Greetings Many companies are now developing equipment for home use that is for the latest buzz in the world - - IoT (more morons them!). There is, as a result, the need to be searching for a cell phone signal (a wireless section that can only be put in airplane mode not an off). This machine behavior has me very concerned about my personal information security. Any suggestions on how to 'shut off' wireless services on a machine that doesn't really have too much in the way for access? (Only access that I can see is through the memory card but that only has data loaded no system information - - - no other visible ports. Any ideas for hacks to disable this wireless module will be gratefully accepted. (I do need the machine to work though so no - - - sledge hammers aren't an option!!! Have thought of using a farady cage but am not sure if that's going to be sufficient.) Regards Dee
A Faraday cage is enough. Put the machine inside a grounded metallic box, and you are good to go. Opening the machine and removing the wireless modules, or cutting traces giving power to the wireless module would be more permanent, but a Faraday cage is faster to deploy and "undeploy." On Jun 12, 2017 18:44, "o1bigtenor via talk" <talk@gtalug.org> wrote: Greetings Many companies are now developing equipment for home use that is for the latest buzz in the world - - IoT (more morons them!). There is, as a result, the need to be searching for a cell phone signal (a wireless section that can only be put in airplane mode not an off). This machine behavior has me very concerned about my personal information security. Any suggestions on how to 'shut off' wireless services on a machine that doesn't really have too much in the way for access? (Only access that I can see is through the memory card but that only has data loaded no system information - - - no other visible ports. Any ideas for hacks to disable this wireless module will be gratefully accepted. (I do need the machine to work though so no - - - sledge hammers aren't an option!!! Have thought of using a farady cage but am not sure if that's going to be sufficient.) Regards Dee --- Talk Mailing List talk@gtalug.org https://gtalug.org/mailman/listinfo/talk
You can never be paranoid enough. What your looking for is a tempest enclosure. Its basically a Faraday cage but tested to NATO et al standards.(https://en.wikipedia.org/wiki/Tempest_(codename)). A bunch of years ago I was dealing with CSE and got to learn that you can read a CRT screen from a good distance away (I vaguely remember it was on the order of a KM or so). There is apparently at least 1 tempest building in Ottawa that got screwed up because someone cut some holes for plumbing. So your not the first person worried about others capturing your radiated signal. Not that long ago I read an ACM article talking about being able to read an LCD screen in the next room from RF and then there was another ACM article about being able to read a screen from the reflection off a persons eyeballs. So to keep completely safe. 1) remove the battery 2) wrap it in aluminum foil 3) wrap it in copper foil 4) solder the edges. On 06/12/2017 05:56 PM, Mauro Souza via talk wrote:
A Faraday cage is enough. Put the machine inside a grounded metallic box, and you are good to go.
Opening the machine and removing the wireless modules, or cutting traces giving power to the wireless module would be more permanent, but a Faraday cage is faster to deploy and "undeploy."
On Jun 12, 2017 18:44, "o1bigtenor via talk" <talk@gtalug.org <mailto:talk@gtalug.org>> wrote:
Greetings
Many companies are now developing equipment for home use that is for the latest buzz in the world - - IoT (more morons them!).
There is, as a result, the need to be searching for a cell phone signal (a wireless section that can only be put in airplane mode not an off). This machine behavior has me very concerned about my personal information security. Any suggestions on how to 'shut off' wireless services on a machine that doesn't really have too much in the way for access?
(Only access that I can see is through the memory card but that only has data loaded no system information - - - no other visible ports. Any ideas for hacks to disable this wireless module will be gratefully accepted. (I do need the machine to work though so no - - - sledge hammers aren't an option!!! Have thought of using a farady cage but am not sure if that's going to be sufficient.)
Regards
Dee
--- Talk Mailing List talk@gtalug.org <mailto:talk@gtalug.org> https://gtalug.org/mailman/listinfo/talk <https://gtalug.org/mailman/listinfo/talk>
--- Talk Mailing List talk@gtalug.org https://gtalug.org/mailman/listinfo/talk
-- Alvin Starr || voice: (905)513-7688 Netvel Inc. || Cell: (416)806-0133 alvin@netvel.net ||
On Mon, Jun 12, 2017 at 9:44 PM, Alvin Starr via talk <talk@gtalug.org> wrote:
You can never be paranoid enough.
