Saturday, November 12, 2022

D-o-S attacks

 

I am not the sharpest tool in the shed, but how hard would it be to make every "Smart Device" in a home "Ping" a website?

During one upgrade in the factory where I worked, we installed 800 new, orange robots. It locked up the ethernet because every one of those robots was code to "Ping" and handshake to establish its "Master". Every one of those 800 robots, pinging at the default frequency overloaded the data bus.

The fix was to increase the time-lag between pings by about a factor of ten. Then the "Master" had time to complete the handshake before the next ping came in.

Given the proliferation of smart devices (coffeemakers, water-heaters, TVs, doorbells and so-on) could a computer savvy maintenance man at a large housing facility command all of those smart devices to prosecute a Denial-of-Service attack on some much-hated websites?

Asking for a friend.

21 comments:

  1. All those little boxes are computers running an operating system that is RARELY patched and running with default security settings.. The problem is hackers coming in more than smart maintenance men. One solution is to segregate all the 'smart' devices on their own network away from corporate resources. That doesn't help a DDOS attack but the maintenance guy would have to be more than a little computer-savvy.

    This isn't a theoretical attack. Around 2017 a Las Vegas casino paid the guys on "Tanked" to build a custom fish tank that had a wifi programmable sensors. Hackers got into the corporate network via the tank equipment and got out with high roller player data. Search "fish feeder hack darktrace" for more info.

    ReplyDelete
    Replies
    1. Yup, if you have one thing connected, they are all connected.

      Delete
    2. I have two routers nested behind my cable modem for just that reason. First router houses the untrusted network for Rokus, TVs, and cell phones and a guest wireless SID. The internal trusted network has our printer, PCs and local storage NAS and private wireless SID.

      Delete
    3. Many facilities tried to solve the problem by "air gapping" machines off the net, so they can only be interacted with by local human action... To get around this, exploits like "stuxnet" were designed to travel by "sneakernet", which is to move via thumbdrives or other human transported means. Once the exploit find itself running on an "air gapped" machine, it can attempt to bridge the gap by communicating with other machines in the vicinity via speakers and microphones outside of human audible frequencies.

      Delete
  2. Short answer, Yes, yes they could.
    If it's connected to the internet, it can be used/abused

    ReplyDelete
  3. Wordpress actually has really, really, really good anti spam filters and controls.
    Does G*ggle somehow profit from the spammer scammers posting scams and spams?

    ReplyDelete
  4. why i don't buy smart devices...sci-fi, read robopocalypse by daniel wilson...and the follow up robogenesis...

    ReplyDelete
  5. Oh dearest Anna! You break my heart! Didn't I express my undying love for you over at the Thunderbox? My sun rose and set on you! And now... you dump me for some hick out at Eaton Rapids? I'm sure my broken heart will never recover! HAR HAR HAR!!!!

    How long does the handshake take, Joe? If recall we got round that by token passing back in the day. I kinda got out of the game with all that data highway addressable nonsense. It was good enough for me that it worked.

    Errr... how long to do digitally interact with a machine that takes longer and is a bit more, shall we say, intimate?

    Errrr... asking for a friend, of course!!!!! Don't judge me!

    ReplyDelete
  6. MAGA 2022!!!
    PART TIME ONLINE JOBS
    Google is by and by paying $27485 to $29658 consistently for taking a shot at the web from home. I have joined this action 2 months back and I have earned $31547 in my first k month from this action.
    This Website OPEN HERE....... LiveJob247

    ReplyDelete
    Replies
    1. Well DANG !!!
      If you are a MAGA guy, welcome to the party !!!

      Delete
  7. Yep, yet one MORE reason to NOT have a 'smart' house... I agree with Rick T, lock everything down.

    ReplyDelete
    Replies
    1. While the cheapest approaches to "smart" houses use WiFi and give every device an IP and Internet access, there are protocols for a smart house where the individual light switches and sensors do not have an IP at all (e.g. Zigbee or Z-Wave).

      Another advantage of not tethering the devices to the Internet is they aren't depending on the vendor keeping the cloud service up (see for example how Google/Nest bought "Revolv" and then killed it off).

      Delete
    2. The problem here is that these Zigbee/Z-Wave devices exist to be controlled, so somewhere there is a machine which is controlling them (phone/laptop/etc), and *that* machine is likely on the net with an IP address.

      Delete
  8. You are jealous because you have that Dixie-Lez-Chicks disease where you cannot spell names. You like AnnA because you cannot misspell her name. Nice try, NelG.

    ReplyDelete
  9. I now no longer ever found out like it’s far even plausible but one (wdr-02) in every of my confidant pal made $27,000 most effective inside 4 weeks simply finishing this smooth possibility and additionally she has prompted me to avail. up to date information on touring following website….____HOMECASH1

    ReplyDelete
  10. There is some guy on utube who infiltrates scam call centers in India.
    Maybe he takes side jobs.
    Or has a friend.

    ReplyDelete
  11. The "Internet Of Things"....devices such as "smart refrigerators" etc. are a favorite target of hackers...especially for use in DDoS attacks.

    ReplyDelete
  12. The real answer is that they *could* be so used, theroretically. To do so would requre getting control of them. As stated earlier, that can be done by exploiting a known weakness that has not be "patched" (by upgrading the firmware/operating system), it could be done through normal channels by guessing the password (if that method was used) or by a back door (if you wrote the original code it came with), or by "discovering" a new weakness (zero day).

    The more complex the machine, it's function, or it's code, the greater the likelyhood such an exploit can be found. If you do that and get control of it, you can install your own code and add that machine to your "bot net". This is how most DoS is done. Many botnets are available for rent on the dark web.


    It *IS* possible to secure a machine against such attacks (again theroretically) by reducing it's complexity to a level you can fully understand, and managing the understood risk. I have had very good success in this endevour for nearly 3 decades, some of which involved hundreds of internet facing servers. It is serious work, and modern machines appear to have backdoors in hardware which may limit your ability to secure them against at least one state actor. It is possible to *know* if such a breach occurs, but may not be possible to know if it *can* occur.

    ReplyDelete
  13. We have a large Infosec practice at work, and their stance is "if you haven't been hacked yet, it is only a matter of time". If your computers are part of a bot net you may only see them running a little slow or see your internet usage is up. Botnets can be as valuable as data that is held hostage.

    ReplyDelete
    Replies
    1. If you're a "windows" house, that's probably true. I have my doubts that they can be secured. I have no experience with Apple boxen ( at least since the ][e ) Unix boxen *can* be secured.

      Delete
  14. If a much hated website was experiencing a dos attack with traffic from a single source, that attack is going to be fairly easy to remediate, with good tools and support upstream of the server. Yes in the hypothetical presented there are a bunch of devices hammering away at the website. The ISP is all going to be the same because it is in the same housing unit, and thus the source IP will be the same. The addition of a distribution to the attack makes life much more interesting for the admin.

    ReplyDelete

Readers who are willing to comment make this a better blog. Civil dialog is a valuable thing.