
All but One "Watch Dogs 2" Hacks Work in Real Life - samtoday
https://learntemail.sam.today/blog/peak-internet-of-shit-all-but-one-watch-dogs-2-hack-works-in-real-life/
======
wccrawford
They're exaggerating to say that these hacks are real. They certainly aren't
real in the way they portray them in the game, by just pointing at something
and knowing instantly what can be hacked on the device and then pressing a
single button to actually do the hack.

But even without that, most of the "real life" versions of these hacks aren't
nearly so useful as in the game.

The game even invented fake operating systems and security systems so that
they could have what the game needed to be able to hack them. And they were
all internet connected, of course. Unlike real security systems. (I'll grant
that a lot of home security systems are on the internet, but corporate
offices? No.)

~~~
SolarNet
I mean there is also the conceit that there is a black hat movement (e.g.
dedsec) backing the main character composed of a few hundred people writing
exploits, etc. Which is of course a bit of superhero-esque fiction. But the
point is if Anonymous was organized and a bit more radicalized, it would be
_possible_ to write hacks like this.

For example if instead of presenting at conferences the exploit writers shared
them with other people who weaponized them and hooked them up to a proprietary
toolkit to act at the push of a button. Supported by a team of people who
managed an OS that provided these features. Supported by a team of people who
managed and maintained exploits into various networks.

In the game dedsec is a terrorist organization, with hundreds of cells, all
cooperating and sharing exploits, source code, 3d printing designs, botnets,
etc. internally. There are missions where you build a new tool for their OS by
working with multiple cells. Getting the prototype code, testing it, giving it
to a another cell to integrate, and then having it.

The point is with devoted manpower of that degree, and with common purpose,
this could actually happen, even if it's super unlikely, like many non-magical
superhero movies.

~~~
pavel_lishin
Reminds me a bit of Daniel Suarez's Daemon/FreedomTM.

------
cortesoft
The hack for causing accidents by hacking traffic lights wouldn't work because
they are physically incabable of giving green lights to the wrong
combinations.

~~~
67726e
Any resources? I'd be interested in reading about that.

~~~
wrboyce
A unit such as this[1] monitors the state of the lights and will not allow an
"illegal" output such as "all green".

[1] [http://www.orangetraffic.com/en/products/edi-
mmu-16e-malfunc...](http://www.orangetraffic.com/en/products/edi-
mmu-16e-malfunction-management-unit-edi)

~~~
keketi
What if the monitor unit malfunctions or is misconfigured?

~~~
dllthomas
My understanding has it that it's a comparatively simple piece of hardware,
and isn't networked. It certainly ever happens that they're wired up wrong,
but aren't something you can remotely hack.

~~~
MrMid
Well, this could help you detect malfunctioning/hacked unit. But I doubt it's
installed on every traffic light. AFAIK the traffic lights are controlled by
PLCs which can be easily reprogrammed if you gain access to them.

On the other hand, I've had an assignment a few weeks ago to make a circuit to
control some traffic lights for crosswalk, and I'm pretty sure it was simple
enough that the only way to hack it was to have direct access to it with a
soldering iron.

~~~
dllthomas
It's my understanding that it is quite specifically installed on every traffic
light (in the sense that it's both the purpose of the device and that it's
legally required). Note that this does not _control_ the lights, it simply
monitors and switches to flashing-yellow (until a manual reset) if there's an
error.

Mind you, none of this is first hand.

------
smoyer
Yes ... our lives will get a lot more "interesting" as the script kiddies
figure out how to disrupt physical infrastructure. Most of the state actors
aren't interested in crashing these systems (at least for now - that could
change with the appropriate war). Instead, there's a profit motive in
electronic espionage. When this knowledge is acquired by those that just want
to break things, we'll find life a bit harder.

~~~
danso
I do think a lot of the "comfort" that we have now is security through
obscurity, i.e. lack of motive or passion. Ignoring the discussion of who
actually was behind the targeting of the Clinton campaign, it's clear that all
it took to make a massive impact is a batch script and very limited social
engineering: [http://motherboard.vice.com/read/how-hackers-broke-into-
john...](http://motherboard.vice.com/read/how-hackers-broke-into-john-podesta-
and-colin-powells-gmail-accounts?trk_source=homepage-lede)

~~~
smoyer
That reminds me of another point ... we're getting used to seeing breaches
that expose personal data, credentials, etc. But what other kinds of "data
disasters" might come about through mass breaches similar to the MongoDB story
on the front page yesterday. It seems inevitable that there will be
confidential and/or proprietary data in some of these breaches that won't lead
to identity theft but will lead to embarrassment or have financial
ramifications.

------
Hydraulix989
A lot of the SoMa stuff in my backyard is in the game:

[https://www.cnet.com/news/watch-dogs-2-screenshots-vs-san-
fr...](https://www.cnet.com/news/watch-dogs-2-screenshots-vs-san-francisco-
real-life-pictures/)