What your looking for is a tempest enclosure. Its basically a Faraday cage but tested to NATO et al standards.( https://en.wikipedia.org/wiki/Tempest_(codename)). A bunch of years ago I was dealing with CSE and got to learn that you can read a CRT screen from a good distance away (I vaguely remember it was on the order of a KM or so). There is apparently at least 1 tempest building in Ottawa that got screwed up because someone cut some holes for plumbing. So your not the first person worried about others capturing your radiated signal.
Not that long ago I read an ACM article talking about being able to read an LCD screen in the next room from RF and then there was another ACM article about being able to read a screen from the reflection off a persons eyeballs.
So to keep completely safe. 1) remove the battery 2) wrap it in aluminum foil 3) wrap it in copper foil 4) solder the edges.
Greetings Why - - - I do believe that that would work - - - except then the device isn't usable - - - shucks!!! Dee
On 06/13/2017 06:57 AM, o1bigtenor via talk wrote:
So to keep completely safe. 1) remove the battery 2) wrap it in aluminum foil 3) wrap it in copper foil 4) solder the edges.
Greetings
Why - - - I do believe that that would work - - - except then the device isn't usable - - - shucks!!!
Many years ago, Microsoft claimed Windows NT had "Orange Book" security. Problem was, to meet that the computer couldn't be connected to a network and removable media was prohibited. ;-)
On 13/06/17 07:17 AM, James Knott via talk wrote:
On 06/13/2017 06:57 AM, o1bigtenor via talk wrote:
So to keep completely safe. 1) remove the battery 2) wrap it in aluminum foil 3) wrap it in copper foil 4) solder the edges.
Greetings
Why - - - I do believe that that would work - - - except then the device isn't usable - - - shucks!!!
Many years ago, Microsoft claimed Windows NT had "Orange Book" security. Problem was, to meet that the computer couldn't be connected to a network and removable media was prohibited. ;-) --- Talk Mailing List talk@gtalug.org https://gtalug.org/mailman/listinfo/talk
And to add injury to insult, the machine only passed the "C" level exam, which is about equivalent to getting a C on a math exam. I prefer at least a "B", and once ran an "A"-rated device (a blacker box Sun used to communicate with a merchant bank). --dave -- David Collier-Brown, | Always do right. This will gratify System Programmer and Author | some people and astonish the rest davecb@spamcop.net | -- Mark Twain
On Tue, Jun 13, 2017 at 09:13:19AM -0400, David Collier-Brown via talk wrote:
And to add injury to insult, the machine only passed the "C" level exam, which is about equivalent to getting a C on a math exam. I prefer at least a "B", and once ran an "A"-rated device (a blacker box Sun used to communicate with a merchant bank).
But they were so proud to have the ability to verify what the application was really talking to the OS, which was a B2 feature and they were only testing for C2. I guess it meant it was the only feature that was better than C2 requirements. -- Len Sorensen
On Tue, Jun 13, 2017 at 07:17:38AM -0400, James Knott via talk wrote:
Many years ago, Microsoft claimed Windows NT had "Orange Book" security. Problem was, to meet that the computer couldn't be connected to a network and removable media was prohibited. ;-)
Well according to their website, NT 4.0 SP6a has been certified to C2 level with networking enabled. So it wasn't quite that bad. -- Len Sorensen
On 06/13/2017 06:57 AM, o1bigtenor wrote:
On Mon, Jun 12, 2017 at 9:44 PM, Alvin Starr via talk <talk@gtalug.org <mailto:talk@gtalug.org>> wrote:
You can never be paranoid enough.
