A Crazy Toaster: Can Home Devices Turn Against Us?

Home networking devices, wireless equivalents, hardware and technology raise new privacy and trust issues.
Can home devices turn against us and spy on our home network?
Do we care if our toaster sees us naked?
Technology is about to replace the trust model we use today .
Recently I had the pleasure to talk at ClubHack ,India's own International Hackers' Convention held in Pune.
The talk covered a scenario of "Crazy Toaster". Trojan device under Vista and XP environment, or software with TCP/IP capabilities like routers, media players or access points, that joins a local area network and thus becoming a security hazard.

Checkout 'Crazy Toaster' as presented at DefCon convention 2007 at the Riviera ,Las Vegas Defcon 15

People get confused between people that know things and machines that know things.
There are common privacy issues ,do we care if Google machines know that we would like to pay for porn? does this information can be given to a human? Usually we don’t trust a human in 100% to be able to deal with his knowledge about us, should we trust corporations like Google? should we trust hardware and software vendors?

While researching Simple Service Discovery Protocol (SSDP) & Universal Plug and Play (UPnP) we realized that protocols allow not only routers, media players, servers and other devices to connect seamlessly but also to attackers.
A side effect of our research was a Windows XP Simple Service Discovery Protocol Distributed Denial of Service Vulnerability , which allow a remote attacker that resides on the Lan segment connected to the affected appliance/ Trojan to exploit this vulnerability to deny service for all legitimate Lan users

The folks at Microsoft response team plan to fix on upcoming service pack 3 for windows XP.

Cheap hardware appliances open a door for “bad guys” , Wireless hardware opens new ball game.
Media centers , Game consoles , GSM Cell Phone & Linux embedded systems are not only cool devices but also target to remote attackers .

Home networking devices, wireless equivalents, hardware and technology raise new privacy and trust issues.
Can home devices turn against us and spy on our home network?
Do we care if our toaster sees us naked?
Technology is about to replace the trust model we use today .
Recently I had the pleasure to talk at ClubHack ,India's own International Hackers' Convention held in Pune.
The talk covered a scenario of "Crazy Toaster". Trojan device under Vista and XP environment, or software with TCP/IP capabilities like routers, media players or access points, that joins a local area network and thus becoming a security hazard.

Checkout 'Crazy Toaster' as presented at DefCon convention 2007 at the Riviera ,Las Vegas Defcon 15

People get confused between people that know things and machines that know things.
There are common privacy issues ,do we care if Google machines know that we would like to pay for porn? does this information can be given to a human? Usually we don’t trust a human in 100% to be able to deal with his knowledge about us, should we trust corporations like Google? should we trust hardware and software vendors?

While researching Simple Service Discovery Protocol (SSDP) & Universal Plug and Play (UPnP) we realized that protocols allow not only routers, media players, servers and other devices to connect seamlessly but also to attackers.
A side effect of our research was a Windows XP Simple Service Discovery Protocol Distributed Denial of Service Vulnerability , which allow a remote attacker that resides on the Lan segment connected to the affected appliance/ Trojan to exploit this vulnerability to deny service for all legitimate Lan users

The folks at Microsoft response team plan to fix on upcoming service pack 3 for windows XP.

Cheap hardware appliances open a door for “bad guys” , Wireless hardware opens new ball game.
Media centers , Game consoles , GSM Cell Phone & Linux embedded systems are not only cool devices but also target to remote attackers .

Was a very long break

back to Blog

Dror Shalev Web Site!


ok

Gmail is Here , Google Accounts: lets play

Dror Shalev Web Site!

My Cool Security Site

i aggree