Schneier on Security

Clive Robinson • August 2, 2022 8:03 PM

@ ALL,

First I need to make a disclosure,

As I’ve mentioned before I was involved back two decades ago with a company that through a number of Cellphone Service Providers in the EU, US and other countries were collecting vehicle movment data.

This was at a time when “vehicles were not connected” but the “drivers were connected” by their mobile phones.

Back then the “richness of data” now obtained from OEMs was not there, but you could “build it up” despite trying to anonymize it. Including being able to take a guess at just where individuals were going, thus doing.

For instance you knew which end of the journy was “home” from the frequency of visiting the location. Knowing the “area” business map and other visit frequency you could work out when they were regular “food/household” shoping and when they were going to other places.

Other places being amoungst others Churches, Hospitals, Doctors, Dentists, Lawyers, Vets and similar. Because in the main their ofices were not in “shoping centers” or similar areas and were the only offices there.

Something people might want to consider when driving their vehicles.

Also consider what else you do “hand over” to the unregulated OEM via your mobile phone when you “pair it” to the vehicle or entertainment system such as your “phone book”, Who, When, where and how long you call someone, SMS “message content”, and in some cases you “give the audio of those calls”.

Also consider the data from other devices that use WiFi and Bluetooth, within the vehicle. There is the obvious tracking of Internet use meta-data via WiFi, but also all that audio/visual service stuff which goes into the vehicle “entertainment system”.

But what about the real creapy stuff, like those fitness bands/watches, and way worse those new medical devices that give near constant output via Bluetooth of your “vitals” including the likes of blood sugar, heart rate, oxygen saturation, body temprature etc. If it can be measured conveniently in a minimaly or non invasive way their is very probably now a Bluetooth device and mobile phone app being developed or available. Cryptography is CPU cycle and battery power “heavy” as well as difficult to get even close to being right. So as Bluetooth is “personal networking” it’s privacy / security protection is very minimal if non existant.

Now consider the recent issues with the SCOTUS and “Dobbs -v- Jackson” decision, where half a century of women’s fertility rights from “Roe -v- Wade” was struck down. Now ask the question as to how many women know that their fertility cycle can be determined from just their body temprature when monitored on a near daily basis?

All those little “Health and Fitness” gizmos that talk to a mobile phone over Bluetooth with little or no real privacy / security will also be heard by the vehicle’s Bluetooth receiver and backend system. How long before that all gets “vaccumed up” and delivered into the hands of data aggregators? To then be made available to “interested parties” who have a few pennies to put down, such as law enforcment, or just some nut-ball religious group?

After all if religious newsletter[1] can unmask a priest’s “location” and then allege probable “activities” via data purchased from data aggregators and make it public…

As the US has a predeliction for attacking politicians through their family members[2], how long befor such data gets used?

How long before “witch hunts” on women in general start up again by the authorities or others based on the output of privacy destroying data aggregators?

[1] The case just last year of the Reverend Monsignor Jeffrey Burrill. Who was general secretary of the US Conference of Catholic Bishops (USCCB) resigning after “The Pillar” Roman Catholic newsletter alleged it had obtained de-anonymised data which indicated the Monsignor had visited gay bars and used a gay location-based dating app.

[1] Even though it started more than a decade and a half ago, who can forget Alaskan Governor Sarah Palin and those in her immediate and greater family, who were frequently reported world wide for their alleged unlawful or immoral behaviours.

Clive Robinson • August 3, 2022 8:13 AM

@ Paul,

“The nut-balls are already after women…”

If it were just nut-balls, I would be less worried.

But it’s not, this are people in positions of power such as the previous US Vice President Michael Pence, and US Attorny General William Barr. Both clearly being backed and heavily involved with what I would call strongly right wing authoritarian religious groups.

These religious groups are on the rise and many find their strongly conservative view point comforting. Unfortunately they are very much neo-con hiding places.

As I’ve pointed out in the past about half a millennia ago the sovereign nation power structure was based on the “Estates of Man” in which the majority had no-say and in fact were a form of property actually worse than being slaves. The only way out and a path to power was through “the church” however in order to keep significant power build up happening “men of god” were baned from having children thus building up the sorts of power structures the Barons and other land holders had in a non industrialized societ.

Many in religion lust after power and modern religions where those who control the power structures can have children are a significant danger.

The founding fathers were well aware of the religion problem which is ehy they enforced a seperation between church and state. Which you might have noticed is being continuously eroded especially in more recent times.

Barr in some of his speaches indicated he wanted to return to the “absolute ruler” system which was what monarchs playing the “King Game” were.

Pence likewise made it clear his church came before the nation and it’s citizens.

The US citizens realy do not want these kinds of people to get their hands on power, because the result will be back to a worse form of “The estates of man” model.

Clive Robinson • August 9, 2022 3:14 AM

@ battles, ALL,

Re : Cutting Comms

“I am going to disconnect or short the antenna.”

Sorry I’m going to be the “Debbie Downer” on this idea…

Firstly you have to find the antenna.

To do that, you have to know what it looks like… And that is a hard task these days

Because, any conductor can be an antenna, and it’s flip side is any slot, gap or hole in a conductor can also be an antenna due to that anoying fundemental of physics “symmetry”. Even plastics because they are “dielectrics” can “lens” electromagnetic radiation, and grids of wires can do similar.

The old way of spotting an antenna was to look for “resonant lengths” and then manually test. However there is a new antenna type around known as “Fractal antennas” which tend not to have resonant lengths as part of their features.

But… as there is now a lucrative market for this information, you can be certain that everyone will want to be in on it.

As radio interfaces come built in effectively for no cost on many microcontrolers these days you can expect every bit of electronics from the engine managment through to the window mirror and light controls/de-icers to have them built-in in a way that makes them non removable.

So your quest will with time become like the quest for the Holy Grail, to find a legal road vehicle that has no microelectronics in it.