Cool your jets bud, all good, I've been in IT for 25 years too and like to debate nerdy things, that's how you learn, right? I'm a little closer to the command line than you however...❤

I mean… another assumption lmao; I cut my teeth on bash, cmd, ios, PS and whatever is next down the pipeline, and like to pride myself on being able to work in the trenches (where it’s fun!) at anytime.

But ya, let’s cool down - cheers

Nobody is going to hack a pinball machine. There's no point to it. People can't even hack into games that are in their possession, let alone through the internet. There has to be some sort of money aspect before it would be a possibility, and there isn't. Our hobby just isn't that important. Everyone else is off doing hacks for the 1000's of video games out there. The most that would happen would be something on Stern's server end, but it wouldn't be on an individual machine level.

Just think of it this way, Stern's had code to download on their website for 10+ years. At any time, someone could have hacked in and uploaded a bad update for a game. Never happened...because nobody cares. We can't even get complete code a lot of the time, let alone make the machine do something else weird, lol...the games own programmers don't want to work on it anymore, why would a bunch of hackers?

Reason enters the chat

Thinking like a hacker for a moment, I check my scanner logs from last week and see what I found. My process is automated, probing for whatever vulnerability I think sounds promising this week. If I found something with a fair amount of computing power I might install a miner on it or add it to my botnet for future mischief. I might note that this location is a bar and unlikely to have an IT staff so I explore a little and see if I can compromise the PoS system and skim some credit card information.

Criminals that go after big companies don't totally ignore the tiny companies. They get access and sell it to smaller criminal operations. It's mind boggling how hard some criminals will work to avoid legitimate work.

What is going on in this thread?! How hard are you guys hitting the devils lettuce to be this paranoid about a pin being online.

I'm a self employed consultant to large corporates like banks and big retailers. I approach most of my solutions with security in mind, and also have an IT security background and rely on smart peeps to contribute to my solution. Dealing with some iot devices that measure temperature in stores fridges atm. Parnaoid, yes

.

For it to be called a fee it usually has to be associated to a cost.

Ok, i´ll stir the pot.
Games like beatles and JP are frequently hacked.
Now stern want to hack all your games.

What if someone hacks stern?

I find it interesting that people say things like "why would anyone..."

Have you not lived in this world? People do stuff JUST to say they did.

Or to just be malicious and see if they can do it.

And perpetuate this false ideal that the "LE is all inclusive"? Why? They don't do this today and pinside still loses their %#$ when Stern has accessories the LE doesn't include.. because again of this self-created false concept of what the LE is.

The audience for the LE are your whales... why give away the cow?

They aren't taking sales from anyone at this point - the functionality is simply part of the platform for Godzilla sales and people aren't paying for that functionality nor is the product they are buying now reliant on insider connect.

When there is a direct connect to payment processors there will be. Like they used to do (still do?) at the gas pumps.

That argument is just about 'advertising' aka how much attention your product will get from the potential pool of applicants. This is the equivalent of advocating for "security through obscurity". It doesn't take getting a 100 different actors interested in your product for something to happen.

No one is talking about financial exposure for home users or something... just debunking the dated ignorant view that "we are only a client, hence safe" security assessment.

People can start hacking the platform to exploit it for fake gains, etc.. not just trying to do explicit harm to the game or it's owner.

Some dudes on the Internet just agreed simultaneously stop arguing. I can't even believe it.

But I absolutely believe stern would charge for a code update through this system. The time is coming.

I wasn't very clear but I meant to further increase the cost of the LE up front so the whales just pay in advance. I did not intend to suggest including it for free. The whales can basically front the money to develop the new modes. I do think stating the LE comes with "free" upgrades for life would add to its demand. You are correct though they don't really need anything more the LE hype train is bombing down the tracks already.

We could go back and forth but let's just simplify the equation. Even if hacking is a concern you don't just not do things because of that potential. It'd be like not buying a house because you are afraid it may get broken into. I have to assume people are responding to this very thread with a computer of some sort, be it a phone, laptop or desktop, and each of those will be far more susceptible to hacking for some sample reasons that:

1) They are on far more often than a home owned Pinball machine would be hence more often accessible.
2) Personal computers are user maintained and hence often not up to date with latest security measures.
3) There are far more of them out there with lots of tasty potential hacker use.

