Dan Geer, the chief information security officer for In-Q-Tel, which invests in technology on behalf of the Central Intelligence Agency, gave a very sobering keynote address to the audience at the Black Hat hacker conference in Las Vegas. In his speech he discussed computer security, public policy, and the directions that he believes the industry should be moving towards. He also issued dire warnings about the threat of home router vulnerabilities, even going so far as to use the term “latent weapon”. His talk can be viewed in its entirety here, and is encouraged viewing.
During his speech, he referenced the SOHOpelessly Broken contest and referred to some of the issues that inspired it. He rightfully detailed how embedded devices in the home could be easily commandeered by attackers who could then use them to both deny access to the internet to a large group of people, as well as flooding the network with signals for other commandeered devices to do the same. As he says:
Lest some of you think this is all so much picayune, tendentious, academic perfectionist posturing, let me inform some of you and remind the others that it is entirely possible to deny the Internet to a large fraction of its users.
It’s refreshing to see someone of such standing speak so eloquently and forcefully on these topics that affect us all, and will hopefully start to push us all towards better practices. The entire transcript of his speech (including some remarks about home routers that he skipped over to remain within his time limits) can be found here.