Cyber security as applied to updatable detectors

Folks,
I am writing this because I think it is time to focus more on this.
Currently to my knowledge we have Xp Deus, Nokta Impact and maybe the Minelab CTX3030, all these detectors updatable.

Will there be more in the future?
I think so.

Now what I'm going to say here, is not imply something will happen, but rather could happen.

I value the detecting community as well as their equipment.

I don't want to see anyone's equipment damaged or at the very least need to be returned to a repair facility for correction.

So what am talking about here exactly?

If we assume the different manufacturer's currently and those in the future who make internet updatable metal detectors, can securely manage their sites for downloads.

Where are the other possible weak links for hacking by the evil, pranksters, etc?

Some examples here to show a vulnerability.

When a detector gets a new version update.
Ever notice the update can have a link put in say a sticky on a forum.
Now this link likely is posted by a supposed trusted source.
Could an imposter posing as this trusted source change the data so the data is corrupt hence cause damage or problems?
How often is the linked data check for authencity?
Could even a hacker knowing a new release was near, could they go into a metal detecting forum and pose as this " normal person" who post update info and post corrupt file?

Even a person like myself could post a link with a version update.
It could be correct when I post, yet be altered later, with my unknowing.

I think we should all strongly consider from this point forward, to never post a link period involving an actual update to a detector.
And we as individuals should always go to the manufacturer's site to get needed download files when updating our updatable detectors.
And new updates, anyone who wants to point out or remind folks of new updates, refer them to manufacturer's site.
Post no link period.

Certain folks on certain forums could be targeted too, by hackers by the role or position they play/have on a particular forum.

Now, all this here I've said is not to imply Wild Wally or the forum's host here Mr Dankowski are not doing their best here to protect this forum from hackers.

I welcome all comments on this matter.

If this post here, is deemed improper (out of bounds) by the forum management, by all means delete.

IoT is one of the weakest threat vectors in cyber-security.

Well there are only two possible outcomes to this type of cyber attack:

1. your pc gets compromised.

2. your machine gets compromised.

To avoid #1, you need good virus protection AND need to be net savvy. That's on the user.

i would only update at the vendor's web site.

However, if your machine gets hacked, I'm sure that is a much easy situation to rectify.

You can go to the vendor's web to download the correct update.

Hacking a detector sounds like a lot of work to get nothing in return. Just sayin'. I think I'll make a tiny foil hat for mine.



Edited 1 time(s). Last edit at 08/03/2017 03:13PM by Tom Slick.

One problem that i could see from cyber security with detector/pc downloads etc is on machines like the CTX3030 which have a GPS system installed,i am am not totally familiaron how this works or even if i can provide details to for potential criminal activity or gleaning information of location/s of say finds or owners property location.

That at the moment is all that i can think of what could be a loophole in detecting data,anything that gives personal location away must be seen as a potential threat of a possible high value hoard location or gold producing area as well.

Tom Slick Wrote:
-------------------------------------------------------
> Hacking a detector sounds like a lot of work to ge
> t nothing in return. Just sayin'. I think I'll mak
> e a tiny foil hat for mine.

Unfortunately, there are individuals in this world who simply like to cause harm to others. Here's hoping you never experience one of them.

Great topic Sod-buster!!

You would need a Source code I'm sure to change the parameters and I doubt someone with enough sense to hack source codes and have the equipment to do it and know how would be hacking a simple metal detector....

manufacturers may want to hack it for reverse engineering.

they are usually EXE files ..

I highly doubt even if you could get inside the file with out knowing the language that was used in the first place it would accomplish much...

Keith

“I don't care that they stole my idea . . I care that they don't have any of their own”
-Nikola Tesla