Yea, that part is insane. At this point it is safe to say that any non open source device that has access to you home network and the Internet can function as a backdoor. Not to be a conspiracy theorist, but I guarantee the CIA has a list of common devices with this feature that they can use to get local access in most houses.
Up until very recently all products wanting to use Bluetooth LE required the location permission because BLE beacons and similar can and we're used for location triangulation. It was a marketed feature of beacons that they could track your position down to the aisle in a store and potentially advertise to you if you walked past specific stores. There's finally a separate permission for it but it can still be used to determine your location.
Really really light shades. Destroying a country's ability to produce weapons grade nuclear fuel vs potentially burning down a hacker's/tinkerer's house; I don't think these are any where near the same level
It's very similar. It's a nation state using exploits to target individuals. It doesn't really matter why they're doing it, they're promulgating an unsafe environment, simply to create convenience for intelligence agencies.
As if they're at a lack of options when it comes to addressing problems on the world stage like this. Stuxnet was both an exceptionally morally lazy and destructive act.
As an American citizen, I genuinely wish my government did NOT do that.
Stuxnet was written to target a very specific bit of equipment for a nefarious purpose. This is just lazy development with no security or as a total after thought or worse deliberate weakening. This is just the state of software development/management we live in now. I really feel one of us have misreading of the situation.
> Stuxnet was written to target a very specific bit of equipment for a nefarious purpose
Except it didn't do that. It was found in dozens of networks in multiple countries. The vulnerabilities were discovered by other actors and used for other purposes.
The amount of collateral damage done here was far greater than the value of the initial operation. Importantly there were multiple different ways to achieve this particular outcome none of which required us to abuse vulnerabilities or release dangerous software to exploit them.
> This is just the state of software development/management we live in now.
Yes, and I think it's morally backwards, and I regret it.
> I really feel one of us have misreading of the situation.
I simply refuse to accept the intelligence agency marketing view of this action. It was incorrect. There were other less morally conflicted ways to solve this "problem."
Citation needed. Even at 100% duty cycle the heated bed tops out at a stable, safe temperature. I know because I’ve struggled to keep it hot enough for certain materials.
Maybe you could argue that the hot end could be set to melt down, ignoring the built-in safety mechanisms, but thats a stretch for doing much more than breaking the printer due to the way it’s designed.
Regardless, if all of this still scares someone they can run it in local-only mode without internet access.
But if you have to go out of your way to create a fire hazard, that's a different situation than the Chinese government having the ability to remotely cause fires in homes in towns across America.
They need it. Because of design choices by everyone involved, it's all gathered under the name "location Services", and they are necessary to get the product to work. I'm not sure if it's a bad name or not. Your phone's bluetooth and wifi can be used to locate where you are, so the backwards framing is that it's location services, which isn't a lie, but it's misleading. Because the operating system manufacturers are trying to simplify things for us, it's "location services", not GPS, wifi, bluetooth. An app with location services enabled could take your gps coordinates and beam them home to a foreign government, and it's entirely possible they do, but because of how manufacturers have decided to name things so as to not confuse consumers, apps need "location services" to use bluetooth/change wifi.
I wouldn’t consider that a conspiracy theory, I would consider it common sense that an intelligence agency has a list of common potential sources of intelligence.
In fact it would be extremely surprising if they didn’t have that list.
Why are you assuming that only non open source devices are vulnerable? We've seen enough open source vulnerabilities in broad daylight to know that open source does not mean secure.
I don't have it backwards. That is what I said. They are assuming non open source is backdoored. That does not mean open source is not also backdoored.
I don't think you can say it tends to get fixed because you don't know the ratio between the number of vulnerabilities and the ones that get fixed. Closed source can also be audited. Auditing code for companies is an entire business model.
