Fox sez: Hackers can take control of your blender!

Re: Fox sez: Hackers can take control of your blender!

Probably not, or only a little responsible, at least based on my experience. News organizations tend to go for the quick quote or sound bite. Give them a concise summary of exactly why a particular vulnerability exists and they'll reduce it to the smallest, most inflammatory bit they think will inflame Joe Sixpack.

Sometimes they do some minor vetting, or that's what the reporters I know tell me. Having had a few journalists call me out of the blue, I've found that the "vetting" process seems to be a referral from another reporter, reading a quote from another story, or having read a press release. Of course, many times press releases are little more than self-serving puff pieces. That's how you end up with people calling themselves the "world's #1 hacker" or the like, and the press takes them at face value.

The largest news organizations do hire their own experts as commentators, -often times for medical or military commentary- and many times this they are retired or even still active in their given field. As such, they are usually well informed, and can very often explain things very well. However, as members of the news organization, even these people tend to reduce complex ideas to little more than pithy sound bites.

Re: Fox sez: Hackers can take control of your blender!

Agreed. But do the "experts" share some responsibility for their quotes that tend to create the hype?
I would also blame the news organizations more so than the experts, but for a different reason. I think all of the major news organizations have become beholden to these "experts" to figure out what is "real." Furthermore, the networks have lists of experts that they turn to, but when they include people like Gregory Evans, you cannot take these lists seriously. So there is obviously no vetting of these lists. So in some ways you have a small group of people who can, in some circumstances, drive the news in one direction or another.

I would be curious to know who was the impetus for this story; was it a Fox producer who said, "I heard you can hack a blender!" or was it one of experts "advertising" their research that caught a hook with the producer. Or some combination of both.

Re: Fox sez: Hackers can take control of your blender!

I would blame the news organization more than the, "experts," because there are many crazy people and theories in the world but only a few news reporting agencies on major networks. Reporting far-fetched claims as news lends the stories credibility as "important" or at least "more important" than whatever else is not being reported.

Re: Fox sez: Hackers can take control of your blender!

Part of it is the manner and tone of the report. There's some good and true information in there, like using AES on your WLAN, but a lot of it is lost in the hysteria.

We've had similar discussions here. I remember starting this thread about 2 years ago about the lack of security on the Jura F90 coffee maker. https://forum.defcon.org/showthread.php?t=9490 It seems to me that the difference is that while we shake our heads and question why the security issues are never considered before implementation, this story is makes it sound like these are all common attacks, when we know that they are not common at all. The truth of the matter is that while some of the attacks listed might happen, the chances for a bad guy actually gaining something using them are relatively low.

Attacking the blender might be good for a few yucks as a practical joke on a buddy, but the attack itself isn't going to be of much use in a realistic way. I'm more concerned that an undetected exploit on an embedded device might be used as a jumping off point in an attack on an server within an enterprise network.

Re: Fox sez: Hackers can take control of your blender!

I wonder why we (not you specifically, but we in general) are so quick to blame the clearly gullible news organizations, but don't say anything about the experts that are cited in these articles.

For example, you cite part of the article that says...
Right. Fox (or whatever news organization) is silly for reporting this kind of stuff, but what about Robert Siciliano, the CEO at IDTheftSecurity.com, who is responsible for this comment? Is this article "a new low" because Fox reported it, or because Siciliano gave them such an outrageous quote? Both?

Winn Schwartau is mentioned in this article--he is a forum user here and respected speaker--does he agree with the overall sentiment of the article? Were his quotes accurate? Taken out of context?