Spoofing to bypass commlinks? Options

[calypso]

So, I'm working on some generic system setups. You know... daisy-chained, master-slave setup, others I'm sure.

The most common, and the one advocated by the book, is the master-slave setup. The commlink is the master, and all of your other devices (cyberware, cameras, etc) are subscribed to it.

This has benefits: The (probably) better security of the commlink must be breached before a hacker can access your other devices, since your other devices will only talk to your commlink.

However, is it possible, using the Spoof Command option, to interface directly with someone's stuff by pretending to be their commlink?

Calypso

[Darkness]

This is discussed here:
http://forums.dumpshock.com/index.php?showtopic=11835

[calypso]

Thanks. That more or less confirmed what I thought, with the possible exception of: Sniffer. I was assuming it would go:

Device A will only talk to Device B, and vice versa.
Make a Spoof test against Device A so that it thinks I'm Device B, and do as I please.

However, I may have to include the following step (which was mentioned in that thread).

Make a Sniffer test to intercept and analyze their communications.

Calypso

[mdynna]

I have been making my players make a successful Trace operation as well as the Intercept test as the rules specifically state that a successful Trace gets you the Commlink ID. Don't forget having to Decrypt the signals if they're Encrypted.

[Darkness]

[TinkerGnome]

There is nothing in the rules that lets you use spoof to get in the way of any subscriber link except for drones and agents.

Just thought I'd point that out.

If I were to allow it as a GM, I'd only allow the hacker to issue commands to the device and not really hack it. Anything you do with two way communication involved is going to tip off the real commlink that something is up.

[calypso]

To say that a drone is different than any other Node is silly.

Anything that is communicating with something else is subject to a "man in the middle" attack. While it's true that spoofing commands to something isn't the same as having compromised it, it very easily can be.

1) If the thing with which it thinks it's communicating has account creation priveledges, then you can spoof the command.

2) Really, the only way such an attack, in this case, can be detected is if you say to Device A "Okay device, give me admin priveledges." Device A broadcasts "Okay!" Which both you AND Device B receive. Device B kinda goes "... huh? I didn't ask for that. ALERT!"

Calypso

[TinkerGnome]

[calypso]

If you want to do a strict reading of the rules, Agents don't have a Pilot rating.

[TinkerGnome]

[calypso]

Ah, right you are. I also think I now understand the argument for not allowing Spoofing. It only allows spoofing on things that are autonomous.

I believe I found what I wanted. Page 224:

[Backgammon]

Not saying the point is moot, but a smart setup will be using a skinlink between slave nodes and his commlink. That means the slaves aren't wifi enabled, making them immune to wireless hacking. You'd HAVE to go through the commlink to get to them.

[calypso]

Indeed. And I also expect that high security networks will still be wired, with no connection to the Matrix.

But I suspect that the majority of people are too oblivious to how it all works to have a secure setup. Just like in real life.

Calypso

[Rotbart van Dain...]

[hobgoblin]

hmm, i wonder if MASER is still in fashion...