|
|
This has always been a concern I've had around WiFi anything in security systems. Sure, they're great for easy installing in an existing structure, but between jamming and battery replacement, I've just never been a fan. I'm also old and don't trust anything, so that just adds to it.
|
|
 |
|
Can always use dummy cameras with a led. First it started with the ADT signs and now people are putting up cameras. If your place has neither then you’re a greater target. Generally they are in and out in a few minutes long before police or a security service can dispatch someone. My system has a large battery backup for an old lantern or something, recording, 4G fallback, is wired, and I regularly spend time outside. All of which is invalidated by people staking out a place and wearing a mask. I saw a burglar with almost all of my neighbors things and appliances. Thought they were moving or upgrading and waved.
|
|
|
|
> I saw a burglar with almost all of my neighbors things and appliances. Thought they were moving or upgrading and waved. This brings up another point, which is that one of the best things you can do for your security is to be well known by your neighbors. If no one knows your appearance and habits then all kinds of crazy stuff can go down while you're away and your neighbors won't know anything's wrong.
|
|
|
|
It is not always enough. Like for example my ex sister in law once held the door open for the burglar who were getting out of the building with her own TV. She only realized that when she went upstairs and found her door open.
|
|
|
|
Doesn't this actually support the argument? If she had known her neighbors she maybe would have questioned this stranger carrying out a TV, or at least given notice to their appearance.
|
|
|
|
It is quite common to seek help from friends when moving in and out, it could be the result of a sale in the second hand market, etc. I don't think knowing your neighbours is enough. The burglars were quite polite and I have to clarify it happened in Switzerland where most people don't necessarily assume malice by default. Not a country where you risk being shot for stepping in a property.
|
|
|
|
> All of which is invalidated by people staking out a place and wearing a mask. My favorite part of the beginning of the pandemic was going to the bank in a hankerchief like an Old West bank robber. Just as effective today as back then...for hiding your identity just slightly better than Clark Kent taking off his glasses.
|
|
|
|
They also didn't do anything from a disease perspective either, unless it was a disease transmitted by large quantities of spittle.
|
|
|
|
WTF? Did I accidentally make enemies of the Bandana Fashion Gang? On a health-level, how is this remotely controversial? Bandanas--especially draped "bank robber" style--are simply a bad choice: > Loosely folded face masks and bandana-style coverings provide minimal stopping-capability for the smallest aerosolized respiratory droplets. -- https://pubs.aip.org/aip/pof/article/32/6/061708/1068115/Vis...
|
|
|
|
you brought the health thing to the conversation trying to drum up whatever. nobody wants to have the mask conversation here. again. you're either for or against and nothing anyone here says will change your mind. so just don't go there.
|
|
|
|
> you brought the health thing to the conversation Dude, re-read the thread: 1. You specifically framed it as during "the beginning of the pandemic." 2. You brought up people wearing masks (implicitly for health concerns.) 3. You said those particular masks were amusingly ineffective (for disguising identity in the bank.) 4. I wryly noted those particular low-quality masks were indeed ineffective in multiple ways. (The health concerns that motivated them in #2.) I can't make you enjoy my reply, but stop acting like this is some kind of shocking non-sequitur leap into forced realms of conversation. You more than set the stage yourself.
|
|
|
|
not once did i mention health. i compared them to clark kent and glasses as a disguise. not really sure what you're reading, but you're really wanting to push something that's not there. enjoy
|
|
|
|
There was another HackerNews story about smelling diseases. I have the rare ability to smell coronavirus, (I've diagnosed probably a dozen people correctly.) That said, if I'm wearing an n95 mask it's harder for me to detect and with n99-n100 masks I don't perceive anything at all. From that observation I infer masks are effective at eliminating virus transmission, which is quite extraordinary given the virus is so small.
|
|
|
|
Do you have a sense of whether you can distinguish between the five endemic named coronaviruses? And whether you can distinguish between those and rhinoviruses / adenoviruses / etc? There was another poster on that thread who said they were able to smell colds. I wonder if this is just extremely common and / or if we can all be trained to do it like with wine? > From that observation I infer masks are effective at eliminating virus transmission, which is quite extraordinary given the virus is so small. This inference doesn't really make sense to me. I bet putting a cigarette in your mouth, or a chopped onion in front of your face, would achieve the same frustration of this ability.
|
|
|
|
> All of which is invalidated by people staking out a place and wearing a mask. Approximately 6 years ago, I saw a face detection demo, which detected the face of a man behind a snow mask while running in the night with minimal lighting from a side-shot. I think seeing the eye and nose geometry was enough. The only time the system saw the face was from another camera in the same system head-on. I don't remember whether it was masked or not. If this is available for defense, it can be made available for civilian applications, too, but it won't be, because then you won't be able sold it to that price because of depreciation.
|
|
|
|
> If your place has neither then you’re a greater target. On the other hand, if a place has visible cameras and ADT signs, do they have valuables worthy of protection and worth the risk?
|
|
|
|
Yes. I saw an interview with a burglar in the UK. He said he preferred properties with alarms and other security features because they were much more likely to have valuables worth stealing. And, as he pointed out, nobody cares about an alarm going off in a city. It just gets ignored.
|
|
|
|
Here we live in a surveillance state where the cops don’t arrest anyone unless they have money to steal. Worst of three worlds.
|
|
|
|
> Generally they are in and out in a few minutes long before police or a security service can dispatch someone. With security ops like this, it is important to understand that they are not targeting joe schmoe. They are targeting specific orgs/people that have a lot to lose. Using the "Lockpicking Lawyer" as an example: "Oh they can get into a security shed, who cares." It's not about meemaw's security shed, its about a cop's trunk with guns in it.
|
|
|
|
They did that too. Neighbor was a cop. Took all his gear, uniform, weapons, etc.
Was demoted to motorcycle cop after that.
|
|
|
|
People should by now have learned from all the footage on NextDoor of burglars ignoring obvious cameras. Mine are wired, but I'm not fooling myself that they're going to be all that useful if something happens. The other glaring flaw with cameras is that they always face perpendicular to the street, so even if the getaway car has plates you'll never get a shot of them. Not that the car isn't stolen anyway...
|
|
|
|
|
There are wifi cameras that will store video locally when the wifi is out, although I can see it'd be a problem if they get stolen while the network is jammed and they don't have a chance to upload.
|
|
|
|
This is something Eufy can't make up their mind on. The doorbells and some cams transmit wirelessly to a base. Then they released new cams that do it locally and don't work with the base.
|
|
|
|
At the end of the day its security theater. Having a video of the crime won’t prevent it or even lead to solving it most of the time. If you want actual response to active crime you are going to need someone who is paid to preferentially show up to your property and they should be in a guardhouse nearby.
|
|
|
|
"video verification" by a monitoring center via cameras can greatly improve police response times, and private security companies are often specifically in the business of video verification systems. There isn't really a dichotomy here and cameras can be an important compliment to a security response arrangement. Increasingly, cameras are the way that security companies dispatch their guards. They are far more actionable than traditional intrusion alarms. Depending on the police department, alarm reports with video may be treated as crimes in progress while intrusion alarm activations alone are not. Unfortunately the technical standards around video verification are not widely implemented and so in practice it usually requires getting your intrusion alarm, surveillance, and security response all from the same vendor. There are common standards but the consumer security industry today is heavily organized around walled gardens and there isn't much adoption of the industry standards outside of commercial. In the commercial world these types of systems are often referred to as "pre-intrusion" since the monitoring center observes the cameras in realtime and, in theory, could dispatch guards to suspicious activity before any intrusion alarm would be triggered. In the consumer world, for cost and privacy reasons, the monitoring center usually only receives video after the activation of an intrusion alarm.
|
|
|
|
I had 2 (stolen) cars pull up out the front of my house and 6 teenagers swarm my house (whilst several stayed in the cars) in Brisbane, Australia. I was notified by the motion alarm in my driveway and then my front door and was able to hit the Siren button and scare them off. Without that, I would have had 6 "armed" intruders inside my house with myself+partner+4 year old. The camera system prevented the crime being far more serious than it would have been (both cars+valuables stolen and maybe a stabbing or 3).
|
|
|
|
We just got new windows in our home, replacing aging double-pane glass with newer, much better insulating triple-pane glass. However there was an option to get added sound insulation and my SO is sensitive to noise, we added that. I was also considering the safety glass option, given that we had a porch door with "all" glass (just a small wooden frame). I'm a distracted and clumsy at times so I was worried about running through the glass in the door. After talking to the window manufacturer, I learned that I didn't need the safety glass option since the extra sound insulation meant the construction was laminated, hence acted much like a laminated safety glass. Haven't tried to break them yet, but after helping getting them mounted (about 50kg for a 1x1m window, heavy!) it seems to me it'll take some effort to get through them. Proper anti-burglary glass is likely much better, but wouldn't surprise me if a group of teens would struggle. Anyway, wasn't my primary consideration but I sleep slightly better at night compared to the old windows which could easily have been shattered with a simple rock, including the porch door. edit: Also sleeping much better due to the sound insulation. The triple-pane does most of the damping I imagine, but between them it was a vast difference. I had three ~10 yo boys running around screaming (or playing as they'd say) 10m from my wall, and once I closed the new window to my room I could barely hear them. Not at all like the old windows. edit 2: We also got the option for IR blocking, it adds just the slightest blue tint but cuts 60% of the IR. Made a massive difference in keeping especially the living room cool during summer.
