Electronic Frontier FoundationJul 22, 2024
DHS bought a dog-like robot that it modified with an antenna array to let law enforcement overload people’s home networks to disable any “internet of things” devices, according a transcript obtained by EFF’s Dave Maass and shared with @404mediaco. https://www.404media.co/dhs-has-a-ddos-robot-to-disable-internet-of-things-booby-traps-inside-homes/
DHS Has a DoS Robot to Disable Internet of Things ‘Booby Traps’ Inside Homes

"NEO carries an onboard computer and antenna array that will allow officers the ability to create a ‘denial-of-service’ event to disable ‘Internet of Things’ devices that could potentially cause harm while entry is made."

404 Media
Show threadCamerondotcaJul 22, 2024
@eff @404mediaco erm... and also handily turns off any recording devices so they can human rights violate to their little heart's content.
Show threadthe_wigglerJul 22, 2024

@camerondotca @eff @404mediaco hardwire your cameras too.

Who would build an iot enabled booby trap? That's a weird cross section of extremely security conscious and extremely security incompetent.

Show threadCamerondotcaJul 22, 2024
@the_wiggler @eff @404mediaco The thing is a) yes b) yeah, but no everyone is going to do that c) this doesn't mitigate what this thing is REALLY going to be used for.
Show threadZoarial94 Jul 22, 2024

@camerondotca Other than disabling nearby mics, how might this be abused? I'm not fighting for police surveillance or abuse, but I'm looking for a more concrete argument.

I honestly believe that wireless devices shouldn't be used in critical systems, so wireless cameras will always have the downside of being wirelessly disabled. If anything, this article should push people to use more resiliant systems for preventing abuse. (E.g. hardwired home surveillance)

At the same time, it shows that technology increases the likelyhood of abuse and the tech should be designed in a way to minimize or prevent abuse.

Show threadLisPiJul 22, 2024
@Zoarial94 @camerondotca > At the same time, it shows that technology increases the likelyhood of abuse and the tech should be designed in a way to minimize or prevent abuse.

Only if you ignore all the abuse prior to mass computerization and how little of it managed to get caught on tape.

But otherwise yes. Conventional consumer wireless is for shit you generally don't care about and for which downtime is acceptable.

Otherwise you have the choices of hardwiring (ideally with fiber, completely unaffected by electromagnetic interference) or custom wireless & FSO communication systems.
Show threadZoarial94 Jul 22, 2024
@lispi314 I'm not ignoring previous abuse. Before the computerization of everything, there was still abuse. Nowaday, it is possible for our own computers can aid in that same abuse. That is the point I'm trying to make.
Show threadZoarial94 

@lispi314 DOSing wireless cameras doesn't necessarily directly aid abusers. It might make abuse easier, but it's the tools used to take down a camera that are directly aiding them.

Allowing abusers to tap in and view said cameras does aid abuse directly.

One of these scenarios has no benefit to a homeowner. And the other has a net negative effect. It is very situation dependent. My point it, we need tech to work for us. Or at least, not work against us.

Jul 22, 2024 at 11:28pmWeb
Show threadLisPiJul 22, 2024
@Zoarial94 ...Yeah but literally any tool that increases capacity for literally anything can be misused. (I suppose you could squint that into being an argument that every tool facilitates abuse.)

Every tool is fundamentally dual use (which is why dual-use technologies regulation is bullshit, everything is dual-use and failure to figure out such a way to misuse a tool or object is simply an indication of a lack of imagination).

I also consequently do not think it is possible to design a technology to prevent its abuse. It is possible to make that not be its primary use, and to make its primary use when access isn't explicitly given to abusers safe, but guaranteeing anything more doesn't seem possible to me.
Show threadZoarial94 Jul 22, 2024

@lispi314 I disagree with your point that you can't prevent a technology from being abused. Look at zero-trust principals and encryption. Look at the steps journalists take to protect themselves.

Look at (some of) the steps Apple has taken to protect their users. Adding more Encryption to iCloud.

Look at Google Pixels:.
Hardware rate-limited unlock attempts.

Both iOS and Android: full disk encryption. Permission sandboxing. Camera and mic in-use lights (the new macbooks have this in the DISPLAY HARDWARE!)

Companies also fix vulnerabilities to prevent abuse from bad actors or bad-faith abusers.

These technologies prevent abuse. They're certainly not perfect at the start, but they are designed to prevent abuse. That's not to say certain features can't be abused (photo scanning).

We need to fight for technology that works in our favor. It's always been a tradeoff between convenience and security, but we can make the line less and less noticeable.

Show threadZoarial94 Jul 22, 2024
@lispi314 Wired cameras which record to an encrypted disk are much harder to abuse than unencrypted wireless cameras that share their footage with a company that hands over that same footage to the police when they ask.
Show threadLisPiJul 23, 2024
@Zoarial94 Indeed, proprietary malware devices that share privileged information with abusers and undesirable third parties cannot be trusted.
Show threadLisPiJul 23, 2024
@Zoarial94 All of those examples are predicated on making them less practical to abuse than other options.

Zero-trust stuff is usually still readily abusable by physically breaking into places or resorting to various forms of coercion.

Google Pixels have a built-in permanent DoS? That's abusable in itself if you time things and come up with an appropriate scenario.

Android's FDE is broken in a number of ways and that only helps if the device is stolen when off or by an unskilled abuser. I also wouldn't trust any of Apple's crypto without being able to audit their code.

Hardware bypasses are possible, it's also possible to eavesdrop based on accelerometers among other sensors. It is potentially possible to add a film on the phone itself that refracts or otherwise interferes with the light in such a way as to prevent the user from being able to notice without careful inspection.

> Companies also fix vulnerabilities to prevent abuse from bad actors or bad-faith abusers.

That is part of not explicitly giving abusers access.

> These technologies prevent abuse.

Mitigate it at best, enable new forms at worse.

> We need to fight for technology that works in our favor. It's always been a tradeoff between convenience and security, but we can make the line less and less noticeable.

So as I said, we have a choice of its primary use and how effective and safe it is in doing so.

Ultimately most security is sufficient inconvenience of attack.
Show threadZoarial94 Jul 23, 2024

@lispi314 That's exactly the idea and I think you're conflating two different ideas. I'm also not being clear when I say "prevents abuse".

I only have a deadbolt on my door. This prevents people from walking in, but it doesn't prevent someone from smashing the door to bits. It prevents people who jiggle the handle from getting it. It prevents abuse.

The motivation behind any secure system is that you protect against some threat model. For nearly anyone, basic protection is enough. When I say "Preventing abuse", I mean it raises the bar.

When you're up against a 3 letter agency... Yes, there's a lot you have to consider. It's also a relatively small population in reality.

There are technologies that can nearly prevent any abuse, but they come at some cost to convenience. I run GrapheneOS, so you'd be hard pressed to find anyone who could get into my phone (without breaking my kneecaps).

While you probably can't prevent all abuse, you can prevent abuse.