“The truth is, homes change over time — and technology has to adapt, not try to do everything at once.” - Tony Fadell
It's a quote that sticks with me because it's a constant reminder that we often rush to implement the newest tech without giving any thought to the implications it might have. Sometimes we're so focused on the future change that we disregard the very factors that may hinder that change, such as security.
Take today for instance, driving along the Citylink when a Melbourne Airport 'Skybus' entered my lane; we've all seen it before, bright red, tinted windows and 'Free WiFi' plastered all over the sides.
Although I have the open-WiFi options disabled on my Android, I decided to test the range of their WiFi by enabling mine, and checking the list of available access points. While I was relatively close, I hit join and watched as it connected in under a second flat. Open network, no security, no sign-in, just join and bam!
High bit-rate streaming from the internet (e.g. Soundcloud) from my own car was just fine.
The thing that surprised me most was the fact that when the Bus disappeared from view (i.e. 500-800m of highway curve) the connection stayed pretty strong, and I only really saw the connection drop out as I took a completely different route to the bus.
Just to re-iterate, let's review this quickly:
- No Wireless Security
- No sign-in or login portal
- Connection stability up to ~500m+
- Worked flawlessly out of visible range
- Direct internet access
- Drove within close proximity for 35km+
While there are many opportunities for attackers to hide their tracks these days, the use of VPNs or proxies at an outback McDonalds may not necessarily be the best choice of anonymity anymore. As the internet of things grows and diversifies, we find ourselves with a myriad of possibilities and opportunities. Given the traffic of the city, anonymity of an unsecured connection and access to an internet connection, this does provide cars within relative proximity a certain degree of anonymity.
Not all attackers may choose to spend the money on fuel to launch an attack from car via a moving bus, but the ability to access a connection without cameras and line-of-sight might be something we need to consider more seriously. Imagine forensics trying to track an IP that came from a bus that came from a device in a vehicle near the bus! Even without an external focus, a Man-in-The-Middle attack might simply see cyber drive-by attacks increase where a bus full of connected users are compromised in a short amount of time.
In no way do I want to resort to scare-tactics by any means, however I think it's important to gauge new technologies (or simply new ways of using it) in a manner that accounts for past learning - security being at the forefront of this. Unfortunately I didn't use my phone to perform any packet analysis, but i'm sure playing around with NetHunter may have given a more in-depth look at the connection.