How would you know, unless you looked, that someone had enabled a feature on your TV, Mobile Phone or even Toaster etc?
Do we now have to become forensic investigators can carry out wide band receivers?
This is a very good question and it's right up there with how do you know if your system has been compromised. I know on a Mac laptop there is a LED that comes on when the camera is active. I am not 100% sure but I believe it is wired directly into the camera circuit so there is no way to turn on the camera without the LED coming on. I feel this type of protection real needs to be baked in when a product is created like the LED is. Even if there are indicators like this some people will still either not notice or just ignore them.
From a software standpoint when will we start seeing firewalls and other things for our IOT devices, or at least a router with an IOT enable firewall that has very strict control over who and what can get to these devices.
If anyone knows of a better answer I want to hear it because it is a problem and I hope there are some things I am not aware of.
@JKWiniger Hi John, a good point. Shodan is one method for scanning for IoT devices, but it does mean potentially we would need to carry personal Technical Countermeasures System to detect, if such activity was being activated on your current systems. Currently, without going through a mental process and logically working through ones settings. Or perhaps this is a business opportunity?
Or perhaps a personal investment such as these: https://thespystore.com.au/collections/bug-detectors
LOL anyone listening to me may be shocked.....I talk to myself when I work, but its worse when I start answering myself......
In all seriousness, most folks wouldn't even know that that feature was there and might not even care. Given that a lot of the world's workforce are now working from home, I am concerned over corporate information that may or may not seeping out. I have seen IT departments shipping new devices to non-technical folks and asking them to set up the device with no real instructions, .....I think bad business practice.
@dcontesti I hate to break it to you but all this time you thought you were talking to yourself you were really talking to the ghost in the machine! That's my story and I'm sticking too it! Now I need to go find that sone with the line "I'm not crazy, you're the one that's crazy!" hahaha
With all the issues out there I am beside myself that companies do this stuff when we can easily have systems checked for minimum requirements before allowing access to VPNs, now we need an agent that ties into a web login so if you are out of compliance it will not let you log in.
Me and my crazy ideas 🙂
@JKWiniger Reassuringly, you are definitely not crazy at all. Automation and baselines are required to ensure that settings have not changed or been tampered with . If an endpoint for example is suspected of being compromised it should be immediately be isolated, and then investigated. This demands automation and orchestration, which is a journey in itself. But given the speed of interactions, and changes, we cannot simply depend on human beings to make rational decisions, when a single endpoint, may in fact compromise many more systems. A level of paranoia is required to exist in today's rapidly changing environments.
John and John,
I have always maintained that I am the only one that is crazy and the rest of world is sane LOL
I just have to go there, I had genetic testing for drug interaction done in the past and the results seemed so odd I arranged to speak to the lab. The geneticist at the lad said she reviewed my results before calling me and was not sure what she was going to say to me, because my results were abnormally normal! hahaha
Not sure if that makes me crazy or everyone else crazy?
@rslade This wholly depends on who and what set the universal baseline or was it a recognisable medical standard?