Lock Picking Tools look like This

Set of lock picks

The L-shaped ones on the right are “torsion wrenches”. Use one of those simultaneously with one of the “picks” on the left.

A lock pick gun

It automates the above process, and while often seen in movies, it’s not that seamless.

It’s way noisier than you’d like it to be, and causes more damage to the lock than picks, leaving evidence of your presence.

(always be mindful of where you leave fingerprints.)

Spotted at SecTor 2014

 

 

The ‘Rule of Thumb’ for WiFi Range

An average router’s signal will travel:

– 150 ft inside a structure (eg. your home)
– 300 ft outside

Even if you’re living in the centre of a barren, 1,000 foot field (why are you doing that?), still password protect your WiFi (your SSID) using WPA2.

A good password looks like this:
^NKglYA%]tckcM?wG7?r6nFp!

And change your router password, because when was the last time you did.

 

 

Dispelling Fears about Car Hacking

Real brief: the problem is cars operate on the CAN bus network, which was designed in the 1980s, when the internet didn’t exist. Learn about CAN here.

Speaking with Chris Valasek, physical access is still required to hack the car. For now. (I’d try coming in via Bluetooth.)

Read it online at Autonet.

Favourite line:

That’s how car hacking works: the system doesn’t ask where the message came from or who sent it, it just accepts and executes it.

Plus the ending, because it’s true.

To attack, it’d be more efficient to roll that newspaper into a baton, than go after the target’s car.

***

Back to ‘Keri on Driving’ – Index

Blog tag = auto security

 

 

Sign & Help to Improve Automotive Security

A group of security professionals have formed “The Cavalry“: dedicated to improving collaboration between the cyber security and automotive industries.

Because what if things like adaptive cruise control, electronic braking and stolen vehicle recovery technology could be used nefariously? What if all Toyotas in Canada were instructed to go left next Tuesday at 1pm? Like that.

Specifically, they’re proposing a Five Star Automotive Cyber Safety Program:

1 – Safety by Design
2 – Third-Party Collaboration
3 – Evidence Capture
4 – Security Updates
5 – Segmentation & Isolation

Why I signed: 

Sign it too, here.

Non-security nerds: I know this stuff can seem shadowy and strange, with a name like “The Cavalry” and a blank profile pic, but in this particular case it’s okay, I know one of the guys in real life; I signed with my real name, not Blog.

 

 

Join an Industry with a 100% Employment Rate

Online security.

There’s 1 day left of SecTor, Canada’s premiere security conference.

That blog title is not dramatic, it’s like 98%. Makes sense, look how fast we adopted the internet of everything, that’s currently pretty vulnerable and held together with popsicle sticks, a nightmare is coming, one day you’ll tell your grandchildren of a time when people’s password was password, tada! You have a job for life.

I went straight for the car hacking stuff.

What to do while there

Check out the Keynote while eating lunch, and making friends.

Sit in on a talk, which looks like this.

That’s Christopher Pogue of Nuix, talking about cybercrime and forensics. He made a good point: if the 3rd parties and vendors connecting to your network aren’t secure, neither are you.

Or if you feel shy, go to the lock picking village and grab a seat; I find people into locking picking are generally welcoming and fun.

Take the requisite conference-bathroom-selfie.

Don’t be shy to ask questions! And don’t let the nature of the information put you off, it’s a friendly crowd.

Too bad you missed the annual party, though. Finally after 1,000 emails got meet Sabrina, who runs communications & media, and edited my article about the car hacking keynote by Chris Valasek.

Whom I also met IRL, read that piece here.

Tickets and location information here, and whomever’s running their Twitter is funny @SecTorCa #SecTorCA

One day I’d like to give a talk, maybe another year of quiet study first.

I have 3 possible topics, but they’re not yet strong enough to type here.

Blog tag = SecTor