The Emperor who gets scammed into buying new clothes which don't exist, is finally called out by a small child who doesn't go along with the fiction. The emperor was naked all along, but nobody wanted to admit it for fear of being ostracized.
Pigs who opt for cheaper quicker building materials like straw and sticks, get eaten. The wolf is a force of nature -- nobody pretends that it's possible to eliminate wolves, they deal realistically with the threat by advocating brick buildings, instead.
Why, then, should imaginary or straw security be any different?
Josh and Kurt talk about ineffective security from the past we still use today. There has been a great deal of progress in the last few decades bringing us amazing products like the Flipper Zero, cameras that can peer inside locks, and even software defined radio. A great deal of security relies on people not having easy access to these cheap devices. What does this mean for the future of security?
I love these little devices and would love to buy one simply because it makes tptb seethe.
I can think of a few things I can use it at work for, but my imagination has been stunted thanks to years of schooling. Can someone suggest other fun tricks? Pen testing random things around my house seems like a fun task. I'm curious what other firmware images are out there and what they expand upon.
Security through obscurity has been the game forever. It's cheap and a normal person wouldn't go through the effort to subvert it. Cost vs benefits, plus delegation of responsibility, i.e. they can say the police should handle stolen cars and theft.
I have uploaded several lockpicking videos onto Youtube with 1M+views (each)... I always end my bypass videos by saying "locks only keep honest people honest; a determined thief can defeat anything."
My major frustration with Kia's lack of security [specific to "Flipper car theft"] is the associated car insurance increase, across the board [i.e. even if you don't drive a Kia].
From the insurance company’s perspective it makes sense, they’re simply spreading risk. I think that specific problem is more of an indictment of how black box insurance rates are to end users. When shopping for insurance they can’t know that insurance companies are doing that because it’s hidden information. They can only look at the final price.
What baffles me is that, when I bought insurance for my car, the insurance company asked me if it's equipped with an immobilizer, explaining that it gets a discount if so. It is, and I answered as such, but why wouldn't they have known that already based on the VIN? I profoundly doubt that most consumers know the difference between a key, an immobilizer, and a steering wheel lock, for instance.
Furthermore, I'd imagine most Kia drivers assumed theirs were likewise equipped, and answered as such, and paid the lower rates associated with immobilizer-equipped vehicles despite the precise opposite being the case. If the insurance company had known which models didn't have immobilizers, rather than taking customers' incentivized guesses as data, word would quickly have spread that "these cars are cheap to buy but crazy to insure", and the market might've had a chance to pressure Kia into doing the obvious.
Fundamentally, I think insurance companies dropped the ball on quantifying the risk. And I hope we see substantial investments in cybersecurity analysis by the insurance companies going forward, it's the only way the market can function.
Sure, but I'd think they'd want some sort of documentation, even just a model name, to suggest that you know what you're talking about. I literally said "uh I think so, the key is expensive to duplicate, is that an immobilizer?" because I didn't want to represent something I wasn't certain of, and they gave me the credit. I later researched it and found out yes, it does have one, but I didn't know and most consumers don't either.
What model name? Of the immobilizer? I've installed immobilizers on every one of my cars, but they've just been a hidden killswitch I wired in myself. There is no model name.
The Emperor who gets scammed into buying new clothes which don't exist, is finally called out by a small child who doesn't go along with the fiction. The emperor was naked all along, but nobody wanted to admit it for fear of being ostracized.
Pigs who opt for cheaper quicker building materials like straw and sticks, get eaten. The wolf is a force of nature -- nobody pretends that it's possible to eliminate wolves, they deal realistically with the threat by advocating brick buildings, instead.
Why, then, should imaginary or straw security be any different?