> just want basic security against your average smash and grab criminals
I think the concern here is stated in the article;
"I'm attacking a established radio network protocol developed by TI that is used in hundreds, if not thousands of other products that could have also made the same fatal implementation mistakes."
The problem is this device protects against smash and grab criminals, but it literally opens the door and reduces the barrier of entry for more sophisticated, remote attackers. Adding this type of vulnerability to Shodan would mean these devices can be identified, attacked and remotely controlled by any remote attacker, giving them information about the target they never had originally.
I don't think it's too far fetched to imagine an "AirTasker" criminal network, where a remote (sophisticated) attacker links up with a "smash and grab" criminal for hands-and-feet on the ground, agrees to split proceeds and work as a team on something like this.
Personally, I find this very disturbing. A security device manufacturer should take their security, and the responsible disclosure of vulnerabilities, far more seriously than they appear to be to-date.
You know, as you described this scenario, I'm now seeing all those tv shows and movies suddenly seem more possible. I'm talking about the scene where the one guy is sneaking around and talking to their remote hacker friend who is at their computer disabling cameras, silencing alarms, and unlocking doors.
The "smash and grab" criminal would have some pre-built arduino/raspberry pi/sdr combo that has to be within radio proximity of the building, but once in signal range, the remote person can work their magic.
And why would someone with this skill set risk prison time over something like burglary? You could make a lot more money with a lot less risk doing any number of legitimate or illegitimate activities.
A person with this skill set would not be the same who do burglary. More likely, burglars would just license the software / hardware for disabling alarms the similar way how car thieves probably do this now. I doubt car thieves are security experts, but they somehow know where to plug in their comuter into CAN network and how to run an exploit to reprogram the ECU and disable any security.
The OBD-II port under the dashboard on the left side of the driver's footwell. Its federally mandated to be in that exact position and on almost all cars it shares the same CAN bus as everything else in the vehicle.
Because it is easy. With those skills you also know how to hide your origin, and collaborating with a burglar to identify and disable systems. I can see talented people choosing the easy job over hard but legitimate work.
maybe the live in an unfair country and while they could gain success with a legitimate job they wouldn't be sticking it to their class enemies in the same way. There are lots of potential motivations.
It's not even that sophisticated. I mean, it's trivial to do with gnuradio, so I expect prepackaged solutions to pop up soon. This happened in the past with simple remote car keys.
This is happening currently as well, even with very sophisticated remote car keys in cars from 2016-2017. Most modern systems have exploitable vulnerabilities and thieves are probably the first to learn them.
I think the concern here is stated in the article; "I'm attacking a established radio network protocol developed by TI that is used in hundreds, if not thousands of other products that could have also made the same fatal implementation mistakes."
The problem is this device protects against smash and grab criminals, but it literally opens the door and reduces the barrier of entry for more sophisticated, remote attackers. Adding this type of vulnerability to Shodan would mean these devices can be identified, attacked and remotely controlled by any remote attacker, giving them information about the target they never had originally.
I don't think it's too far fetched to imagine an "AirTasker" criminal network, where a remote (sophisticated) attacker links up with a "smash and grab" criminal for hands-and-feet on the ground, agrees to split proceeds and work as a team on something like this.
Personally, I find this very disturbing. A security device manufacturer should take their security, and the responsible disclosure of vulnerabilities, far more seriously than they appear to be to-date.