August 27, 2005
trifinite.org in Technology Review
Yesterday, I received my copy of the high profile German Technology Review, where trifinite.org gets mentioned rather prominent. In the feature story about the automotive industry, the work done with the CarWhisperer gets cited as one of the first hacking-attacks on cars at all.
August 25, 2005
Last week, the finnish security company F-Secure invited us to do a training on how to audit Bluetooth-enabled devices. After having a talk on the first day, we had a second day Bluetoooning dongels and playing around with all kinds of toys (including cars).
After work, Marcel and I spent two more days in Helsinki doing sightseeing (basically taking pictures of almost anything). As for the weather we have been very lucky since it started to rain again just the day we left.
Thanks to Mikko and the rest of the F-Secure Viruslab team for the kind invitation.
August 08, 2005
Data Retention is no Solution!
If you believe that:
- Data retention is an invasive tool that interferes with the private lives of everyone;
- Retaining personal data on everyone is an illegal practice in terms of Article 8 of the European Convention on Human Rights, as it is disproportionate;
- Security gained from retention may be illusory, as it is likely that traffic data that is associated to one individual may actually be linked to activity taken by another, or by a process that is unrelated to the activities of that user;
- The means through which this policy is being pursued is illegitimate, as some member states who have failed to pass this policy through their own Parliaments are now trying to push it through the EU instead in the name of harmonisation and international cooperation.
August 04, 2005
Car Whisperer - A few Clarifications
The Car Whisperer project caused a lot of press interest. Unfortunately, some of the articles published are talking about headsets (little Bluetooth earpieces). The Car Whisperer is for carkits or hands-free units (integrated in car infotainment systems or little boxes that are built in after buying the car).
When doing the carwhisperer tool, I did not plan to address the issues of one single manufacturer. The idea was to point this security issue out for quite a few manufacturers that do *not* pay attention to the recommendations of the Bluetooth SIG when manufacturing Bluetooth-enabled products.
The car whisperer image was censored due to complaints of a major German car manufacturer that also claims that the trifinite.logo was a modification of their logo... which is of course not true.
For this image I was using my own car, which turned out to be the same brand as the one that felt offended by this project. That was pure coincidence and doesn't change the fact that this manufacturer has issues with the carkits used.
I keep posting information related to the car whisperer.
August 03, 2005
a real storm of requests was hitting the trifinite.org server last night. In total, the transfer for August already exceeds the monthly quota. (And this is just the beginning of the month)... scary