...and yet here we are in a thread of people fearing a Pinball machine being hacked while not caring about their personal computing devices suffering the same fate. Yes, technically anything connected can be hacked but if people aren't seemingly concerned about their personal computing devices then why are Pinball machines such a concern? Realistically the only two hacking use cases of a Pinball machine would be to brick it just to be malicious in which case you likely just reimage the sd card and you're back in business, or they install a bot of some kind like what often happens with servers (and personal laptops) in which case you'd likely hear the power supply fan always running at full tilt even when the game is not being played giving a clue that something is up. The ultimate potential hacking harm is no where near the potential harm of that of our personal computing devices, hence why I don't get all the concern.

Or the TL:DR, if people are so afraid of having their pinball machine hacked, then why are they even on the internet at all?

Why can't all of this be done in an app? Have the game show a QR code that embeds game and software version that you scan with a Stern phone app, and the app transmits your scores and cheevos to Stern? Maybe even have a QR reader on the pin to read your info from your app, and then you scan the game with your phone when you're done? I don't see why the pinball game needs to have Internet connectivity at all if it's going to have to be used with a phone app, unless they want to streamline updates.

Or add DLC of course.

If you're going to the trouble of hacking it to be malicious use new code that burns up the node boards.

You have no idea all the things you have to put up with every day because some scumbags somewhere found a weakness in a system and exploited it. Just because you can't think of a way to be bothersome doesn't mean there isn't a way.

"Sweetie, why did Pizza Hut just come to the door with 50 pizzas ordered by somebody named Stern?"

1416.jpg

download.png

Lol.
You know, they are as many reasons to hack a machine as there are days in your life

So, I'm a hacker... Whose out to take revenge on a business or owner who owns a specific machine.

I hack his machine to take control of the machines' firmware. I lock all coils on in attempt to burn out coils, transistors... In any attempt to catch it on fire
Have more than one machine with this flaw, set them all on fire.

Never assume just because it's low volume manufacturing... That's it won't be hacked.

Stern insider connect is a great idea. A gateway to allow for various levels of subscription services ensuring a continuous revenue stream without additional investment in a hard product. I have built and ultimately sold two rather large service based companies. The best thing about the business model was it is more easily scalable and while you have development costs for software and personal costs for providing the necessary customer service you do NOT have inventory that ages and/or not sell. The insider connect is an evolution of the pinball business. Frankly, a brilliant long term move for Stern.

How or if it works well or at all is yet to be determined, but it is intriguing. People often complain that they don't do code updates or refine the game code much after its final release. Currently the economic incentive to do so is practically zero. People have bought and paid for the machine and it runs, barring an egregious problem impacting functionality, there is little incentive for Stern to keep programmers working on code long term. However, if doing code/game enhancements generates revenue on a consistent basis it makes business/economic sense to invest in that, providing you get a return on that investment. It won't do much for the older pins that don't have insider connect installed, but going forward if they offered optional game enhancements for a nominal fee whether it be one time or a monthly subscription the market may well determine it is worth paying for. It may also improve the longevity and playability of many of the games. Special game modes, functional enhancements, it may well keep people from being able to totally master a game.

Imagine a future where the features a subscription buys are so amazing and revolutionary that not one single pinsider complains.

Edit:
Not that I know much about hacking, but I do know that it's not unheard of for a hacker to compromise a system for reasons other than money. Vandalism, pseudononymous bragging rights, etcetera.

Hackers? No worries.
Stern has a security plan in place.
3DD6EF43-1306-4D72-89F1-60D9470A50CB.gif

You sir are the minority! 98% of the people that will post in this thread are still not understanding why they need to upgrade their flip phone and just came over to this thread from the "why hasn't pinball advanced" thread!

If you computer tech nerds could just STFU so us pinball nerds could continue our rant, that'd be great.
Mmmm thanks!

