Jump to content

Interesting sector with iffy response to secuirty...


Recommended Posts

Posted

Hey guys. I'm a standard idiot, little better than your average rock and stick. Used to watch Hak5 when it was on RevolutionTV and available on my tivo, but haven't since they moved. I find the whole tinkering world fascinating, but haven't used it for more than free wireless when my system goes down on vacation, at school, etc. Love the reaver!

Anyway, I'm also an avid fisherman.

As such I was extremely excited when Minn Kota, the premier trolling motor company, came out with a purely automatic, gps driven motor. You can drop your boat off the trailer, hit a button on a remote, and your boat will go park itself without human intervention. Awesome!

Here's a demo:

 

 

However.....being a somewhat wise member of the stick and rock family, I know that just because I can run a robot doesn't mean that someone else can't - occasionally very easily.  So just before buying one of these $2300 add-ons I thought I should contact the company about security. The response? "We re-use the same code multiple times so hacking shouldn't be a problem".

Huh?

That sounds like exactly what I'd NOT want to hear. The last thing I need is some guy on the bank driving my boat into a rock, or over a dam, or into some idiot power-boater who probably isn't paying attention anyway.

 

I'm sure at this point you're wondering, "Did you hack it?" - well no, I'm a rock, remember? I am concerned that all these IOT manufacturers think of security as "not an issue" though. There's go to be a better way! I suppose this post is more of a rant or a heads-up than anything, Though I'm angry enough I might just get started on this little project...

Posted

It would be interesting to find out.  of course only way would be to get one and play with it.  It says it uses GPS.  Maybe you can jam it to make it go nuts.  Do not know if there is a way to override GPS with your own signal which may be able to spoof it to move by makin it think it is somewhere else.

I heard he controlled it from his phone.  Is it using a cell data card to connect to a cloud that you connect to to control it or direct connection?

If direct then is it bluetooth or wifi?

If wifi, is it open or involves the device to login somehow..same goes for bluetooth and if/how it is pairing to your phone.

With bluetooth, maybe you can get a pair with it on a laptop?

If Wifi, maybe can connect to it with a laptop...similar to the open wifi the dones have/had.

 

Yeah, reusing their software is not considered a security feature unless that is a proven hardened piece of code.  If they have a bug in that package then all software they have that package in will have the same bug.

Posted
1 hour ago, RetardedOkie said:

So stupid I can't seem to figure out how to edit my post. I meant "There's got* to be a better way".

New users have some restricted features till they "level up" a bit. It helps prevent abuse, spam, etc.

Posted
18 hours ago, digip said:

New users have some restricted features till they "level up" a bit. It helps prevent abuse, spam, etc.

But how am I to find my dick pills???!!!

Posted
18 hours ago, PoSHMagiC0de said:

It would be interesting to find out.  of course only way would be to get one and play with it.  It says it uses GPS.  Maybe you can jam it to make it go nuts.  Do not know if there is a way to override GPS with your own signal which may be able to spoof it to move by makin it think it is somewhere else.

I heard he controlled it from his phone.  Is it using a cell data card to connect to a cloud that you connect to to control it or direct connection?

If direct then is it bluetooth or wifi?

If wifi, is it open or involves the device to login somehow..same goes for bluetooth and if/how it is pairing to your phone.

With bluetooth, maybe you can get a pair with it on a laptop?

If Wifi, maybe can connect to it with a laptop...similar to the open wifi the dones have/had.

 

Yeah, reusing their software is not considered a security feature unless that is a proven hardened piece of code.  If they have a bug in that package then all software they have that package in will have the same bug.

It connects via bluetooth. You press a button on the motor and pair it up, then use an app they offer to move it around or "drop anchor". I think pairing it with a laptop would be pretty easy. I wonder if you can pair it without the button somehow? If so, live tv could be a ton of fun during fishing tournaments.

 

Ok, so step 1 is get a bluetooth dongle. I'll order one today and if you guys are game I'll play guinea pig and see what

Posted
On 8/10/2017 at 0:34 PM, RetardedOkie said:

"We re-use the same code multiple times so hacking shouldn't be a problem".

Huh?

That sounds like exactly what I'd NOT want to hear.

Regardless of being a Rock, stick or nerf gun, I'm happy to see an 'everyday person' skeptical of convenience for the sake of convenience items.

Posted

Thanks spoonish! I try to to be too much of a sheep. It's hard sometimes!

 

My bluetooth should be here next Saturday. If someone has any bluetooth tips I'd love to hear them. Right now I'm going off kinda half cocked with a dongle and a motor. If I stare at them long enough I'm sure something will come to me.

Posted (edited)

How does bluetooth extend to that range? Or are you on the boat while you're controlling it with your phone? Surely you would need a longer range thing..and there are a few issues I can think of in regards to a 3G/4G solution..

What if you drive your boat into a 'no-service' zone? You have to get another boat to go and fish it out of the water (catch ma drift..).

There's also the problem of running out of data on your phone and having your eyes twitch in frustration as you watch your boat drift away...

And the other problem of having to get 2 3G/4G SIMs, one for your boat and one for your phone.

WiFi solution is just asking to be hacked..

Edited by Dave-ee Jones
Posted
15 hours ago, Dave-ee Jones said:

How does bluetooth extend to that range? Or are you on the boat while you're controlling it with your phone? Surely you would need a longer range thing..and there are a few issues I can think of in regards to a 3G/4G solution..

What if you drive your boat into a 'no-service' zone? You have to get another boat to go and fish it out of the water (catch ma drift..).

There's also the problem of running out of data on your phone and having your eyes twitch in frustration as you watch your boat drift away...

And the other problem of having to get 2 3G/4G SIMs, one for your boat and one for your phone.

WiFi solution is just asking to be hacked..

It's not WiFi, it's bluetooth. You control it via a bluetooth remote control, via the wired foot pedal, or via bluetooth on an ipad/phone. The problem of it driving off isn't big because you "drop anchor" where you want it to stay, which holds the motor on a spot defined by GPS. The guy in the video hits the "put motor in water and drop anchor" button as it comes off the trailer, still  in the ~15 feet range.

There's also a "drive this pattern" option so you can have it drive out and park itself offshore or follow contours.

 

Posted
2 hours ago, Dave-ee Jones said:

Ah so it's only meant for it to be easier to control while getting it off a trailer or something like that, not necessarily moving it around from shore...

Kinda. It's also meant for control from the cockpit (very handy in a tournament or with family aboard) as well as a backup in case your remote batteries go dead. The remote batteries are $5.00 each pack and they only last about 4 days on the water. >.>

 

 

 

Posted
2 hours ago, RetardedOkie said:

Kinda. It's also meant for control from the cockpit (very handy in a tournament or with family aboard) as well as a backup in case your remote batteries go dead. The remote batteries are $5.00 each pack and they only last about 4 days on the water. >.>

So buy a few packs (2-3) and charge them while your on the move?

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...