Here's what I’m reading this week:
Dispatches from Defcon: Beware the Car Wash of Doom...: This week, we have interesting (and disturbing) news from the swarm of hackerdom that annually descends on Las Vegas for Defcon, Black Hat, and BSides: your car isn't even safe in it's bathtub.
The announcement of new vulnerabilities issuing from Hacker Summer Camp has become an annual tradition, so we shouldn’t be surprised about another story like this. But there's an interesting detail in this one.
According to the researchers, they’ve been able to exploit vulnerabilities in an internet-connected car wash to remotely take control of the system, "open and close the bay doors in the car wash to trap vehicles inside, or strike them with the doors, damaging them and possibly injuring occupants.” According to the researchers, this may be the first example of an exploit that uses a connected device to actually attack someone.
Of course, there have been other examples of vulnerabilities that could be used to cause physical harm (consider some of the connected-car hacks we’ve seen in recent years, or the constant discussion of weaknesses in critical infrastructure). But this exploit may be the first one where its designer contemplated physical harm, and imagining your touchless car wash suddenly smashing its devices into the side of your vehicle is, to put it mildly, scary.
I'm sure we can look forward to more vulnerabilities that could be used to enable physical harm in this incredibly personal way. There will probably be even scarier ones before long, but it all starts here.
- Section 230 of the Communications Decency Act is one of the little-known legal foundations of the modern Internet – it gives media platforms specific protections for statements made by users of those platforms (for example, it gives Facebook protections from being sued for something that a Facebook user might say on their account). As targeted hate speech has become more and more prominent in recent months, it has also come under pressure. Recently, Danielle Citron, one of the sharpest legal minds thinking about how to address these challenges, weighed in on how modest reforms to Section 230 might work. If you care about how the Internet works, this is an extremely worthwhile read.