New Consumers Union report catalogs the potential collateral damage from the crypto wars



In a new white paper, Consumers Union (publishers of Consumer Reports) looks at the “consumer stake in the encryption debate”: they note that governments want to ban working cryptography so that cops can spy on crooks, but the reprt does an excellent job enumerating all the applications for crypto beyond mere person to person communications privacy.


Crypto, after all, is the way that manufacturers authenticate their software updates for devices, secure the transmissions between those devices, and protect the integrity of sensitive information like financial transactions, vehicle telemetry, and health data.


Posing the crypto wars as finding a balance between your right to privacy and cops’ ability to fight crime misses out on these important equities. Asking us to give up working crypto is also asking us to give up the certainty that our medical implants, cars and voting machines aren’t being remotely sabotaged.


Cryptography is essential to the delivery of these updates, as it allows a device to know
who
is
installing
what. Manufacturers use digital signatures to ensure that only genuine updates are
delivered, guarding against code that might be sent
from malicious actors, such as criminals
looking to remotely turn on microphones, steal data, or attack other nearby devices.


This is not
a theoretical danger:
Users of Adobe Flash, Android, and multiple web browsers have been
targeted in the past with invitations to download and install fake software updates.


The problem could become more acute as consumers adopt a coming tidal wave of new
software
-
driven devices. Mobile phones have become omnipresent and virtually omniscient
personal assistants, with minority and vulnerable consumers being especially likely to be
dependent on smartphones for their access to the internet.
Homes are becoming “smarter” as
embedded, largely invisible computer chips control televisions, refrigerators, thermostats, home
cameras, and light switches. Even cars

once the quintessential mechanical product

now
depend heavily on digital technologies.


To use all of these digital products and services, consumers must blindly trust hundreds of
millions of lines of computer code as they navigate their day
-
to
-
day lives. And just as
programmers spend their days creating and improving their code, hackers work hard at finding
vulnerabilities that can enable them to turn baby monitors into spy devices,
infiltrate mobile
phones and laptops,

and potentially even control a car’s brakes and steering.

Many of these
vulnerabilities carry the risk of being exploited in an environment where the stakes are high:
Hackers have remotely hijacked connected Jeeps,
redirected yachts by “spoofing” GPS
coordinates,

and locked home thermostats at 99 degrees Fahrenheit.

If these connected
products used encryption, it would be much harder for hackers to exploit these vulnerabilities
and place consumers at risk.


Beyond Secrets:
The Consumer Stake in the
Encryption Debate
[Consumers Union]



Source link