Hacker News new | ask | show | jobs
by CJefferson 631 days ago
I don’t think that is either legally, or morally, true.

Sure, it would be better if devices weren’t broken by attack attempts, but if you are purposefully trying to attack something, you are to blame for your attack succeeding?
3 comments
crest 631 days ago
There is a difference between tinkering with WiFi/Bluetooth and accidentally offing your neighbour with the faulty pacemaker and knowingly exploiting a 0day the Insulin pump of a politician to deliver the whole reservoir at once while short selling the manufacturer stock.
link
omeid2 631 days ago
> you are to blame for your attack succeeding?

Morally? A bit grey, but often when you dig into the details for the cases of businesses unlike individuals, it is a resounding "Yes".

Legally? Depends on the jurisdiction I suppose.

https://www.theguardian.com/australia-news/2022/oct/22/austr...

https://ico.org.uk/for-organisations/uk-gdpr-guidance-and-re...

This is for data breaches, but similar laws exists for all sort of conduct related to negligence in securing and adequately protecting privacy, safety, health, and so on.

link
wpm 631 days ago
>if you are purposefully trying to attack something, you are to blame for your attack succeeding?

Yes?

It is by definition an attack, a hostile action, something that should not be done.

Is it wise to harden systems to withstand attacks? Of course.

But when an attack works you don't victim blame. You use knowledge of how it worked to harden your systems better.

link
k_roy 631 days ago
Except this isn't anything special.

Literally anyone can do this with an MCU of some type and a 50 cent device. Bluetooth, RF, NFC, etc. This just makes is a nice little convenient package.

There is victim blaming and there is practicality.

A pacemaker that can't withstand random radio bursts is useless, as the first time you walk down the street you are dead.

So unless you are going to ban any sort of microcontroller, and very well documented and simple circuit designs, this is still not victim blaming.

link
CJefferson 631 days ago
Almost every residential building ever built can be broken into by throwing a brick through a window. We could use reinforced glass, but most people don’t. We still convict people for throwing bricks through people’s windows.

Generally speaking pacemakers aren’t failing from random radio signals, but if they fail if you specifically attack them, it’s your fault.

link
k_roy 631 days ago
And much like a brick, for every nefarious use, there are 10 valid uses.

Just like anything else, it's just a tool, and because a tool can do bad things doesn't mean the tool should be illegal.

link