[Discuss] Security
Matt Shields
matt at mattshields.org
Wed Nov 2 14:19:23 EDT 2011
On Wed, Nov 2, 2011 at 2:05 PM, Gregory Boyce <gboyce at badbelly.com> wrote:
> On Wed, Nov 2, 2011 at 1:10 PM, <markw at mohawksoft.com> wrote:
> > At my work, here are a few vending machines. One of these machines has a
> > nice little antenna on it. Presumably, it communicates via cellular
> > network to the vendor in order to report on usage and supplies. Yes, good
> > idea. Cool.
> >
> > It occurs to me that this machine, most likely, did not have to go
> through
> > any vetting. Not only that, I bet the grunts that stock these machines
> are
> > hired more for strong backs and no criminal record.
> >
> > So, here we have a powered machine with external wireless connectivity on
> > the premises with no actual over site. It is there 24x7, powered!
> >
> > Think of all the cool/evil things you could put in a vending machine with
> > a wireless link. Imagine having direct access to a Linux box in almost
> any
> > company you want. You could run any software you want. You could have
> > wi-fi too. Could you break the company's wireless security? Could you
> > monitor their wireless communications? Could you eaves drop on
> > conversations near by?
> >
> > Everyone suspects the cleaning crew, and if you are interested in
> > security, you do background checks. Almost no one cares about the vending
> > machines.
>
> There's nothing that device can do to your wilreless network that a
> person with a directional antennae can't already do. As long as you
> don't plug it into your internal network, you're not worse off.
>
> As for the eavesdropping, you wouldn't need an obvious antennae for
> that. There could be a camera or microphone in older vending
> machines, televisions, coffee machines, fridges, ceiling tiles or even
> a cabinet. These could have less obvious antennas or hey, just have
> the recordings picked up occasionally during maintenance.
>
> There's an infinite number of things that "could" happen. You need to
> consider the likelihood and impact of those sorts of attacks. In most
> cases the likelihood is minimal. Impact is probably minimal as well
> unless its in the board room.
> _______________________________________________
> Discuss mailing list
> Discuss at blu.org
> http://lists.blu.org/mailman/listinfo/discuss
>
I think his point was more that these "smart" vending machines are becoming
more commonplace. Even these days companies put ethernet jacks in the
kitchen, so what *if* someone who was malicious put something inside a
vending machine and plugged it into your network. Or what if it had
camera/microphone, most people talk shop even in the kitchen.
Speaking of that, I remember a few years ago a company I was at talking
about checking ethernet jacks periodically to make sure no devices were
plugged in that shouldn't be.
Matthew Shields
Owner
BeanTown Host - Web Hosting, Domain Names, Dedicated Servers, Colocation,
Managed Services
www.beantownhost.com
www.sysadminvalley.com
www.jeeprally.com
Like us on Facebook <http://www.facebook.com/beantownhost>
Follow us on Twitter <https://twitter.com/#!/beantownhost>
More information about the Discuss
mailing list