This topic contains 1 reply, has 2 voices, and was last updated by tchnmncr 4 weeks ago.
- October 30, 2020 at 10:11 am #324236
I have a convoluted question that you might be able to help me with. If this isn’t allowed, I totally understand. I have this idea for a novel that involves a person sabotaging a family’s “smart” technology home in order to torture them. So I’m doing research on cybersecurity, IoT, stuff like that (which is really convincing me to get rid of my Google Home, btw).
I’m looking for details on how this can be done. I’ve read cases of domestic violence victims being tortured by their devices controlled by their partners, but in this case, the partners would have had easy access to the networks.
I know you can hack into baby monitors and wireless cameras and “Nests” that are unsecured, but if you do that could you access everything else too (phones, computers, smart TVs, thermostats, etc)?
If you were someone employed with setting up an entire smart home (bigger than a couple of smart devices), could you install some sort of “back door” that would allow you to access to control all the devices?
If, say, you “hacked” into someone’s wireless door locks and got into their house, could you then install a back door on their devices that allowed you to control them, talk through the baby monitor (for instance), and watch/stalk the victims?
If you managed to get into someone’s “smart” technology, how easy would it be to then get into their phones/computers in order to install keyloggers and things like that in order to steal data/access bank information, etc? and vice versa?
I swear this is all hypothetical and research for something I want to write, but now that I’m putting it all down in this post I feel *really* creepy. I also never want to be attached to the internet again.
- October 30, 2020 at 10:11 am #324237
The headline made me think something quite different: as devices become smarter, hacking them becomes more like psychological terrorism (to the devices themselves).
- October 30, 2020 at 10:11 am #324238
This is a very hard question to answer. Allot of times people mis-understand how devices etc are being hacked or infected. You can’t draw a line between for example all smart wireless doorbells and say something is possible, they are all made by different manufacturers and are built in a different way. One vulnerability/exploit might work for one and not for the other.
It also depends on all the other smart devices in the house, what technology does it use, is it controlled through a cloud or on the LAN, there’s allot that come into play here.
That being said I’m pretty sure that a well-skilled hacker or hacker gang can make a person’s life that depends on smart devices hell. There are so many ways people could infect you and set up a c2 (command and control). But then again you’re not talking about your everyday “i know metasploit” skid but you’re talking about the people that have the time / skill and willpower to go through the research / attacking etc.
The people who have such skill will most likely be in no interest of doing such things since they have better things to do than messing with their relative. Unless they have a motive i guess.
- October 30, 2020 at 10:11 am #324239
I think you should take a look at the big picture. Sure, there are 14 year olds and angry husbands jiggling thermostats, flickering lights or blaring Britney Spears at 3am and even the occasional stalker on a webcam.
But overall the attack surface doesn’t transform what an attacker can do too much. All the juicy stuff (banking, identity theft, normal theft, etc.) is already possible through our use of laptops and smartphones.
Same goes for the corporate data-grabbing-dystopia angle: It’s not in its final form yet, but knowing when I like to toast my bread will not be a better datapoint for when I wake up then me picking up my phone first thing in the morning.
- October 30, 2020 at 10:11 am #324240
Let me elaborate some, perhaps. I just wonder “how”, I guess. If you can access an unsecured camera and then get into someone’s laptop, for instance. It’s more jumping from one to another that I’m concerned with. I also read that things like Amazon Echos can be hacked with lasers. Some things can be hacked with sound.
Do you suppose there’s a way to go from keylogging someone’s debit card from a gas pump and working outward to sabotaging all of their technology from there? Same with phishing. If you got the information for one seemingly unrelated thing, say banking info, could you work your way out to sabotaging their whole computer, then their router, then their smart appliances? Does this make sense or am I talking out of my ass again? I’m thinking like how people can hack someone’s email and then hack all of their accounts. Or hack someone’s Facebook, then hack their email (not really “hacking” at this point), and then everything else… could it keep expanding?
A friend of mine who is a specialist answered my original question (harnessing someones tech to torture them) explained it this way: “Depends on the product. Some things like home cameras and things I would hope are only accessible from addresses on the local network.
That being said, if you were able to compromise any device that is accessible from outside of the network, you could set up an SSH tunnel that would make it appear like your remote device was part of the local network. You could then likely use the same software as the owner to view, listen, etc.
If no device is accessible from outside of the network, it’s easy to set up the person’s router so that it is, though it would typically require physical access. You’d only need a few minutes inside of the house to connect to the network, (factory reset the router if it doesn’t use the default admin password), and configure port forwarding/DMZ. If they use an insecure WiFi password, or you know the WiFi password already, you wouldn’t even need physical access, as long as they’re using the default admin password, or you already know it.”
Does this make sense?
- October 30, 2020 at 10:11 am #324241
I’d say a lot of what you describe is pretty plausible. Sure, as the others mention there isn’t necessarily much motivation for this kind of thing compared to just monetary gain via ransom ware or credential theft. But since this is your narrative you can make the characters have whatever motivations you want. If you want to make your story ‘hole proof’ in the sense you want to avoid technical readers from being able to point out something in your story is impossible feel free to give the characters fictional but flawed devices. At the end of the day you’re proposing that someone is able to connect via the internet to an internet connected device. There *should* be a lot of defenses preventing people from doing that, but it’s up to you why these defenses may not be there. You’re not trying to write a plausible faster than light transport scheme without being all hand wavy or making up some sci-fi techno babble.
I wouldn’t discount the psychological effects of ransom ware, blackmailing, stalking etc. You don’t need to go to great lengths to make someone’s life hell if you’re motivated. Following someone home and throwing a rock through their window without them noticing you is enough to make someone feel very unsafe in their own home and doesn’t require any hacking.
You must be logged in to reply to this topic.