|
|
|
|
You’re a salesman’s dream. You bought into all these features that are incrementally dubious in value, but magnitudes higher in price.
|
|
|
|
The three-pane glass and IR filter were definitely not of dubious value. The windows have a U value that's significant lower than what the old would be due to the three-pane glass. The lack of cold flowing compared to the old windows was very noticeable as we got them mounted during the winter, so had an almost direct comparison. This winter we had a week below -25C and even then it was hardly any noticeable "cold shower". The IR filter was incredibly noticeable when opening the porch door on a bright and sunny day when outside temps were roughly same as inside temps, holding one hand behind the main window and one in the door opening in direct sunlight. The difference in radiant heat from the sun on each hand was striking. It was also very noticeable on the living room floor during summer if the porch door was left open for a while, standing with one foot on a patch lit by the window and the other on a patch lit by direct sunlight. Though it wasn't unexpected given the blackbody radiation from the sun[1]. The additional sound proofing I'll agree on though. It wasn't that significant on paper, IIRC listed as 5-6 dB reduction, maybe less. But we had waited and bought them during a 50% off campaign which included the extra options, so we went for it as it didn't add that much after the 50% reduction and my SO is really affected by noise. [1]: https://en.wikipedia.org/wiki/Sunlight#Composition_and_power
|
|
|
|
You’d be surprised, good windows add so much qualitatively but also quantitatively (reduced heating and cooling). It’s hard to imagine it but it’s real. I’ve been experienced it first hand.
|
|
|
|
Super cool! I have a proactive security system as well and can also set off alarms. I've set this up for other people, but it seems that people tend to stop with setting up the detection system and I've yet to see someone I know take it to the response stage. Inspiring, thanks for sharing!
|
|
|
|
Woah are things out of control down there? Sounds like GTA Los Angeles.
|
|
|
|
To add to sister comments, solving a burglary is rarely tracking the thieves down in their agit and getting back the goods Hollywood style. What people expect: - triggering an alarm so the theives don't spend the night looking at every nook and cranny of the house - having proof that it was burglars and not the drunk neighboor forcing his way to the wrong house (if so, you'd also want proof of that though) - get the cops and insurance to be on board and have the incident processed swiftly. "solving" here basically means getting the insurance monney to buy the missing stuff.
|
|
|
|
Or just the police not even trying to solve it. In my city, it's inconsistent. A neighbor's alarm activated by accident and 3-4 policemen arrived quickly. Yet a friend's house was actually burgled, they took an ipad which tracked itself to two addresses in a nearby suburb and the police said "sorry, we won't check that out, you should have had cameras". I have a feeling the police prefer to solve crimes by talking to people and browbeating them into revealing things rather than using technology, so I was surprised they recommended cameras.
|
|
|
|
|
I have the cameras to prevent surprises. If someone walks near my house I immediately get their picture on my phone and/or tv using home assistant with frigate.
|
|
|
|
This is my use case and setup also. If there's someone in my yard I want to know. If I'm not home it additionally kicks off other automations that make my place look less tempting for an attack. Edit: it's also very useful to me to keep video logs of my shop and other areas. I can easily go back to see what happened if something goes wrong (stuff falling, me forgetting stuff somewhere, figuring out why there were big car tire tracks across my yard, etc).
|
|
|
|
Regardless of that we all should have cameras running everywhere all the time It is only recent history that cell phone cameras have become ubiquitous and it has caused a huge shift in the authorities ability to squash their abusive behaviors In the same way that TV played a fundamental part of progress in the civil rights and Vietnam wars, one of the best tools the average person has to hold people accountable is to control the narrative via video My only concern is that gen AI will mean that nobody will ever trust video evidence again. I hope we get some kind of signature based crypto verification on recordings to prove they aren’t fake. Like every device is keyed to authenticate the recordings it produces
|
|
|
|
Any idea of trying to prove that a random video isn't fake by crypto verification is very, very brittle - the trust relies on having almost 100% certainty of key secrecy from a global, heterogenous system of low-margin commodity manufacturers. Like, ok, every device is keyed to authenticate the recordings it produces, using a unique key signed by the manufacturer - as long as a few valid device keys ever leak from the device or the manufacturer, any fake video can get signed with a valid key from Camera#1234 from ShenzhenCameraCorp567, ltd.; you're not going to make every $1 camera module in cheap embedded devices tamper resistant.
|
|
|
|
This seems conceptually similar to certificate authorities.
|
|
|
|
Kind of, but the requirements on such a system are far stricter than what we get (and expect) from certificate authorities. For example, the CA system doesn't fail in its goals if I publish (no matter if accidentally or incidentally) the private key for *.mydomain.com; but the proposed image verification scheme does become useless if one of the many manufacturers does that; the CA system doesn't fail just because CAs will issue a certificate to phishing sites run by some criminal, but the proposed image verification scheme does become useless if some manufacturers will issue a "camera" certificate that can be extracted and used in some criminal's Photoshop workstation instead of a real camera. For web CA's to work, all you need is that the single certificate for the site you're choosing to visit is good - but if you want to use a similar system to verify trustworthiness of viral images originating from strangers through social media, you need 100% of the camera certificates to be valid - if there are any leaked certificates, then manufacturers of fake images will use those; and on the other hand if you "revoke" everything from any compromised manufacturer, people won't just replace their cameras, they'll simply keep posting data with their valid-but-invalid certificates and you'll either have to automatically mistrust lots of genuine true content or be vulnerable to fake data, and most people will choose the latter.
|
|
|
|
Cryptographically verified recordings don't sound practical to me (sensors and video processing electronics sound like a lot of hardware to put in a secure element), but I'm sure we will see generative AI inflating away the value of blackmail material soon; one mitigation for this could be cryptographically signing material and then publishing the signature long before it becomes practical to fake it (i.e. the past, increasingly), then periodically creating signatures with new algorithms in advance of the discovery of practical attacks on existing ones.
|
|
|
|
The only thing that'd need to be in a secure element would be the signing keys. This has existed for a while for digital cameras. Canon, Nikon, and Sony have all brought still image solutions to market for use in situations like photojournalism or forensic evidence collection.
|
|
|
|
Device signing can be used very effectively to tell if a particular devices was involved in an action - but it is far more difficult to tell if some non-specific device was the source or whether it was generated. When it comes to fabricated video evidence we'd need to establish a circle of trust that included every camera ever produced but was somehow secure and unforgeable. We've seen this approach break down previously with Diginotar[1] - it really only takes on weak link in the system to compromise the verification. At the scale with which cameras are demanded it seems unreasonable to expect a centralized signing administration to be able to keep their tokens all completely secured. 1. https://en.wikipedia.org/wiki/DigiNotar
|
|
|
|
> When it comes to fabricated video evidence we'd need to establish a circle of trust that included every camera ever produced Stopping short of that, there'd still be value in being able to cryptographically prove that your home surveillance video (or dash cam video) came from _your_ camera and is unaltered from the original recording. I think going forward, the "circle of trust" for the next "capital insurrection type event" video evidence will be founded on multiple videos of the same scenes from multiple angles and from devices owned by un related individuals. Although, the biggest category of cameras these days is cell phones, and all (most?) of them have some sort of hardware trust store with private keys that are extremely difficult to extract, so it wouldn't be to much of a stretch to consider having Android and iOS default camera app being able to digitally sign photos/video - all without "a centralized signing administration" and piggybacking on existing token security methods...
|
|
|
|
I don't think that the signer would be able to verify the authenticity of the data that it received from the sensor and image processing circuitry unless they were able to authenticate each other securely. I know that an attack on a system like you proposed would still be expensive, but it would become more attractive if its characteristics were overplayed (and would then be subject to legal challenge). Forensics, of course on the other hand is based on experts saying "yes, by all accounts this appears to have happened".
|
|
|
|
Yes, and then governments will require that any sale of recording devices are registered so that footage can be traced back to.... undesirables who undermine the great leader.
|
|
|
|
>> Regardless of that we all should have cameras running everywhere all the time I would like to opt out of this nightmarish safety hellscape. I never use the phrase Orwellian because it’s so often misused, but yikes is this some 1984 badthink.
|
|
|
|
I held this same opinion until recently but I've come to realize that it only disallows citizens from recording in public -- that is, if this opinion were adopted in policy, the police could use said policy against me to prevent my filming of police activity. I'd also like to opt-out of having cameras everywhere in public but the fact of the matter is they are here to stay. Additionally, most of the cameras which capture your image in public are not cameras which you installed and they're not cameras which you have the authority to remove. Adding your own cameras to the mix is functionally equivalent to exercising your freedom to speak; really, to document, in this context.
|
|
|
|
At the least we could have legislation to prevent police from creating mass surveillance networks, ie keep the process limited to individuals.
|
|
|
|
|
I think the distinction is who controls the tools. Everyone having their own cameras is very different from the party controlling cameras around everyone.
