[kw71]

What were you thinking would happen? That you'd simply become the envy of magazine-reading normies and nerd conference attendees?

Anyone who's pirated software knows that electronic locky things are about as worthy as masking tape. But you gave all the work away such that it took all the brains of a jailbird methhead life-winner to rig up a formidable burglary tool with an arduino (which i've always derided as baby-talk-programming-for-potheads, how about that) Normally there would be some secretive jackass in the middle like those developing and selling the auto theft tools to the guys who manage car thieves... but you changed the world! Congrats.

[daeken]

I don't think the vitriol is warranted or constructive at all, but regardless...

What I thought would happen: the general public would be made aware of a serious vulnerability in products they believe to be safe (they were -- millions of people were made aware of it and I spent years dealing with the press for exactly that reason), and that the companies involved would be forced to act (the big ones were, small ones weren't). With the benefits of hindsight, I 100% stand by the decisions I made and feel confident that I did the right thing, despite that I knew that some folks would use this for crime (and now know that they definitely have).

You can say that everyone knows that they're not secure, but that's ... Frankly dumb and naive. The vast majority of people have no idea, and they don't care about the abstract notion of them being insecure. They do care when I say "I can open any of 10 million locks in a second with no special skills."

[kw71]

Thank you for replying, despite my shitty abrasive attitude.

No the normies don't know anything, that's why they are buying garbage like cars without keys, "connected" door locks, and burglar alarms that some talk radio host tells them is "safe". You can't teach them, and if you have something better to sell with meritable security they won't choose it.

I don't know if you were surprised to find what you found. At any rate, you knew that this stuff is garbage as soon as you found it. And so has anyone who has attacked just about anything. From consumer junk to military toys, there is very little out there that has actually incorporated much thought to attack resistance... the only examples I can think of right now are pay television and some game consoles... really, the most frivolous things.

I think it was the late 90s when I checked into a hotel and was slightly surprised to get a magcard instead of the swiss cheese looking ving stuff I was used to. I am sure that I am not the first or only one who thought, well this is shit. The card probably only encodes a site code and an id for the individual lock. I was impressed to learn that when the next guest gets a card then mine won't work anymore. But whether we had the capacity to realize how stupid the implementation must be, we all had some reassurance in that there was at least a level of sophistication required to put me at risk there. Whether that's a shitty night clerk disclosing the password for that card writing device, or someone who took apart the lock to figure out how to throw the bolt, there was something more required than a dickhead reading the internet to do it. And for like fifteen years "it was acceptable" because nobody gave a how-to to everyone.

So what were we supposed to do when the details - not the idea - were disclosed? Not travel anymore? You did make the attack a lot easier than necessary to make your point. Explaining an overview, the idea, still carries some risk - there are so many people in the world that nobody has any novel skill and someone's bound to replicate the rest of your work - but all these details lowered the bar unreasonably.

Man, what if I had published the party trick that lets you start a toyota without any keys or fob? I know I'm not the only one and doubt I was the first. But it's not that people could lose their property, it's possible that people who would not normally have access to "that car" would do something extremely shitty with this possibly lethal weapon. Another attacker without travel experience, grown up in the usa, might not realize that in other places you can get away with car theft simply by driving east. I wouldn't have thought about this when I was young but now I sure as hell don't want anything like this on me.

[skeleton]

>arduino (which i've always derided as baby-talk-programming-for-potheads, how about that)

C++ is baby-talk-programming-for-potheads? Or am I misunderstanding this?

[kw71]

Not the c++, the functions they give for simple things, so you don't have to read the manual to find out for instance the name of the GPIO port register (a very small step) or learn the boolean operations to diddle only one bit (another very small step). This is fine for an educational toy but arduino libs (and even the boards, ha) are showing up as part of finished products in the market, that's really sad.

Is my personal opinion that c++ doesn't belong on an 8 bit anyway.