Careers

Experiences

Industries

Offices

Our Firm

Pages

Our People

Updates

Practices

Warner Norcross + Judd LLP is a corporate law firm with over 230 attorneys serving clients in nine offices throughout Michigan. Among the largest law firms in Michigan, Warner works in virtually all areas of business law.

Michigan Law Firm - Warner Norcross + Judd LLP

I spent last weekend at <a href="https://www.defcon.org/html/defcon-23/dc-23-index.html" target="_blank" rel="noreferrer noopener">Defcon 23</a>, the annual hackerpalooza in Las Vegas. As usual, the experience was good for quickly disabusing people like me of the comfortable fiction that any digital information is truly secure. In five simultaneous tracks over three days and multiple ongoing "villages," computer-savvy technophiles demonstrated their ability to gain unintended access to nearly every digital device imaginable.

contentpilot/introduction

Presenter after presenter shared intricate details of the code used to accomplish these feats. The illustrated, step-by-step&nbsp;explanations (peppered with obligatory memes) followed a familiar pattern: hacker sees device; hacker determines how device operates; hacker applies a handful of well-known methods of attack; hacker obtains access to device, to the amusement of all present. &nbsp;And the amazing part is how easy they all make it look. Samy Kamkar broke&nbsp;down how he repurposed a child's toy into a device that could crack any garage door opener within 8 seconds--all because manufacturers chose to use static codes instead of rolling ones (not that those proved impenetrable either).

core/paragraph

Then there was the name-brand safe designed to securely store paper money in commercial establishments. &nbsp;Dan Petro and Oscar Salazar&nbsp;seemed almost embarrassed to <a href="http://www.wired.com/2015/07/brinks-super-secure-smart-safes-not-secure/" target="_blank" rel="noreferrer noopener">explain</a> how easy it had been to crack this design. The audience roared over such laugh lines as "it has an easily accessible USB port," "I plugged in a mouse--and it worked," "the control panel was held in place by uncovered, Phillips-head screws," and "it runs Windows XP!"

But the most disturbing IoT hacks were those applied to connected cars and their infrastructure. The headline of the conference, of course, was the <a href="http://www.ioactive.com/pdfs/IOActive_Adventures_in_Automotive_Networks_and_Control_Units.pdf" target="_blank" rel="noreferrer noopener">remote Jeep hack</a> that had been released to the press a week before the event. (There was even a demonstration Jeep on hand in the Car Hacking Village, although with its name badges mercifully obscured.) Mark Rogers and Kevin Mahaffey&nbsp;walked through their successful <a href="http://www.wired.com/2015/08/researchers-hacked-model-s-teslas-already/" target="_blank" rel="noreferrer noopener">attempt</a> to commandeer a Tesla, although the lengths to&nbsp;which they were required to go demonstrated that the car was one of the most secure on the road. Kamkar&nbsp;explained how he managed to intercept and use door-unlocking signals from a driver's <a href="http://www.roadandtrack.com/new-cars/car-technology/news/a26327/hacked-keyless-entry/" target="_blank" rel="noreferrer noopener">key fob.</a>

Proving that the future holds no promise of security, moreover, Colby Moore&nbsp;gave a chilling <a href="http://www.wired.com/2015/07/hackers-heist-semis-exploiting-satellite-flaw/" target="_blank" rel="noreferrer noopener">demonstration</a> of how he managed to hack the orbital satellites used to track the geolocation of vehicles and other connected assets. Specifically, he managed not only to decode the signals coming from those satellites, but also to commandeer the signal to send his own, false location information. Using this method, one could conceivably send an entire fleet of self-driving cars over a cliff like so many lemmings.

In keeping with the "white hat" ethos of the event, each of these researchers had disclosed the results of their efforts to the manufacturers of the devices in question before publicly disclosing their methods. In most cases, they found the manufacturers to be receptive, even grateful. Tesla went so far as to send its CTO to the even to be onstage with the presenters, and had one of their vehicles on display in the Car Hacking Village. It is one of a growing number of companies that incentivize&nbsp;hackers like these with "bug bounties," in order to test and improve their products' security. As usual, the Federal Trade Commission was there recruiting, and <a href="http://www.theverge.com/2015/6/3/8722287/darpa-cyber-grand-challenge-qualification-defcon" target="_blank" rel="noreferrer noopener">DARPA</a> plans to participate in one of the event's challenges next year. But there are always a few manufacturers who don't appreciate being exposed, such as the maker of the aforementioned satellite network. According to the presenters, this company had been less than cooperative with their attempts to report and rectify the insecurity. &nbsp;This leads one to wonder just how many vulnerabilities out there could have been fixed if manufacturers had been more willing to listen.

As the internet continues to seep its way into the things that make up our daily lives, the idea&nbsp;of information security will continue to be an increasingly tenuous concept. Fortunately, the motley assortment of hackers who descend upon Vegas every summer are out there, on our side.

Oh yeah--and it's also refreshing to find they have great taste in books, too. &nbsp;I was humbled and gratified to see my recent book on <a href="http://www.amazon.com/Augmented-Reality-Law-Privacy-Ethics/dp/0128002085/ref=sr_1_1?ie=UTF8&amp;qid=1417796513&amp;sr=8-1&amp;keywords=augmented+reality+law" target="_blank" rel="noreferrer noopener">Augmented Reality Law, Privacy and Ethics </a>on sale in the Defcon Vendor Room!

Augmented Legality

Emerging Media and Technologies

Partner

Brian D. Wassom

Information Technology Transactions

The Internet of Things Has No Clothes – A Defcon 23 Summary

Warner Norcross + Judd LLP is responsible for the contents of our advertising and this website. Please read our full <a href="/privacy-policy/" aria-label="see privacy policy">privacy policy</a> available on our website. If you have any questions or comments about our website or our Privacy Policy please contact us at <a href="mailto:info@wnj.com">info@wnj.com</a> or 616.752.2000.

The Internet of Things Has No Clothes – A Defcon 23 Summary

professionals