|
|
|
|
Sometimes it's both, like in the case of Ring doorbell cameras. I may install a camera and think I'm in control, until my footage in the cloud is subpoenaed without my knowledge for an alleged crime I have nothing to do with.
|
|
|
|
|
I went with a doorbell with local storage (Eufy, in my case) for this very reason. My knowledge of the law here is virtually nonexistent. It seems likely that I could still be subpoenaed to turn over footage under some circumstances. But at least I'm in control of that footage and it's not automatically being given to some third party.
|
|
|
|
That's a meaningless distinction in a world with room 641A, rubberstamp FISA warrants, etc. If the party wants the data, it can get it; whose disks it is stored on is an irrelevant implementation detail.
|
|
|
|
I don't know about should, but given that cameras and microphones and processors and power and communication are all probably going to continue to get cheaper and smaller and lighter it seems to me that this is nearly inevitable. So the question really should be - how do we adapt to it? How can we try to mitigate the harm (through social, legal, and/or technical means) and steer our changing society closer to a future that we'd actually want to live in?
|
|
|
|
Yeah, not only are cameras going to get cheaper and smaller and lighter (and way more ubiquitous as a result), but there's other factors to consider too. Face recognition is also getting cheaper and more ubiquitous (and other similar technologies like gait recognition and even skeletal kinematics identification). The privacy implications are astounding. But, as you say, this is all inevitable (I intentionally left out your "nearly" there), and it's a very good question about how that's going to change society and whether we (I) want to live in that.
|
|
|
|
Could be useful for insurance/liability purposes though. Same reason for a dashcam.
|
|
|
|
I hear this a lot and it's the wrong expectation. Cameras are not security theater, AND they often won't stop a crime. I don't think people in security industry expect that or sell it to do that. That said, I have seen a dumb ass thief who assumed no cameras were present in a commercial building suddenly notice a camera staring right at him, who then aborted his operation. We had great pics of his unprotected face, which helped police identify and charge said thief. So the value of surveillance is partially preventative, but almost always the value comes in understanding definitively what happened and how it happened. Often this can be the observation of entry attempts that inform an iterative improvement process for security. Hardly theater.
|
|
|
|
> Cameras are not security theater, AND they often won't stop a crime. Dashcams don't prevent traffic accidents. But they _do_ make it much much easier for the not-at-fault party to make their insurance claim. It'd be nice of home security cameras "stopped crime", but they are much more useful in documenting your insurance claim. Which is still worthwhile (assuming you have insurance to claim on).
|
|
|
|
> It'd be nice of home security cameras "stopped crime", but they are much more useful in documenting your insurance claim. Which is still worthwhile (assuming you have insurance to claim on). What else do you need except that you got stolen n items when doing your insurance claim?
|
|
|
|
Literally a police report would be sufficient for burglary claim and you’ve never needed video evidence for that.
|
|
|
|
1) Deterrent alone is not too shabby. 2) You might be right about some places and are definitely wrong about quite a few others. Having clear face images of "troubled youth" known to the cops has led to arrests in Australia, for one.
|
|
|
|
Having a photo of my hot and run driver at least got me insurance coverage.
|
|
|
|
You should be covered by your own insurance who turns to the other driver's insurance to get back the money. And your insurance will send you the money even if the drivers is not known, provided you have called the police so that hit and run is registered. So that photo isn't usually necessary although it helps your insurance getting its money back.
|
|
|
|
I propose HN have a smart edit detection feature where it allows small edits for a longer period, to correct spelling without xhanching the manning.
|
|
|
|
We have security cameras (that can read license plates) which caught a woman who backed into my car and drove away just last week.
|
|
|
|
> At the end of the day its security theater. Having a video of the crime won’t prevent it or even lead to solving it most of the time. I know of at least 2 countries where police will be immediately dispatched to a robbery in progress if a person is caught on camera by the alarm system and the owner confirms it's a robbery (e.g. on a phone call). By law, police won't be dispatched unless a person is caught on video, due to false alarms. I know this because that's what happened when my home was robbed and I was out of town. Fortunately, since the police response was quick the thief didn't have enough time to take anything (!), as he must have been in and out in 2 minutes at most. It also helped that there was no jewelry or cash inside the house, of course.
|
|
|
|
Sadly it is becoming kind of moot nowadays with so much spam that less and less people are answering to unsollicited calls. I know I don't so the police would just ring my phone and I wouldn't know about it. Not that I would want to but having a security system in my house would probably not be an high enough incentive to start answering these kind of calls.
|
|
|
|
That's why my alarm company's call center number is on my contact list. I even configured it to bypass "do not disturb" mode. Although unsolicited calls are not a problem here, fortunately.
|
|
|
|
Only if crime isn’t punished. If it is, I.e. the video is used to track down the thief and put them in jail for 20 years, it definitely stops the problem.
|
|
|
|
nah out the same-day and released on a plea or technicality as long as no-one was hurt and no weapons involved.
|
|
|
|
|
|
neither was your posting of a comment that didn't further the conversation in a meaningful way. assault gets less time than that, and i'd hope that getting attacked physically would rate worse than the loss of possessions on your chart
|
|
|
|
oh we do agree that assault should be way higher in ranking. That being said, burglary can quickly turn to violence. I just dont see why we should entertain that normal well behaved people should tolerate even a tiny risk from people who clearly does not know how to behave, but I guess I am just weird, valuing the rights of people who behave properly over those who commit violent crimes (and yes, burglary is violent)
|
|
|
|
> I just dont see why we should entertain that normal well behaved people should tolerate even a tiny risk from people who clearly does not know how to behave Who said or implied that?
|
|
|
|
I guess thats kinda implied when thinking burglars should be let out faster than 20 years(or at all). Unless there is a way to garantuee no re-offending
|
|
|
|
What the West refuses to learn from other countries is that you can literally eradicate crime by eradicating criminals
|
|
|
|
And the best way to address that is the root cause of why the criminals are criminals in the first place and imprison the few that refuse to change. Also, non-Western countries generally don't have a great track record with things like gay rights, women's right, etc. So I'm mostly happy that we do things the Western way and not otherwise.
|
|
|
|
Poor Asian seniors in San Francisco go around and collect cans for refund. Other people break into cars and still others mug people. Give the car thieves 3 chances and the muggers zero.
|
|
|
|
Which countries would you suggest emulating?
|
|
|
|
|
|
|
Sadly, you're not wrong as expecting a police officer to do anything with the footage is just a farcical notion. Which really makes me wonder what police were doing when they were requesting footage from Ring directly. We've been told directly by detectives that they are too busy to look at emails with evidence. There must be some other purpose for them wanting the footage other than solving crimes. I just don't know what it is
|
|
|
|
Your detective in your city on that day may have been too busy, but that’s just an anecdote, not a survey of the thousands of cities and police departments and their response to home burglary footage.
|
|
|
|
The majority of murders go unsolved. The vast majority of rapes go unsolved. Police regularly don’t even spend the money to process DNA samples. I’m not an expert on this topic but it seems to me that the police in big cities largely don’t do their job.
|
|
|
|
The problems you mention are extremely hard. Rape is s notoriously hard crime to prove and murders are either done in gang neighbourhoods where there sre few cameras and people don't talk to police. I don't know of any actually actionable improvement ideas to improve solve rate.
|
|
|
|
I believe your knowledge of how police actually work is at odds with the reality of the situation. Your reference to "either done in gang neighboourhoods.." indicates that at least as it pertains to the U.S. you are ill informed. Police juke stats and in a number of urban centers are effectively a legalized gang.
|
|
|
|
> Your detective in your city on that day you must of have read over the "detectives"--pural--part of that sentence. I have had a burglary in one home, and then a few years later had a home invasion where the person was very obviously identified to the police. The responding officers were able to look him up, have a positive witness ID made, and then see that this was a "bad guy". No arrest made.
|
|
|
|
> Sadly, you're not wrong as expecting a police officer to do anything with the footage is just a farcical notion. Not true at all. Police love footage that provides anything useful when they have time to work on a case and, importantly, the footage is actually useful. A lot of DIY security camera installs provide useless footage: Cameras are mounted too high to catch faces, lighting is bad, license plates are blurry, and the list goes on. If you can actually catch faces, license plates, or anything else identifiable then it goes into the case. > We've been told directly by detectives that they are too busy to look at emails with evidence. That's a polite way of saying your case isn't a priority for them. Caseload is high and most departments have to filter and prioritize aggressively. Unfortunately, anything involving e-mail evidence gets messy very quickly because e-mails require legwork from specialists to verify and admit with a proper chain of evidence. Forwarding an e-mail to a police officer or sending them a screenshot of something might be useful as a hint in an active case, but it's not going to meet the bar for admissable evidence unless they can get more resources on it.
|
|
|
|
> e-mail evidence gets messy i guess i could have worded that more clearly. the email wasn't the evidence. the email was just providing information for the detective on who to talk to with much more information that would not have a questionable chain as you're suggesting.
|
|
|
|
Nice you mention "Cameras too high to catch faces". Also AI detection of people will work better if filmed more horizontally. I lot of people are afraid their cameras will be damaged and want to mount them higher. In reality theives most likely don't give a shit about the cameras. And they are cheap enough they could be considered sacrificial.
