book

We Have Root

by Bruce Schneier

September 2019

Beginner

304 pages

8h 22m

English

Wiley

Read now

Unlock full access

Cyberconflicts and National SecurityCounterterrorism Mission CreepSyrian Electronic Army CyberattacksThe Limitations of IntelligenceComputer Network Exploitation vs. Computer Network AttackiPhone Encryption and the Return of the Crypto WarsAttack Attribution and Cyber ConflictMetal Detectors at Sports StadiumsThe Future of Ransomware
Hacking AirplanesReassessing Airport Security
Hacking Consumer DevicesSecurity Risks of Embedded SystemsSamsung Television Spies on ViewersVolkswagen and Cheating SoftwareDMCA and the Internet of ThingsReal-World Security and the Internet of ThingsLessons from the Dyn DDoS AttackRegulation of the Internet of ThingsSecurity and the Internet of ThingsBotnetsIoT Cybersecurity: What’s Plan B?
The NSA’s Cryptographic CapabilitiesiPhone Fingerprint AuthenticationThe Future of Incident ResponseDrone Self-Defense and the LawReplacing Judgment with AlgorithmsClass Breaks
Candidates Won’t Hesitate to Use Manipulative Advertising to Score VotesThe Security of Our Election SystemsElection SecurityHacking and the 2016 Presidential Election
Restoring Trust in Government and the InternetThe NSA Is Commandeering the InternetConspiracy Theories and the NSAHow to Remain Secure against the NSAAir GapsWhy the NSA’s Defense of Mass Data Collection Makes No SenseDefending Against Crypto BackdoorsA Fraying of the Public/Private Surveillance PartnershipSurveillance as a Business ModelFinding People’s Locations Based on Their Activities in CyberspaceSurveillance by AlgorithmMetadata = SurveillanceEveryone Wants You to Have Security, But Not from ThemWhy We EncryptAutomatic Face Recognition and SurveillanceThe Internet of Things that Talk about You behind Your BackSecurity vs. SurveillanceThe Value of EncryptionCongress Removes FCC Privacy Protections on Your Internet UsageInfrastructure Vulnerabilities Make Surveillance Easy
More on Feudal SecurityThe Public/Private Surveillance PartnershipShould Companies Do Most of Their Computing in the Cloud?Security Economics of the Internet of Things

Human-Machine Trust FailuresGovernment Secrecy and the Generation GapChoosing Secure PasswordsThe Human Side of HeartbleedThe Security of Data DeletionLiving in a Code Yellow WorldSecurity Design: Stop Trying to Fix the UserSecurity Orchestration and Incident Response
Government Secrets and the Need for WhistleblowersProtecting Against LeakersWhy the Government Should Help LeakersLessons from the Sony HackReacting to the Sony HackAttack Attribution in CyberspaceOrganizational DoxingThe Security Risks of Third-Party DataThe Rise of Political DoxingData Is a Toxic AssetCredential Stealing as an Attack VectorSomeone Is Learning How to Take Down the InternetWho Is Publishing NSA and CIA Secrets, and Why?Who Are the Shadow Brokers?On the Equifax Data Breach
Our Newfound Fear of RiskTake Back the InternetThe Battle for Power on the InternetHow the NSA Threatens National SecurityWho Should Store NSA Surveillance Data?Ephemeral AppsDisclosing vs. Hoarding VulnerabilitiesThe Limits of Police SubterfugeWhen Thinking Machines Break the LawThe Democratization of CyberattackUsing Law against TechnologyDecrypting an iPhone for the FBILawful Hacking and Continuing VulnerabilitiesThe NSA Is Hoarding VulnerabilitiesWannaCry and VulnerabilitiesNSA Document Outlining Russian Attempts to Hack Voter RollsWarrant Protections against Police Searches of Our Data
Chapter 1: Crime, Terrorism, Spying, and WarChapter 2: Travel and SecurityChapter 3: Internet of ThingsChapter 4: Security and TechnologyChapter 5: Elections and VotingChapter 6: Privacy and SurveillanceChapter 7: Business and Economics of SecurityChapter 8: Human Aspects of SecurityChapter 9: Leaking, Hacking, Doxing, and WhistleblowingChapter 10: Security, Policy, Liberty, and Law

Content preview from We Have Root

2Travel and Security

Hacking Airplanes

Originally published in CNN.com, April 16, 2015

Imagine this: A terrorist hacks into a commercial airplane from the ground, takes over the controls from the pilots and flies the plane into the ground. It sounds like the plot of some “Die Hard” reboot, but it’s actually one of the possible scenarios outlined in a new Government Accountability Office report on security vulnerabilities in modern airplanes.

It’s certainly possible, but in the scheme of Internet risks I worry about, it’s not very high. I’m more worried about the more pedestrian attacks against more common Internet-connected devices. I’m more worried, for example, about a multination cyber arms race that stockpiles capabilities such as this, and prioritizes attack over defense in an effort to gain relative advantage. I worry about the democratization of cyberattack techniques, and who might have the capabilities currently reserved for nation-states. And I worry about a future a decade from now if these problems aren’t addressed.

First, the airplanes. The problem the GAO identifies is one computer security experts have talked about for years. Newer planes such as the Boeing 787 Dreamliner and the Airbus A350 and A380 have a single network that is used both by pilots to fly the plane and passengers for their Wi-Fi connections. The risk is that a hacker sitting in the back of the plane, or even one on the ground, could use the Wi-Fi connection to hack into the avionics and ...