What your looking for is a tempest enclosure. Its basically a Faraday cage but tested to NATO et al standards.(https://en.wikipedia.org/wiki/Tempest_(codename)) <https://en.wikipedia.org/wiki/Tempest_%28codename%29%29>. A bunch of years ago I was dealing with CSE and got to learn that you can read a CRT screen from a good distance away (I vaguely remember it was on the order of a KM or so). There is apparently at least 1 tempest building in Ottawa that got screwed up because someone cut some holes for plumbing. So your not the first person worried about others capturing your radiated signal.
Not that long ago I read an ACM article talking about being able to read an LCD screen in the next room from RF and then there was another ACM article about being able to read a screen from the reflection off a persons eyeballs.
So to keep completely safe. 1) remove the battery 2) wrap it in aluminum foil 3) wrap it in copper foil 4) solder the edges.
Greetings
Why - - - I do believe that that would work - - - except then the device isn't usable - - - shucks!!!
Dee
You can have either security or usability but almost never both. As for IoT. Its is most often bundled with "cloud" control and that is where I have a problem. The idea of networks of devices is great. Being able to control and monitor "things" over an internal wireless network is nice. Of course that is predicated on the wireless protocol being secure and very hard to hack. The problem quickly becomes all those devices like the Nest thermostat where your device is controlled and connected to some foreign corporation. They chose how you interact and if they decide to get out of the business(or go out of business) then your hardware is now just so much wall decoration. Then there is the fact that they can extract information about you by the way you control your devices and that is just a little bit creepy. I like devices that I can control from inside the perimiter of my own somewhat secured network. That way the control is what I chose and the information I share is my own security/privacy trade-off. -- Alvin Starr || voice: (905)513-7688 Netvel Inc. || Cell: (416)806-0133 alvin@netvel.net ||
On June 13, 2017 7:33:55 AM EDT, Alvin Starr via talk <talk@gtalug.org> wrote:
On 06/13/2017 06:57 AM, o1bigtenor wrote:
On Mon, Jun 12, 2017 at 9:44 PM, Alvin Starr via talk
<talk@gtalug.org
<mailto:talk@gtalug.org>> wrote:
You can never be paranoid enough.
What your looking for is a tempest enclosure. Its basically a Faraday cage but tested to NATO et al standards.(https://en.wikipedia.org/wiki/Tempest_(codename)) <https://en.wikipedia.org/wiki/Tempest_%28codename%29%29>. A bunch of years ago I was dealing with CSE and got to learn that you can read a CRT screen from a good distance away (I vaguely remember it was on the order of a KM or so). There is apparently at least 1 tempest building in Ottawa that got screwed up because someone cut some holes for plumbing. So your not the first person worried about others capturing your radiated signal.
Not that long ago I read an ACM article talking about being able to read an LCD screen in the next room from RF and then there was another ACM article about being able to read a screen from the reflection off a persons eyeballs.
So to keep completely safe. 1) remove the battery 2) wrap it in aluminum foil 3) wrap it in copper foil 4) solder the edges.
Greetings
Why - - - I do believe that that would work - - - except then the device isn't usable - - - shucks!!!
Dee
You can have either security or usability but almost never both.
As for IoT. Its is most often bundled with "cloud" control and that is where I have a problem. The idea of networks of devices is great. Being able to control and monitor "things" over an internal wireless network is nice. Of course that is predicated on the wireless protocol being secure and very hard to hack.
Software Defined Radio over USB is a little off this topic, but this presenter from last years defcon has a substantial list of usb hardware with pairing problems, macro vulnerabilities and IoT exploits. DEF CON 24 - Marc Newlin - MouseJack: Injecting Keystrokes into Wireless Mice https://www.youtube.com/watch?v=00A36VABIA4
The problem quickly becomes all those devices like the Nest thermostat
where your device is controlled and connected to some foreign corporation. They chose how you interact and if they decide to get out of the business(or go out of business) then your hardware is now just so much wall decoration. Then there is the fact that they can extract information about you by the way you control your devices and that is just a little bit creepy.
I like devices that I can control from inside the perimiter of my own somewhat secured network. That way the control is what I chose and the information I share is my own security/privacy trade-off.
