book

We Have Root

by Bruce Schneier

September 2019

Beginner

304 pages

8h 22m

English

Wiley

Read now

Unlock full access

Cyberconflicts and National SecurityCounterterrorism Mission CreepSyrian Electronic Army CyberattacksThe Limitations of IntelligenceComputer Network Exploitation vs. Computer Network AttackiPhone Encryption and the Return of the Crypto WarsAttack Attribution and Cyber ConflictMetal Detectors at Sports StadiumsThe Future of Ransomware
Hacking AirplanesReassessing Airport Security
Hacking Consumer DevicesSecurity Risks of Embedded SystemsSamsung Television Spies on ViewersVolkswagen and Cheating SoftwareDMCA and the Internet of ThingsReal-World Security and the Internet of ThingsLessons from the Dyn DDoS AttackRegulation of the Internet of ThingsSecurity and the Internet of ThingsBotnetsIoT Cybersecurity: What’s Plan B?
The NSA’s Cryptographic CapabilitiesiPhone Fingerprint AuthenticationThe Future of Incident ResponseDrone Self-Defense and the LawReplacing Judgment with AlgorithmsClass Breaks
Candidates Won’t Hesitate to Use Manipulative Advertising to Score VotesThe Security of Our Election SystemsElection SecurityHacking and the 2016 Presidential Election
Restoring Trust in Government and the InternetThe NSA Is Commandeering the InternetConspiracy Theories and the NSAHow to Remain Secure against the NSAAir GapsWhy the NSA’s Defense of Mass Data Collection Makes No SenseDefending Against Crypto BackdoorsA Fraying of the Public/Private Surveillance PartnershipSurveillance as a Business ModelFinding People’s Locations Based on Their Activities in CyberspaceSurveillance by AlgorithmMetadata = SurveillanceEveryone Wants You to Have Security, But Not from ThemWhy We EncryptAutomatic Face Recognition and SurveillanceThe Internet of Things that Talk about You behind Your BackSecurity vs. SurveillanceThe Value of EncryptionCongress Removes FCC Privacy Protections on Your Internet UsageInfrastructure Vulnerabilities Make Surveillance Easy
More on Feudal SecurityThe Public/Private Surveillance PartnershipShould Companies Do Most of Their Computing in the Cloud?Security Economics of the Internet of Things

Human-Machine Trust FailuresGovernment Secrecy and the Generation GapChoosing Secure PasswordsThe Human Side of HeartbleedThe Security of Data DeletionLiving in a Code Yellow WorldSecurity Design: Stop Trying to Fix the UserSecurity Orchestration and Incident Response
Government Secrets and the Need for WhistleblowersProtecting Against LeakersWhy the Government Should Help LeakersLessons from the Sony HackReacting to the Sony HackAttack Attribution in CyberspaceOrganizational DoxingThe Security Risks of Third-Party DataThe Rise of Political DoxingData Is a Toxic AssetCredential Stealing as an Attack VectorSomeone Is Learning How to Take Down the InternetWho Is Publishing NSA and CIA Secrets, and Why?Who Are the Shadow Brokers?On the Equifax Data Breach
Our Newfound Fear of RiskTake Back the InternetThe Battle for Power on the InternetHow the NSA Threatens National SecurityWho Should Store NSA Surveillance Data?Ephemeral AppsDisclosing vs. Hoarding VulnerabilitiesThe Limits of Police SubterfugeWhen Thinking Machines Break the LawThe Democratization of CyberattackUsing Law against TechnologyDecrypting an iPhone for the FBILawful Hacking and Continuing VulnerabilitiesThe NSA Is Hoarding VulnerabilitiesWannaCry and VulnerabilitiesNSA Document Outlining Russian Attempts to Hack Voter RollsWarrant Protections against Police Searches of Our Data
Chapter 1: Crime, Terrorism, Spying, and WarChapter 2: Travel and SecurityChapter 3: Internet of ThingsChapter 4: Security and TechnologyChapter 5: Elections and VotingChapter 6: Privacy and SurveillanceChapter 7: Business and Economics of SecurityChapter 8: Human Aspects of SecurityChapter 9: Leaking, Hacking, Doxing, and WhistleblowingChapter 10: Security, Policy, Liberty, and Law

Content preview from We Have Root

3Internet of Things

Hacking Consumer Devices

Originally published in CNN.com, August 15, 2013

Last weekend, a Texas couple apparently discovered that the electronic baby monitor in their children’s bedroom had been hacked. According to a local TV station, the couple said they heard an unfamiliar voice coming from the room, went to investigate and found that someone had taken control of the camera monitor remotely and was shouting profanity-laden abuse. The child’s father unplugged the monitor.

What does this mean for the rest of us? How secure are consumer electronic systems, now that they’re all attached to the Internet?

The answer is not very, and it’s been this bad for many years. Security vulnerabilities have been found in all types of webcams, cameras of all sorts, implanted medical devices, cars, and even smart toilets—not to mention yachts, ATM machines, industrial control systems and military drones.

All of these things have long been hackable. Those of us who work in security are often amazed that most people don’t know about it.

Why are they hackable? Because security is very hard to get right. It takes expertise, and it takes time. Most companies don’t care because most customers buying security systems and smart appliances don’t know enough to care. Why should a baby monitor manufacturer spend all sorts of money making sure its security is good when the average customer won’t even notice?

Even worse, that consumer will look at two competing baby monitors—a ...