|
|
|
|
The first points make a lot of sense, but the email problem you raise is not a real issue - if they wanted a digital forensic chain of evidence, they could easily ask for the disks from the camera system.
|
|
|
|
> but the email problem you raise is not a real issue - if they wanted a digital forensic chain of evidence, they could easily ask for the disks from the camera system. I was responding to the parent commenter's complaints that police wouldn't look at e-mails in some case (not related to video).
|
|
|
|
The police don't have any procedural rules against looking at emails, those rules are for juries.
|
|
|
|
but your assumption to this point was incorrect.
|
|
|
|
Solving different crimes. The ones you might get a promotion or some other gratification out of. If you're in a city with 1,000+ home burglaries a year, nobody cares that you clear one and arrest some meth head. But, solve some gruesome or politically-tinged crime and you're holding a press conference and getting praise left and right. We do the same thing as software engineers. Every large company has some lore about what types of work get you promoted, and many engineers prefer to work on that.
|
|
|
|
This is probably the answer. And so how can we exploit that to get OUR case worked on? Involve the journalists sounds like one. Message your city hall people might be another. Take to twitter? What else? Offer a reward (thus getting more response from all the rest - not to claim the reward but to blab about it) What else?
|
|
|
|
What size is the city with 1000+ burglaries in a year? What is the value of the houses they target? If there are several million houses in the city than 1000 might be close enough to nothing to ignore. However if there are only 2000 houses in the city 1000 is half and enough to get attention - you bet the police care about solving at least some of them. Often the police know who the criminals in town are. However they lack evidence to prove anything. Thus a camera feed showing an already known criminal is enough to get their attention as while they might not care about you directly they criminal who hit you may have also hit a high importance target but they cannot prove it in court - thus convicting them of hitting you helps them for cases they cannot prove.
|
|
|
|
If football players get robbed while on tv playing in a game, you or I have zero hope to prevent a burglary short of an armed guard or a few dogs.
|
|
|
|
I'm always astonished when a cop shoots someone, the body camera video is released within a week. I was nearly killed by a bad driver and it took 5+ months to get the video and the driver was already processed by the kangaroo court.
|
|
|
|
> Solving different crimes. The ones you might get a promotion or some other gratification out of. Actually crime against persons (murder, assault, armed robbery) have higher priority than simple burglaries. Having your property taken away is infuriating but no one can argue that stoping a violent criminal is more important.
|
|
|
|
Maybe? First, a lot of simple assault arrests are for objectionable but ultimately trivial stuff - people getting into drunken brawls, spitting on each other, and so on. A series of burglaries targeting a local small business can be far more devastating to the owner than that. But your argument also doesn't hold because it's clear that there are property crimes that are investigated with zeal. For example, in the SF Bay Area, a person was recently charged with "hate crimes" for taking down some pro-Palestine signs. I'm not making some political point here, but we can agree that the investigation wasn't motivated by the severity of the crime, right?
|
|
|
|
$200 gets you a PoE camera. Solves your wifi and battery complaints with a single cable.
|
|
|
|
glibly ignoring the easy to install part.
|
|
|
|
I worried about this when installing 7 cameras on my home. For what it is worth, more recent nest cameras have battery backup and buffer up to an hour of video if the WiFi is out (https://store.google.com/gb/magazine/compare_cameras?hl=en-G...) So in theory if the perps cut the power you are ok, and if they jam the WiFi you are ok too. A month or two ago 3 guys actually did try to break in (without jamming) and the police took the videos but still weren't able to catch them. It gives me some.hope that perhaps one day maybe they do catch these guys and it serves as evidence. I now have the cameras hooked up to Home Assistant so if they detect a person (and not e.g. a fox) and we are out, a Raspberry Pi starts playing loud barking noises and a few lights turn on. During our breakin attempt, the guys were on their 7th (!) attempt at kicking in our front door and you can see from the videos that within literally a second of a light going on (...when we woke up) they turned and ran off so signs of life from the inside seems to be a strong deterrent.
|
|
|
|
> So in theory if the perps cut the power you are ok, and if they jam the WiFi you are ok too. Steal the camera
|
|
|
|
Always an option. Mine are in the eaves of the house, so about 5 meters up from ground level. So now they have to block the WiFi AND bring a ladder AND anything else they need to break in. Totally possible of course, but why not just burgle the house next door that doesn't have any cameras. You don't you need to outrun the bear, only the other humans nearby.
|
|
|
|
What is it good for if they knock out cameras from being able to report activity to a person? Video probably will not help catch the bad guys. I use cameras with ethernet and PoE, those are also cheaper than wifi. On the other side of the cable there is PoE injection, ethernet switch, recording and object detection server, all connected to a UPS battery. If power goes down, I still have cameras and network running for a few hours, notifying and alarming if anyone trespasses.
When power goes down, I also get notification with snapshot of the incoming electricity box on the street, to know if it was local issue caused by a person, or something else.
|
|
|
|
Yes I was originally going to use Ubiquiti cameras and PoE for this (Ubiquiti cameras store data locally too so a single chunky UPS would cover everything) but for me the problem was the cable runs. They were just not really feasible in my house without considerable work - there was no easy path to run cables under floorboards or through loft spaces etc - I would have had to cut channels in interior brick walls, install conduit, replaster, repaint, then pull the cables through etc. For one camera location I would have had to go through a bathroom too so would need to retile! It would have been the gold plated solution yes, but would have required significant work and disruption to install. With WiFi cameras I was just able to spur into nearby power which was already wired into the house. Each camera took maybe 30 minutes to do a neat clean permanent install. Running ethernet and making good would have taken many days potentially weeks, and as others have said it is mostly about deterrent and peace of mind. It is easy (and kinda fun!) to get paranoid and get carried away planning all this stuff out and thinking about "what if..." scenarios, but ultimately home burglaries are typically just opportunistic things without much premeditation or planning. Sure if you are a specific high-risk target and people are going out of their way to target you then sure go ahead, but you'd probably just be better off with dogs at that point!
|
|
|
|
Ubiquiti have a great name for switches. I have some. Unfortunately they chose not to provide an MJPEG stream on their cameras, which make's is very inconvenient (Read computationally non viable) to get the still images if you want to process the images with your own AI. And proactive camera security should be doing this and not relying on the AI that might be built into the cameras running on their tiny computers.
|
|
|
|
Yeah the integration/API was one other reason why I eventually didn't bother with Ubiquiti cameras (even though I have Ubiquiti WiFi APs and switches and management console already). Nest has a reasonable API (although it appears not to allow changing floodlight settings)
|
|
|
|
Dunno about you, but my Ubiquiti cameras work perfectly well with Frigate and it's "AI" detection. With Scrypted I could even plug them in as HomeKit Secure compatible cameras.
|
|
|
|
Can you give us a product list? I’d like to build a similar set up. What kind of cameras and what software are you running? Great setup
|
|
|
|
Not the GP but I have more or less this with all Unifi gear, a Dream Machine Pro and PoE switch in the network cupboard, a Flex PoE switch in the loft with 4×G5 Bullet cameras plugged into it. Unifi restricts choice but everything works in a few clicks and both the web app and mobile app management interfaces.
|
|
|
|
The point here is to send them to some other house before they actually get into yours. Not to catch them. To some extent, catching them means you were not dissuasive enough in the first place.
|
|
|
|
Yep. For me as well it was quite reassuring to be able to piece together exactly what happened. So rather than just being woken up by the noise of someone trying to batter the door down, I was able to go back and piece together 3 or 4 minutes of what happened - the cameras caught their car arriving, caught them going down a side road, caught them climbing over a fence at the back of my house, caught them trying to climb up onto the roof, caught them creeping around in the garden looking through windows, caught them trying to kick the door in, and then caught them running off and driving away. I had enough that I was even able to write a post mortem with timestamps etc. This helped us make some security improvements, but for me personally it helped me process the whole situation - it was less traumatic for me to feel like I at least had "complete" info and was in control and generally feel less victimised and helpless.
|
|
|
|
That's a very good point yes. Understanding and satisfaction that the defenses worked (and how they worked). Closure basically. Far better than the alternative (of a big mess in the house and not knowing how things failed - not being any better prepared after than before.)
|
|
|
|
In general plausible signs of life does sound like a good response. All the more so if they really make sense related to sensory input. In service of making the next home seem like an easier target than yours.
|
|
|
|
I remember the days before wifi routers came with randomized passwords. We walked around with a backpack that connected to open wifi, logged into the admin page with the default credentials, and changed the wifi name/password and the admin password. We were evil kids and possibly part of the reason there are randomized passwords now. Anyway, this is basically the same attack, just with a B&E and a lot more temporary. I'm actually most surprised that these devices don't appear to do any buffering when a connection is lost. And even then, the internet will not stay active if the thieves just go to the neighborhood junction box and pull the plug on the house. :sigh: too much reliance on technology...
|
|
|
|
Security has never been a concern for consumer devices. When I was a kid the local telecable remotes worked on all of the boxes in my neighborhood. I used to sneak up to people's windows and changing their channel. I bet my dad wondered where his remote was.
