since your enforced stay at the STD clinic. Double oh agents are no longer being sent into the field since this costs the British taxpayer too much in air tickets, casino chips and written off Aston Martins. We are now using the IOT for assassinations. Since you retain your licence to kill it will be your job to click on 'okay' the moment Agent Vrokoff steps into her power shower. There is a spare terminal in the filing cupboard.
-
-
This post has been deleted by its author
-
-
-
Saturday 12th March 2016 21:52 GMT Anonymous Coward
Anyone with an IoT toaster deserves to never experience the sweet taste of a perfectly toasted crumpet that is only beaten by the bacon sandwich in the realms of breakfast food par excellence.
I like this though,
Uncle Sam's hacker hut said that its new project, dubbed Improv, would seek to uncover new ways in which everyday technology could be compromised in order to present a security threat.
At first I thought it should be prevent but then I remembered it's DARPA...
-
Sunday 13th March 2016 20:28 GMT Vic
No. Shan't.
I'm not playing this game.
Most things can be turned into weapons with a little ingenuity[1].
So the *best* thing that can come out of such a contest is that I won't be able to buy the things I want to buy. And that's the best outcome...
Vic.
[1] I'm always a little evasive when asked at an ariline check-in if I'm carrying any weapons. The real answer is "yes - and so is absolutely everyone else". But that gets you busted...
-
-
Sunday 13th March 2016 21:43 GMT Vic
Re: No. Shan't.
Damnit, my hands are weapons.
As are your feet.
One of the best weapons in confined surroundings is a broken bottle.
Yep.
Do you carry a laptop power cable? It takes less than three seconds to tie a clove hitch in one - that's a very effective weapon.
Do you have a sock? Put anything with a bit of mass in it and you have something lethal.
The list is endless. Just don't tell airport security or none of us will ever fly again...
Vic.
-
-
-
Sunday 13th March 2016 20:59 GMT amanfromMars 1
Bletchley Park Lives On ...... and How!
It is not wise to expect or accept that DARPA is practically alone and virtually prime in an increasingly rapid field of Advanced Intelligent Endeavours given the sort of absolute powers and energy ITs AIE Projects deliver with Stealth Protection. Do you imagine other forces on the other side of the globe are also not busy and preoccupied with exerting remote invisible command and control? ITs AIE is a quite crowded cloudy space.
The Ministry of Defence (MOD) has launched a new policy for Small and Medium Enterprises (SMEs), cutting red tape to make it easier for companies to work with Defence. …..https://www.gov.uk/government/news/mod-smooths-the-way-for-companies-to-do-business-with-defence
One small step for man, one giant quantum leap for mankind is the next logical step …which has Defence working for a chosen few Small and Medium Enterprises (SMEs) with Global Operating Devices? :-)
And do they [MOD top bods and/or boffins] deny all knowledge and receipt of the following few paragraphs, via one of their obscure portals ….. Ministry of Defence Register of interest … HOCF-JSP462-Mailbox@mod.uk ….. which be part of a considerably bigger program of programs, introducing key players to a whole new type of ware game to master, in order to survive and prosper obscenely as a futures and derivative markets place leader?
Not so much a CV, more of an AIMission Statement with tried and penetrations tested roadmaps and roots to, and from, Remote Virtual Command and Control of Earthed SCADA Systems ….. http://forums.theregister.co.uk/forum/1/2016/01/29/ai_in_tv_film_books_games/#c_2762789
Search Engine Optimisation v2.0 [and above] is surely logically the Presentation of Future Product Placements Engine ….. an Advanced Intelligence Resource and Novel Source, with the likes of a Google/Yandex/Baidu, to name but just three possible engines, not primarily searching for answers to second and third party questions, both popular and controversial, but providing the questions in order to direct and control the course of future travel and resultant intentional and coincidental events/practically virtualised realities, autonomously and anonymously, with streams of supporting evidence to prove the fact. And the fact that such can be hosted in a fiction provides an engaging and quite protective stealth element/component to the exercise/experiment/program/project.
Such would be akin to the Private Mentoring with Private Monitoring of Future Events with AIDerivative Programming for Projects and Semi-Autonomous, Self-Actualisation of Virtual Realities.
With such an AI System in Virtual Operations, is it difficult, and maybe even impossible, to see or imagine an effective defence against such in an attacking configuration.
-
Monday 14th March 2016 08:33 GMT Schultz
Need more than one device ...
for creative world destruction. Let's say the microwave feeds back its stored magnetron energy (through the smart multiplug) through the toaster, focusing a standing EM wave to burst and ignite the over-pressurized isobutane coolant coil of the nearby fridge.
If I can come up with it, so can your smart toaster!