-- Russell Sent by K-9 Mail
| From: Alvin Starr via talk <talk@gtalug.org> | You can have either security or usability but almost never both. Not always a direct tradeoff, but certainly often. | I like devices that I can control from inside the perimiter of my own somewhat | secured network. I'e concluded that you need multiple internal networks since it is really hard to trust black boxes. For example, I now have IP security cameras and cannot audit the firmware. Those guys are not going on my main home LAN. | That way the control is what I chose and the information I share is my own | security/privacy trade-off. Most relevant to TLUG: All systems other than Linux and other open source OSes (BSD, FreeDOS...) seem to have migrated to oversharing. And even on Linux, some important applications programs seem to be headed that way (Firefox?). In this they are following the lead of the Web, then Android and iOS. It's really sad how Microsoft gave away Windows' advantage over the cloud-based model.
On Tue, 13 Jun 2017 13:25:28 -0400 (EDT) "D. Hugh Redelmeier via talk" <talk@gtalug.org> wrote: <snip>
| That way the control is what I chose and the information I share is my own | security/privacy trade-off.
+1
All systems other than Linux and other open source OSes (BSD, FreeDOS...) seem to have migrated to oversharing. And even on Linux, some important applications programs seem to be headed that way (Firefox?).
with the advent of strong encryption it is in the best interests of multinationals and governments (+1% and Capital) that there are other ways of obtaining data. it would be trivial for the same players to make every person in the world 100% secure and private, if that was the objective. to social media & multinationals, people are now the products and the products must add, share and create new products. There are different rules, different goals and privacy has no future as people are similar to chickens in a mass scale chicken factory. The chickens are poor dumb creatures that simply exists to be eaten, completely ignorant of the full and final purpose of their meaningless existence. my additional 5c Andre
On Mon, 12 Jun 2017 18:56:27 -0300 Mauro Souza via talk <talk@gtalug.org> wrote:
A Faraday cage is enough. Put the machine inside a grounded metallic box, and you are good to go. Opening the machine and removing the wireless modules, or cutting traces giving power to the wireless module would be more permanent, but a Faraday cage is faster to deploy and "undeploy."
my tinfoil hat works well. maybe you can make a slightly larger tinfoil box?
Many companies are now developing equipment for home use that is for the latest buzz in the world - - IoT (more morons them!).
"Whenever IoT comes up, I remind people that in IoT, the S stands for security and the P for privacy" - Thomas Delrue
There is, as a result, the need to be searching for a cell phone signal (a wireless section that can only be put in airplane mode not an off). This machine behavior has me very concerned about my personal information security. Any suggestions on how to 'shut off' wireless services on a machine that doesn't really have too much in the way for access?
(Only access that I can see is through the memory card but that only has data loaded no system information - - - no other visible ports. Any ideas for hacks to disable this wireless module will be gratefully accepted. (I do need the machine to work though so no - - - sledge hammers aren't an option!!! Have thought of using a farady cage but am not sure if that's going to be sufficient.)
Regards
Dee
--- Talk Mailing List talk@gtalug.org https://gtalug.org/mailman/listinfo/talk
Can't help much with the security, but IoT security is typically hilarious. I have a potentially nice Linux/MIPS-based Onion Omega 2+ IoT board. When it's on a wireless network, I can't find a way to turn off its access point. As the AP has a trivially-guessable default password, it would open a nice hole into my network. Well, it would if it weren't wrapped in a box, unplugged ... I sometimes wonder if the extreme cheapness of some of the WiFi IoT things are predicated on being able to mine valuable info from owner's networks. I'm particularly thinking of the <$10 ESP8266 boards - if you're not paying for the product, you *are* the product. (Sorry I won't make it out for the meeting, but I did slightly over-promise myself for a Raspberry Pi event on the weekend, so soldering and acrylic varnish must prevail. It's good to be working again: Elmwood Electronics - https://elmwood.to - has all the best toys.) Stewart
participants (10)
-
ac -
Alvin Starr -
D. Hugh Redelmeier -
David Collier-Brown -
James Knott -
lsorense@csclub.uwaterloo.ca -
Mauro Souza -
o1bigtenor -
Russell -
Stewart Russell