|
|
|
|
My neighbor and I moved in the same week and happened to buy the exact same doorbell unit. Every time someone rang the doorbell at either of our houses, the doorbell in the other house would ding too. It took us several weeks before we realized we were both answering the door every time someone came to one of our doors. It was an easy fix, but hilarious.
|
|
|
|
A friend of mine had a telescope in his upstairs room, the window of which overlooked a lake with several other houses in view across the lake. 1: Get the other house's TV sighted in the eyepiece. 2: Move your eye out of the way and hold the remote control up to the eyepiece. 3: ... 4: Move back and observe the confusion.
|
|
|
|
I am so skeptical of this story but I want it to be true so badly. If I shine a laser through, does it really focus on the sighted spot? Does the coating on the telescope not filter IR? I thought most did maybe not. Could I shine a flashlight through and illuminate the room? How is that not the same?
|
|
|
|
1. Optics are symmetric, so it will shine on the spot with the same total power, which might not be noticable. 2. Maybe! Cheap ones might not even have a coating. 3. You can do this! See (1) for how much brightness you can expect. If it worked, it’s due to televisions having a relatively low activation threshold for user comfort, so you don’t have to aim the remote accurately, or often at all! Often secondary or even tertiary (or more) IR reflections will trigger television functions. For a quick sample, try aiming your remote at the opposite wall and seeing if the tv turns on. I don’t doubt this story, but I also believe it would have worked merely by pointing the remote at the TV, telescope or no.
|
|
|
|
> For a quick sample, try aiming your remote at the opposite wall and seeing if the tv turns on. But first make sure it isn't radio controlled. The remotes at my old house were all assigned a cable box and you could control that box with its remote from anywhere in the house.
|
|
|
|
> > For a quick sample, try aiming your remote at the opposite wall and seeing if the tv turns on. > But first make sure it isn't radio controlled. Based on my experience, this isn't actually a problem for people interested in trying it with their TV as RF remotes included with STBs, streaming sticks, etc., still have IR transmitters built in to control the TV. Specifically, the actual device (e.g. cable box) is controlled with RF signals (often bluetooth) but the power and volume buttons are often controlled via IR because those are functions of the TV and most TVs have IR receivers. TV power/volume can also be conttolled via HDMI-CEC in theory, but in practice I've run into compatibility issues more often than not that way whereas doing it over IR just works.
|
|
|
|
For #2 - Assuming it's not a spotting scope or similar, filtering IR wouldn't have much benefit. An IR filter might even hurt for the typical star gazing type usage, depending on the equipment used. Cameras for looking at things in the night sky often explicitly lack IR filters (often at massively increased cost) to increase sensitivity to any available light.
|
|
|
|
Very much this. Any IR filtering on a telescope would not be a very favored option. There is so much interesting stuff to see in the IR range. To your point about lack of IR filters, there are places that offer a service to have the IR filter removed from your DSLR. You can just add an IR filter to your lens to have it back to "normal".
|
|
|
|
This seems incorrect. Everywhere I look I hear effectively: > All refractive optics require IR filters. The reason seems to be it prevents "bloating" of bright points of light - eg stars, and increases contrast in the visible range by cutting off UV and IR (which CCDs are apparently sensitive to), so it is in fact desirable to have IR filtered out. Now, does that mean it's default? Maybe not.
|
|
|
|
Possibly desirable for optimal image quality, sure, but taking pictures is not the only use for a telescope. Many things just require knowing how much light is present, and how that changes over time. Occultations are one such case which I have familiarity with. Objects are often so faint that every little bit of light is essential to improve SNR - https://occultations.org/IR filters are generally pretty effective too, so just having one anywhere will do the trick unless you're dealing with a lot of light. Cameras which would be undesirably sensitive to IR would usually have the filter built in, basically right on top of the sensor. No need for added coatings on the telescope itself.
|
|
|
|
It is the same! Sounds like it's time to craigslist a cheap telescope and engage in some fuckery of your own!
|
|
|
|
remotes are not lasers, since a laser would only worked if you point at the small ir receiver with high accuracy. Instead remotes are regular IR which is allowed to scatter.
|
|
|
|
I used to have a TV-B-Gone universal remote with only one button - OFF (oh hey it is still a thing https://www.tvbgone.com/). It was glorious, I used it in airports back when they had TVs all over the place, in hotel bars, in airport shuttles. It came with a booklet warning you about dangers of using it in a crowded sports bar during large sporting events...
|
|
|
|
|
I remember that being the norm as early as about 15 years ago. Thus the reason behind the security mantra, "If it's not secure by default, then it's not secure". Because normies know very little, if anything, about IT security. And to be fair, they shouldn't have to. When you buy a house or a car, how often do you take time to examine the mechanism in the door locks, and check to see how easy it is to pick them? Or do you rely on the locks generally being secure, albiet far from Fort Knox-grade.
|
|
|
|
That is true, BUT people are willing to learn about securing their cars and houses. They will take precautions. People do change their locks, buy security systems for their cars take care that they do not leave keys lying around. They are willing to make an effort to lock their doors, keep and eye on things. They will avoid buying things with weak security. When it comes to IT they expect someone else to do it. The problem is no one else cares about your security as much as you do.
|
|
|
|
> check to see how easy it is to pick them Never, based on how easy some cheap locks are to pick.
|
|
|
|
I pick locks for hobby and agree with this statement
|
|
|
|
I occasionally watch The Lockpicking Lawyer videos on YouTube, and I also agree wit6h this statement.
|
|
|
|
|
No, I started last year, by myself, didn't actually know this organisation, I just get training locks on shops and unlock them, I also see that they are specifically in US, I am from Italy, so there is no one of them around me :(.
|
|
|
|
There was a thing 2-3 years ago around me where you'd go in Mcdonalds and they had several SSIDs in there called MCD0NALDS MCDWIFI MCDOONALDS MCRONALDS etc. If you connected to any of them, the sign in page would Goatse you. I suspect it was a plug in ESP32 dongle or something hiding in the restaurant.
|
|
|
|
I do miss the days of hacks that are primarily just there to mess with people.
|
|
|
|
So kids might stumble upon it on their cartoons tablet when getting a Happy Meal? Some prankster would feel bad when asked to explain themself to a parent or detective.
|
|
|
|
They likely would never had to explain themselve anyway. The fact the device is found doesn't mean the prankster would get caught. It is not like they will look for fingerprints and ADN for a small prank.
|
|
|
|
Unless the parent complains to TV news, who get B-roll of the McDonald's playground and Disney and other symbols of American childhood wholesomeness, and spin a narrative about some cyber-predator using computer hackery to reach out and traumatize children. A predator who apparently was physically at the location, possibly returning frequently to observe reactions to their prank, and who knows what all their intentions. Then they might become a priority to catch. But my point wasn't that they'd get caught, but that those who were only (non-sociopath) pranksters would feel bad, when they started to realize that pranks can have serious unintended effects for themselves and others. Few teens would intentionally show goatse to a young child. The prankster just didn't think this one through, past "wouldn't it be funny if someone saw goatse due to a clever hack of mine", past the misdirected teen impulses to stir things up.
|
|
|
|
I remember driving around, getting lost, then finding a neighborhood busting out my laptop and figuring out where I was via mapquest in order to get home many times. Also made sure to check my myspace. Never did anything particularly evil. Definitely downloaded some movies off Kazaa via my neighbor's wifi, because it was faster than my wifi. Realistically, if you're going to have wireless security gear, it needs to detect when it's being jammed and immediately sound the alarm. That's the only way it's even remotely viable. Just recording people stealing your stuff isn't enough.
|
|
|
|
A friend and I made a yagi antenna from a threaded rod, some nuts, and a Pringles can. We never really did anything with it, but it was interesting in the early days of who did/didn't have WiFi. The branch of the Fed put out some serious signal back then though. I remember passing it on the highway, and received more packets from it than from home networks from slower drives in local neighborhoods.
|
|
|
|
I miss the days of open-by-default wifi. I remember my uncle's internet connection was provided by a coffee can taped to his window that he threaded his antenna through, and when I first moved out of my folks house, living close enough to neighbors who paid for me to torrent movies. Of course it's less useful now, even the cheap prepaid mobile phone plans will get you a usable internet connection.
|
|
|
|
> I miss the days of open-by-default wifi. So does every wannabe be l33t hax0r.
|
|
|
|
> We were evil kids Not to me. As far as I'm concerned, you improved the status quo by punishing the laziness of corporations. They half-ass the products with complete impunity. You showed them what happens when they do that.
|
|
|
|
Backpack? I used to walk around with a Nintendo DS that had a mod running off of a microsd card
|
|
|
|
Been saying this for a while but the RF world is wildly under-explored on the consumer side. The military has been doing electronic warfare for ages but it's only now popping up in the consumer industry. An example: all wireless protocols can be trivially jammed by just spamming noise, like anything else, but most can also be smart jammed by various methods: spamming disconnect packets, malformed packets that crash the device, noise jamming very specific parts of various transactions, like the alignment section of OFDM QAM on 4/5G, etc. This means, instead of needing some multiple of the targets transmit power to cover a wide area, you can use as much or less power than the target which is extremely bad from an EW standpoint. We need to build smarter wireless protocols that can both resist casual assholes, but also higher sophistication adversaries up to and probably including nation state actors for the safety of our infrastructure. And yes, that means insulin pumps probably shouldn't have radios in them.
