DEF CON 23 -- Las Vegas -- Jeff Moss, aka The Dark Tangent, sat down with Dark Reading here yesterday for a quick chat about DEF CON 23 and IoT:
Q: What’s different about DEF CON this year?
Moss: It's just more of everything. Nothing is slowing down [hacking-wise] -- there's just more. We tried to capture more of the content, doing recordings in the Villages. What we're doing is knowledge transfer … of privacy, lock pick [and other Villages] recordings online. It might foster more interest for people to come online and watch.
There's also a certain amount of chaos: welcome to DEF CON.
Q: The Internet of Things now has its own village here at DEF CON, like Lockpick Village and Hardware Hacking Village. What are the challenges with getting security flaws fixed in these products?
Moss: When hackers started picking locks, the lock manufacturers got very upset, saying this is the way we've done it forever, and saw us as interlopers in their space, [saying] 'trust us' [to protect consumers]. But hackers would have none of that and [then] there was the first upgrade to physical locks in decades. We made them get better. In the beginning there were threats of lawsuits and other scariness, but now we know it was a new world.
Then medical devices, now with cars: it's following the same trajectory: 'don't tell anybody' … I'm betting this [car hacking research] will force the whole [car] industry to mature a bit. And it's not going to stop: after cars, it will be something else.
If we don’t get the software updating thing right, there will be trouble.
Q: What can or should the federal government's role be in ensuring IoT products are secured?
Moss: There's not much it can do about it. The government is structurally blocked, bureaucratically, etc. It's inflexible and not adaptable.
Now we're down to regulation, which nobody likes. If your [connected] toaster burns down your house, who are you going to sue?