cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Caute_cautim
Community Champion

Are you being listened too?

Hi All

 

How would you know, unless you looked, that someone had enabled a feature on your TV, Mobile Phone or even Toaster etc?

 

Do we now have to become forensic investigators can carry out wide band receivers?

 

Regards

 

Caute_Cautim

19 Replies
JKWiniger
Community Champion

This is a very good question and it's right up there with how do you know if your system has been compromised. I know on a Mac laptop there is a LED that comes on when the camera is active. I am not 100% sure but I believe it is wired directly into the camera circuit so there is no way to turn on the camera without the LED coming on. I feel this type of protection real needs to be baked in when a product is created like the LED is. Even if there are indicators like this some people will still either not notice or just ignore them.

 

From a software standpoint when will we start seeing firewalls and other things for our IOT devices, or at least a router with an IOT enable firewall that has very strict control over who and what can get to these devices.

 

If anyone knows of a better answer I want to hear it because it is a problem and I hope there are some things I am not aware of.

 

John-

Caute_cautim
Community Champion

@JKWiniger   Hi John, a good point.  Shodan is one method for scanning for IoT devices, but it does mean potentially we would need to carry personal Technical Countermeasures System to detect, if such activity was being activated on your current systems.  Currently, without going through a mental process and logically working through ones settings.   Or perhaps this is a business opportunity?

 

Or perhaps a personal investment such as these:  https://thespystore.com.au/collections/bug-detectors

 

Regards

 

Caute_cautim

dcontesti
Community Champion

LOL anyone listening to me may be shocked.....I talk to myself when I work, but its worse when I start answering myself......

 

In all seriousness, most folks wouldn't even know that that feature was there and might not even care.  Given that a lot of the world's workforce are now working from home, I am concerned over corporate information that may or may not seeping out.  I have seen IT departments shipping new devices to non-technical folks and asking them to set up the device with no real instructions, .....I think bad business practice.

 

d

 

JKWiniger
Community Champion

@dcontesti I hate to break it to you but all this time you thought you were talking to yourself you were really talking to the ghost in the machine! That's my story and I'm sticking too it! Now I need to go find that sone with the line "I'm not crazy, you're the one that's crazy!" hahaha

 

With all the issues out there I am beside myself that companies do this stuff when we can easily have systems checked for minimum requirements before allowing access to VPNs, now we need an agent that ties into a web login so if you are out of compliance it will not let you log in.

 

Me and my crazy ideas 🙂

 

John-

Caute_cautim
Community Champion

@JKWiniger   Reassuringly, you are definitely not crazy at all.  Automation and baselines are required to ensure that settings have not changed or been tampered with .  If an endpoint for example is suspected of being compromised it should be immediately be isolated, and then investigated.   This demands automation and orchestration, which is a journey in itself.  But given the speed of interactions, and changes, we cannot simply depend on human beings to make rational decisions, when a single endpoint, may in fact compromise many more systems.   A level of paranoia is required to exist in today's rapidly changing environments.

 

Regards

 

Caute_Cautim

dcontesti
Community Champion

John and John,

 

I have always maintained that I am the only one that is crazy and the rest of world is sane LOL

 

d

 

JKWiniger
Community Champion

@dcontesti 

 

I just have to go there, I had genetic testing for drug interaction done in the past and the results seemed so odd I arranged to speak to the lab. The geneticist at the lad said she reviewed my results before calling me and was not sure what she was going to say to me, because my results were abnormally normal! hahaha

 

Not sure if that makes me crazy or everyone else crazy?

 

John-

rslade
Influencer II

> dcontesti (Community Champion) posted a new reply in Privacy on 08-09-2020 10:28

>   I have always maintained that I am the only one that is crazy
> and the rest of world is sane

Long ago I realized that the rest of the world is mad, and I am the only one who is
sane ... but they are in charge ...

====================== (quote inserted randomly by Pegasus Mailer)
rslade@gmail.com rmslade@outlook.com rslade@computercrime.org
I am so clever that sometimes I don't understand a single word of
what I am saying. - Oscar Wilde
victoria.tc.ca/techrev/rms.htm http://twitter.com/rslade
http://blogs.securiteam.com/index.php/archives/author/p1/
https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

............

Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468
Caute_cautim
Community Champion

@rslade   This wholly depends on who and what set the universal baseline or was it a recognisable medical standard?

 

Regards

 

Caute_Cautim