|
|
|
|
> Been saying this for a while but the RF world is wildly under-explored on the consumer side. Not really, it is, but nobody gives a shit. Before zero-trust was the latest cool buzzword on the block, there was the Jericho Forum[1]. I vividly recall attending a Jericho affiliated event where one speaker was banging on about how insecure those bluetooth phone dongles were. Nothing changes. Security remains an afterthought. But back to the topic at hand, security camera, home WiFi, asking for trouble really. There are some things for which you really should just run a damn cable. [1]https://en.wikipedia.org/wiki/Jericho_Forum
|
|
|
|
Why do you think there are so few attacks given the wide surface and long known vulnerabilities here? Maybe there are simply even lower hanging fruit to further your scam or espionage than intercepting these communications?
|
|
|
|
Barrier to entry, mostly. Implementation of most RF attacks historically required expensive SDR equipment and strong knowledge in a highly specialized domain. Even many WiFi attacks which can be executed by off-the-shelf WiFi hardware require specialized driver/firmware hacking to execute, since most WiFi firmware isn't designed to send frames "out of turn" or with the wrong flags set. This is all evolving rapidly and I fully expect this to be one of the hottest topics in coming years. Flipper Zero is an obvious example of the change here - it was absolutely nothing new hardware or software wise, but providing easy access to standard BLE primitives and years-old sub-Ghz radio chipsets triggered a variety of meltdowns. More powerful SDRs and basic "building block" libraries for SDR are only becoming cheaper and more available every day.
|
|
|
|
I suspect that there are many many attacks, but we don't hear much about them because they go undetected. People are routinely being tracked via bluetooth for example but very few people think about it or bother to disable bluetooth because of it. Companies (and anyone else interested) just get to scoop up all that data and use it for whatever they feel like.
|
|
|
|
We need to start wiring houses for this stuff. It's absurd that we don't treat data cabling as fundamental as plumbing at this point.
|
|
|
|
I'm unsure, but my gut tells me there's regulations/building codes that require landline cabling in (new) residential homes, and of course, not data cabling. Like I said, it's just a hunch, though.
|
|
|
|
You're suggesting there is building code requiring the omission of data cabling. I'm not even sure how this would be phrased. Especially given that phone cabling is just Cat5 cable now. Data cabling is omitted from new builds because it doesn't sell homes and is just a cost. The only recent comparison I can think of is how some cities actually required lead pipes for drinking water for decades.
|
|
|
|
> You're suggesting there is building code requiring the omission of data cabling I don't think so. I think he's suggesting that without a code that does require it nobody is going to bother including it even though they really should.
|
|
|
|
Worked for a res-electrician for about 6 years. We would often strongly suggest that people run cat5e (it was years back now) to many locations for future proofing layouts and connections in the house. Very very few people had interest in the slight added expense of the cable and labor to do as such -- all insisting that they only needed it to / from cable modem area to their aspirational wifi router location.
|
|
|
|
> all insisting that they only needed it to / from cable modem area to their aspirational wifi router location. This is like turning down indoor plumbing and instead putting a nice heated, carpeted breezeway out to an outhouse you rent.
|
|
|
|
No I think they're suggesting that the code doesn't require it so it doesn't get considered or built.
|
|
|
|
Building codes (a long time ago) also didn’t require electrical wiring or plumbing, then we decided they should.
|
|
|
|
A lot of homes are at least partially wired. The "phone line" cable in homes built in the last decade or so is almost certainly cat 5.
|
|
|
|
This sounds like a great idea, until you try to re-terminate that cabling and see how much abuse the electrician put the drop through. I’ve seen 6-8” of sheathing removed and all the remaining pairs untwisted wrapped back around (or just snipped entirely).
|
|
|
|
In my pre-divorce house, it turned out that the flippers who had done the renovations on it did things like put phone and coax jacks in every room that were not connected to anything.¹ Well, there were wires in the wall, but they just went deeper into the wall. In my current apartment, I put in about 50' of Cat6 since the 1920s construction walls kept the wifi signal from reaching from the living room where the fiber drop was to my office off the back of the kitchen. When I buy a house again, one of the first things I’ll do is run ethernet through the whole place. 1. The other irritating thing was discovering that the light switches were attached only to the faceplate which in turn was attached only to the drywall.
|
|
|
|
>When I buy a house again, one of the first things I’ll do is run ethernet through the whole place. Good call. Although, I just had it done recently and I was pleasantly surprised at how noninvasive it was (the electricians worked really hard, so that's part of it). We moved things out of the way for where we wanted the jacks installed and they ran the cables through the wall with a minimal amount of holes. Definitely would have been even easier if we didn't have anything in the house at all, but there was way less ceremony on my part than I was expecting.
|
|
|
|
|
Sparkies love yanking really hard on data cable. Dunno why.
|
|
|
|
You can remove the “data” qualifier — they yank hard on any and all cable.
|
|
|
|
|
|
The problem is that wiring standards change. Ideally, you put conduits in the wall then upgrading cables is easier.
|
|
|
|
> We need to start wiring houses for this stuff. We already have. Powerline is a thing, and for smart home stuff you don't need high bandwidth.
|
|
|
|
I don't understand why powered IoT devices (lightbulbs, switches etc) don't use powerline for network access.
|
|
|
|
|
Would this be vulnerable to an adversary plugging a device into your exterior electrical outlets?
|
|
|
|
No. Powerline ethernet was pretty obviously going to have security issues along these lines from the go considering the lack of clear boundaries inherent in sending data over wires connecting to a public grid and included cryptography from the go. I know Homeplug devices have been on AES since the mid-2000s using either passwords or push button config and G.hn had something similar going on.
|
|
|
|
Back in the noughties plugging in a TV was enough to break some powerline ethernet.
|
|
|
|
To elaborate, the power conditioning circuits in flat screen (often plasma) TVs would interfere with the non-60hz signaling of the powerline ethernet. That's certainly not the same as breaking into the network, but it may have been enough to knock devices offline.
|
|
|
|
FCC fines for jamming the spectrum are...nontrivial
|
|
|
|
I can assure you they don't give a shit. The FCC has been completely asleep at the wheel for a decade. Yeah if you rig up a 1kw tube amp and start splattering a big chunk of the FM boardcast band, jam their cash cow mobile networks or run around with a GPS jammer near an airport you'll get a near immediate PP slap but beyond that they'll maybe send a car eventually. They don't have the ability to detect and locate this stuff in real time and, IMO, probably shouldn't for privacy reasons.
|
|
|
|
I can assure you they will give a shit if you make enough, ahem, noise that people start complaining. Not that it's not fun to mess around though. Think about those little stickers that says your device must accept all blah blah. You just have to be able to talk to them so they can.
|
|
|
|
For ISM, yeah the FCC don't give a shit. Marriott was jamming for years, until they were forced to stop. Keyword: years. If someone is making temporary jamming attacks (even on GPS or cell), unless you do it at your house or stationary, you ain't getting caught. I know 'a friend at the hackerspace' who did a .25w GPS spoof to make the city look like it was in Moscow, Russia. Nobody responded.
|
|
|
|
Specifically, Marriott was deauthing rather than just plain jamming.
|
|
|
|
Deauthing is an application-soecific jamming. There's lots of types of jamming, not just white noise static.
|
|
|
|
Rest assured they do. If you look up FCC violations in urban areas you can find out that they are quite adept at triangulating violators. "A first offense is a misdemeanor punishable by up to a $10,000 fine and/or up to a year in jail. Subsequent offenses are felonies punishable by up to 2 years in prison. In practice, this might result in only a civil action by the FCC. But it is forbidden by Congress and can be punished by imprisonment."
https://law.stackexchange.com/questions/94617/is-deliberate-....
|
|
|
|
Not sure why everyone is linking me articles on the CFRs, long abandoned listening posts too far from anything to matter at all, and the few one off cases where someone did something dumb enough, long enough, that it got the FCCs attention, which is newsworthy because they usually don't pay any attention. You can fuck with RF as much as you want, as long as you A: don't do it constantly, B: don't do it in the same location every time (at home), and C: don't do it in a band belonging to someone who has their FCC field office's number on a post-it note and has paid the FCC lots of money.
|
|
|
|
|
Criminals committing felonies usually don't really worry about FCC fines.
|
|
|
|
I think it can be done by sending de-authenticates. No signal jamming required.
|
|
|
|
FCC rules forbid hostile use of the frequencies, that’s also what forbids jamming. Everyone is supposed to get along and play nicely, and jamming is the definition of not doing that. Intentionally sending disconnects/de-authentications too, if the intent is denying lawful use for someone.
|
|
|
|
The FCC uses the word “blocking” and institutes the same fine.
|
|
|
|
If you’re caught jamming spectrum to disable security cameras to invade someone’s home and steal property, you’re going to get more than fines. Kicking in doors is also illegal.
|
|
|
|
The amount of Uber and Lyft drivers that have told me how cellular reception near sports stadiums are atrocious tells me that these FCC fines are not deterring those with sufficiently deep pockets.
|
|
|
|
But that's clearly just because of 10s or 100s of thousands of mobile devices in the area, why would they care about that?
|
|
|
|
Even when there are no events in those stadiums? It might be the word of these drivers against the stadium owners/operators, but I am still willing to entertain these accounts enough to see people perform preliminary investigations. I would like to see signal strength maps across different times of the day and week for each of the major cellular providers in an around these venues and compare them to comparable maps for busy downtown areas. I assume some of this data is already collected by each individual cellular service provider for their own network in order to access performance and areas of future investment.
|
|
|
|
Different root cause - stadiums concentrate an absurd amount of people in a very small space, and people aren't going to a stadium to watch sports, they are there to make selfies, videos, even livestreams for Instagram, Snapchat or Tiktok so they need a lot of bandwidth. Ideally, the operators of such venues would go and place an appropriate amount of picocells inside the stadium, but these cost a ton of money to install and they are only used maybe once a week for two hours, so there is no financial incentive for the providers (particularly if the general public has gotten so accustomed with a baseline of enshittification that they don't even protest any more). For example, take the Munich Oktoberfest. The Theresienwiese is 42ha large and fits about 600.000 people without tents or ~200.000 in the full Oktoberfest buildout - and each year, every provider literally spins up hundreds of cells of all sizes, to accomodate the up to 20, 30 terabytes of data each day that all these people create [1]. But since that is two weeks of full load, it's worth the effort in the end financially. [1] https://www.golem.de/news/netzabdeckung-mobilfunk-beim-oktob...
|
|
|
|
AT&T has microcells in a box that you can get them to install for you large events and then return at the end of the event. You can even set who is allowed to connect so you can demonstrate your cell device works at a trade show while not having to deal with other cell phones. I don't know why they don't bring them to sporting events and then take them out at the end. Probably labor.
|
|
|
|
When I worked for Cingular Wireless pre-AT&T, we had everything from femtocells (the last 2 stalls in the bathroom don't have service) to full cell sites with their own power source on 18 wheelers they'd roll up for big events, and a dedicated team of engineers and techs to support it. It was a huge help, but at the end of the day bandwidth is still finite no matter how many cells you stick in and around the stadium.
|
|
|
|
I'm curious, what did the uplink look like for those 18 wheelers?
|
|
|
|
People don’t do it because it’s a quick way to land in hot water with the FCC. You don’t want federal crimes because you jammed someone’s wifi
|
|
|
|
Jamming 2.4 GHz spectrum is unlikely to ever warrant an FCC response. Virtually every microwave I've tested is an excellent jammer for 2.4 GHz. It even has a user interface for how long like you'd like to jam communications! I'm legally allowed to "jam" your WiFi so long as I am using the spectrum for communications because I am licensed user unlike the majority of 2.4 GHz users. Even if you file an FCC complaint they aren't going to do anything. Now if you move up to 5+ GHz range it really depends. If you start jamming the DFS bands it'll eventually get noticed.
|
|
|
|
Hell, one of my customers had one of the best 2.4GHz jammers I'd ever seen at their house. It was one of those portable handsets for hardwired phones that were still common in the 2000s before everyone started ditching land lines. They had lots of complaints about the quality of wireless they had in their house. I dropped in more access points even after everything worked perfectly when I was there. Then they got a call when I was there and everything stopped working. This was before 5GHz was really common, but B/G/N would just stop functioning.
|
|
|
|
Last apartment I lived in (long ago), I switched pretty much everything WiFi to 5GHz (11a...not the fancy stuff we got now) when one of the neighbors bought an off brand Chinese baby monitoring system that clearly wasn't playing by the 2.4GHz rules and shit all over the spectrum. I probably could have gone the FCC route, but it wasn't them it was the guy with the dodgy microwave or whomever moved in next and 5GHz solved the problem.
|
|
|
|
I wasn't aware you could be licensed for 2.4 GHz broadcasts. What's the process on that, and what does it allow you to do? (Besides jamming others I guess)
|
|
|
|
They're probably talking about having an amateur radio license. You just need to pay $35 and take a test, nothing else is required. The test question bank is open so you can pretty trivially memorize enough of it to pass, though given that the tech license is mostly regulatory, that's equivalent to studying. http://www.arrl.org/getting-licensed If you do that though, you get a bunch of bands from DC to light where you can argue with old people about gout and the government.
|
|
|
|
As others have mentioned I have an amateur radio license. About 50 MHz of our allocation overlaps with the 2.4 GHz band used for WiFi. I think there is some overlap with the 5.x GHz bands as well. You can also petition the FCC for an experimental license provided you have a valid reason. It isn't uncommon to see experimental licenses with allocations like 2 MHz - 60 GHz provided no transmission is 24/7 or unattended.
|
|
|
|
Unless it's a very old microwave it should not be leaking RF into the surroundings because that RF is energy targeted at warming up food and liquids.
|
|
|
|
I bought my microwave in 2014. It was top of the line. I warm up a cup of water and I can watch every 2.4 GHz device drop off from my AP for that time period.
|
|
|
|
You have a defective microwave, you may want to get that checked out.
|
|
|
|
that RF is energy targeted at warming up food and liquids.By pumping microwave energy into the water molecules. At around 2.45GHz[1]. So it doesn't take much drift and crappy shielding to crap all over adjacent spectra. This is extremely well documented and "they should build better microwaves" hasn't reached give-a-shit level for most of the world. [1] https://iopscience.iop.org/article/10.1088/0031-9120/39/1/00...
|
|
|
|
How is the FCC going to know I jammed my neighbors wifi? This is a serious question, you can practically run any red light you want where I live without any repercussions. Is there an FCC overlord watching these signals?
|
|
|
|
|
Those are all either offline or too far from anyone to be able to detect, let alone triangulate, a wifi jammer.
|
|
|
|
|
That guy was not jamming WiFi Also he ran the jammer every day along a very specific route. It's like robbing the same liquor store 3 nights in a row. Eventually even the laziest cop just waits around back for you to show up.
|
|
|
|
Two ways First way, they get reports from people/companies/band users and will maybe act on them. This assumes it's in a band they care about, people report stuff in the ham bands all the time but they nearly universally ignore those. Second way, you interfere with something safety critical, such as an airport, where they may have installed equipment to monitor RF in particular bands. TL;DR: unless your neighbor is an RF professional and can determine that they are being interfered with instead of "huh, the wifis no workie...shrug", they just won't do anything.
|
|
|
|
Huh? Breaking into someone’s house is already a felony pretty much everywhere. I think it’s more likely just a bit harder to find a known good RF jammer than a rock. And a rock was usually fine. Or used to be, anyway.
|
|
|
|
Facebook tries to sell me RF jammers pretty much nonstop. Aliexpress sellers will happilly mail you whatever RF jammer you want.
|
|
|
|
> but most can also be smart jammed by various methods: spamming disconnect packets At the very least for this particular case, WPA3 mandates Protected Management Frames (PMF) to prevent de-auth attacks on Wi-Fi networks.
|
|
|
|
It’ll be called 802.11w deeper in the options. Be sure to test your gear during configuration.
|
|
|
|
I have a devious idea: A device that looks like solar-powered garden lights, but it has a wifi jammer built inside, and you plant them outside businesses such as banks, in the perimeter of their buildings (banks usually have large setbacks and include huge planter boxes (as bollards - see fed reserve SF that had to remodel the planter boxes because OWS folks were camping in them) to keep vehicles from ramming through doors But "jamming-bombs" might be really interesting. Is it illegal to spam noise on any frequency? Whats required? the SSID youre attempting to jam? If so, just scan for networks and pick one... then spam it with auth requests with a rotating table of MAC addresses/IMEIs etc...
|
|
|
|
That energy is better spent creating a passive 4G IMSI catcher. 5G will probably have countermeasures against this. Your market would be surveillance systems which would pair IMEI identification with video or events like jamming.
|
|
|
|
I can't speak for all banks, but while our branches have Wifi (sure...you need to carry around an iPad...fine) the customer critical systems are wired for this reason. There's also WiFi monitors and 'wireless IDS' systems and pretty smart techs that know to look for stuff like that (because your devious idea is not remotely new to us). And if we think someone is pulling a stunt like that, we can call the FCC direct, and when we do, they do care, and they bring pretty impressive tech when they show up. Sometimes, as I understand it, with the FBI in tow.
|
|
|
|
rogue ap detection has been around for a long time. you make the jammer hop between all the plants randomly. (its just a stupid video game mechanic and fun to think of RF/IR grenades. (have micro RF 'jammers' that are the size of peas (they just emit enough RF noise to the local APs - - and throw a handfull in an area so RSSI RTLS is moot for the main jammers.... (more of a comic cyber - Ronin type comic that happens in a retro future Tokyo) https://i.imgur.com/jBc4jtv.jpg
|
|
|
|
Sorry. I thought you were talking about something more nuanced than being a low-grade dick. Sure, you can probably drive the secops guys nuts for a while, and definitely piss off the customer service folks, which pisses of customers. But no one is going not be able to deposit their check or get some $$$ out of the ATM machine.
|
|
|
|
Kinda judgemental... I used bank as a blanket example, OWS DNA... or take out a Blackrock office... I was just saying that cyber crime/terrorism/activism are all going to use the same tools against the same folks sooner than you can drop a packet.
|
|
|
|
are all going to use the same tools against the same folksYou mean just like it has been forever? Gosh, I guess we need to figure out that thing we've known about for decades. Thank gawd someone omn the internet clued us in. And the idea Blackrock somehow doesn't have better opsec than we do. They have and order of magnitude more money than us, and far more reputational risk! Bless your heart.
|
|
|
|
You're wonderful at speculative 'what if' conversation. And banks and blackrock seem to trigger you for some reason. Oligarchy Sycophant much? But seriously, yes I am sure Blackrock DOES have great opsec... but that doesnt preclude them from being a desirous target. we need more OWS, and less smart-ass flippant comments, such as yours, as well as things I have said in the past (Ill own I get flippant and emotionally irrationally at times - but seriously - private equity doesnt need a hair-cut, it should be scalped.
|
|
|
|
Some car brands sell vehicles that open with a button push on the door, if the key is just nearby. Standard kit now is you get an RF extender that bridges the distance from a key inside someone’s house to the car; then the car just lets you open it and drive it away. Much faster and simpler than the old slim Jim ways!
|
|
|
|
And the fix for this is for the keys to go to sleep when not being moved for x minutes. I can put my keys next to my car and walk away. After x minutes I cannot open my car anymore unless I wiggle the keys. Example: https://www.youtube.com/watch?v=hRhYFXVo6To
|
|
|
|
No, the fix for an attack that extends the readable distance via a relay is to use timing information in the authentication process between the key and the car. Car: "please respond to challenge blah"
Key: ENC(car-public-key, SIGN(blah))
Car: "too slow" Physics itself limits how quickly you can do a round-trip to a device that's a certain distance away. If the timeout for the operation is set near enough to those physical limits, a relay attack won't work.
|
|
|
|
the latency auth trick requires very fast timings, to distinguish between 5 ft and 25 ft... 20 feet difference is like 20 ns. (the attacker's parts don't need to be high delay themselves, could be a pair of gain antennas and amplifiers.)
|
|
|
|
You could of course use a phase difference instead of trying to measure sub nanosecond timings, but honestly it sounds like a nightmare to get right. Distance travelled by light will probably turn out to have very little in common with how we think it ought to work.
|
|
|
|
Seems easy to defeat. I shake your car to make the alarm go off, hide, wait for you to pick up your keys to disable the alarm when you see no one there, use RF extender while your keys are active to unlock and steal the car.
|
|
|
|
Even with that, this is a feature I'd be turning off. If your $75-125k car is vulnerable for 5 minutes per day at a predictable time and location, that's plenty of information for would be thieves. Keyless entry + keyless start means your vehicle could be gone before you've even got your shoes off after you get home.
|
|
|
|
There will be pushback because people leave their keys in the car. Hell, I probably know a dozen people who've told me "oh, I just leave the car keys in there". This is the kind of customer friction the car companies hate, so they likely won't do it, no matter if it's the 'right' answer.
|
|
|
|
Damn that is clever, and something I hadn’t even thought of before. Plenty of people get home and throw their keys by the door, this would absolutely work with a range extender. Does anyone know why keyless became the norm? Cheaper to manufacture than physical keys with electronic security features?
|
|
|
|
Most "keyless" cars still have a physical key that you can flip out from inside the fob for dead battery emergencies, so there's no cost reduction. It's just customer preference. I know I'd never want to give up keyless entry and push start, it's just so handy to leave the keys in my pocket.
|
|
|
|
My understanding is this is rapidly being replaced by NFC phone tapping, at least that's what Hyundai is swapping to. Annoying though, I've really enjoyed not having to dig through pockets to open the car :(
|
|
|
|
Damn, that sounds so much worse. My Tacoma already has keyless for me to worry about, but at least that doesn’t require an internet connection. I know that NFC itself does not require an internet connection, but the whole point of requiring a smartphone at all here is to have an app that millions of people MUST install, to collect data to sell. I won’t at all be surprised when they arbitrarily lock NFC keyless behind a required internet connection. I’m tired boss.
|
|
|
|
You don’t need an extra app to install a car key in your wallet (if on iPhone). Well, for BMW this is the case, I think Tesla uses a separate UWB solution that is app heavy (but your phone is more like fob and NFC tap isn’t necessary).
|
|
|
|
I'd compromise with hands-free door unlocking, but some harder method to start the engine.
|
|
|
|
That only works for some cars, newer fobs (> 2015) turn off after not moving for a while to make these attacks less reliable. You can get a faraday cage box if you have older fobs.
|
|
|
|
Standard kit is a $15 RFID blocker box from Amazon, to keep near front door and put car keys in.
|
|
|
|
|
The key needs to be continuously present for the car to continue running. Unless I’m missing something in your story?
|
|
|
|
I don't think any car keyless ignition requires the key to be present to continue running. You don't want a car to shut off on the highway if someone drops the key behind a metal object or the battery dies. If you start a car, and then take the key out of the vehicle, you will get a message like this: https://i.ytimg.com/vi/Jo6gzVfAElc/maxresdefault.jpg You will be able to drive the vehicle until it is put into park or shut off, and you won't be able to drive it again until the key is present again. This has stranded some people who have done the following: * start the car * get out for some reason * leave the key by accident * get back in the car and drive away * park at their destination * they are now stranded without a key
|
|
|
|
My car beeps whenever the key is not detected in the cabin while the vehicle is running. It would be very hard to leave the key behind by accident.
|
|
|
|
My experience is the same. I suspect one would have to really not pay attention to manage to do this. e.g: stereo up, car already dinging for other reasons, absent minded driver, etc.
|
|
|
|
Even more surprising: fobs that don't work if the key is in the ignition. My 1996 Mustang had a bad battery, so it would barely start. I took the remote fob off the key ring and left the car running, but locked it (using the physical door-lock button). When I came back later, the fob would not open the door. WTF? Had to have another key brought from home. Another good one: If you open the back door of a Mini Clubman (or the regular Cooper, most likely) and then accidentally drop your fob into the car and close the rear doors or hatch... the car will re-lock itself and you're fucked. This is great when it's a hot day and you just put a dog in the car, which is in the sun. Now you get to break a window. Yay German engineering.
|
|
|
|
What model vehicle stalls if it can't find the key? That seems like a severe safety problem - you mean it would brake if the battery dies on the key dongle? At least in the two Hyundai's I've owned with this type of system - an Ioniq hybrid and a Kona EV - it drives just fine once started even if you chuck the key out the window.
|
|
|
|
The car turning off is not at all the same as braking. It actually seems LESS safe to me to allow the car to move far beyond the key, because leaving the key behind (Thus stranding yourself) is more likely to occur than the battery dying.
|
|
|
|
I have a push-button car made by Hyundai and one made by Nissan. Both can be turned on with the fob inside the vehicle. You can then leave the key behind and drive away. The dashboard will immediately warn you that a key is not present (audio and visual icons), but both cars will not do anything to immobilize the car after the key has been left.
|
|
|
|
My first experience with owning a car that had the wireless key surprised me. I had a Toyota Tacoma that needed to be moved. Someone more freely available jumped in and was able to start it because I was fairly close. They drove around the block well out of range and it never stopped running. This was surprising to me. In a previous car, I had a remote start that would specifically kill the engine if you pressed the brake without the key in the right position. So the stopping the engine was something that I just assumed would happen as well. Unless there's a concern about just having the engine stop while actively being driven???
|
|
|
|
> Unless there's a concern about just having the engine stop while actively being driven??? The majority of cars depend on the engine to provide power assist on the brakes and steering. Without power assist the physical effort required to stop and steer goes up significantly. Suddenly having the control dynamics of a multi-ton chunk of metal change dramatically while at speed isn't something most people are capable of responding to correctly. Having the engine stop in the middle of a busy intersection is another way to have a bad time. > I had a remote start that would specifically kill the engine if you pressed the brake without the key in the right position. Being able to start the car remotely and being able to put the car in gear and drive without the key in the ignition are independent features.
|
|
|
|
AFAIK my '07 Mazda can drive away without the wireless key. It beeps to warn you when the key is getting out of range.
|
|
|
|
Sadly no. I've driven to a place with my wife, and then she drove off, with me having the keys in my pocket. It'll keep running. Can you imagine if it stops detecting the keys because the coin-battery is dead and the car all of the sudden stalls? Only when you stop the car and then try to start it you'll notice.
|
|
|
|
Not true for any car I’ve ever seen. once it’s started and in drive the key isn’t needed.
|
|
|
|
Mine works this way, you get a warning that it’s going to shutdown in a few min without the key.
|
|
|
|
Signal from the key just needed to start, not a keep-alive. Might depend on make/model. Chances are good an automaker doesn't want to shut off a car at speed just because the key misses a keep-alive ping. The device is actually two sets of equipment. When the unsuspecting victim parks and locks the car, a thief standing not far away holds the first device, which is used to pick up and amplify the electronic signal as it is sent between the car and the key fob. That signal is relayed to a second device, which tricks the car into thinking that the key fob is near the car. That disarms the security system, unlocks the door and authenticates the engine to start. https://www.latimes.com/business/la-fi-hy-mystery-car-steali...
|
|
|