Imagine a future where you spend multiple thousands of dollars on a fully featured pinball game... and then they offer more on top of that for a monthly or annual fee... I'm fine with that.

What I fear is that instead we pay multiple thousands of dollars for a mediocre / hamstrung pinball game... and you MUST buy pay the monthly or annual fee in order for it to be fully functional.

Based on history and corporate greed I expect the latter... I'd be ecstatic if the former actually happens.

--
Forgot to include car analogy

Expect the new model to be a economy car with manual windows and seats, no radio, and no airconditioning as the fully featured model ... and you have to pay to upgrade from there

When I believe/feel that the fully featured model should be a Cadillac or Lexus luxury sedan (with all the trimmings when you go LE or SE)... and then you can upgrade to a Ferrari or Lamborghini... (or something for the top 3%)

Glad I picked up a Jurassic Park and added custom movie code before the new boards. That'll be sought after.

tumblr_p000k8HKdG1uphxvgo1_500.gif

I am just curious how many games/machines I have to play to get a free hat.

Like most IoT's it will be of use maybe a year or 2 tops, and then relegated to never getting updated and obscurity when they realize it doesn't bring them the money they expected.

It is #1 a reason to charge more, and something else to hype, but in the end, it's just another thing most people won't even bother with. It's not a phone or a tablet.

Unless they are adding new CPUs with new copyprotection hardware... (of which nothing has been said) - This comment makes no sense.

There is nothing to believe that a new build can't run the older software as of yet. The new games have additional boards and adaptors added, nothing suggesting a lack of backwards compatibility (yet)

cheers, makes sense

people are paying for it as all the Godzilla machines went up in price compared to previous to accommodate for the new features

The new insider piece is just a new node board on the chain. Code has to be updated to make use of it but all spike 2 hardware can use the new node board.

That was gonna happen regardless of insider connect. Not really a strong complaint to hang one's hat on.

Stern changes the 'whats in the baseline' frequently - we don't really get to pick and chose what we want to pay for.

You can make the same complaint about coindoors, etc... stuff many will never use, but they are 'paying for'.

Yes, what I said.

The comment being responded to was suggesting new games can't run old code - which would require leveraging new Copyprotection or hardware not previously used. Not something that has been hinted at.

I think it's more interesting to see if Stern actually gets aggressive against modified code right from the start. That will be the big impact for games like Stranger things and JP where there is a really strong preference for the alt-versions.

what makes you say that? there are plenty of people that still hack for lulz. with how toxic the pinball community is becoming i really dont think it is out of the realm of possibility that someone inside the community gets pissed off and does it. but even still someone from outside could do it as well. "i am tired of these loser pinball players crowding up my favorite bar, i will fix them". just takes 1 person. if it is exploitable it will be exploited. simple as that.

Reality? But yes, that could certainly happen. Again, reflash code to SD card. Non-issue.

Ya, I mentioned that, if they obtain access to that part of the system. That would be more of a “I hate you“ attack as there’s no money in it. Not impossible, but also not likely.

JJP fanboys launch ransom ware attack on Stern Pinball MFG, shutting down power grid. News at 11.

And that was exactly why I downvoted your initial response. Glad you figured it out. Potential to brick thousands of pins.. I doubt Stern is up on the latest and greatest security.

I feel like none of you are embedded programmers. If you were, you'd realize that to do something like this even from the embedded side would take a massive amount of work, let alone the first part which is getting into Stern in the first place. This isn't "download some program from the internet and hose your pinball machine", this is months and months of work with logic analyzers, debuggers, etc to even get started. This hacking into a pinball machine remotely and making it do all kinds of bad stuff is nonsense, it's taken 25 years for people to try and fix simple bugs in older games, and we think someone is going to take the time to reprogram an entire machine to do bad things for no financial gain?

Can it be done? I'm sure with enough time and resources, yes, just like everything else that's far out theoretical. But like those other things (like someone hacking all xboxes at the same time, or ps5's, or switches, etc) it's just not going to happen.

Don't have to get into Stern if the machine is connected to the internet.
Run Wireshark if you're on the local network,
Identify pinball machine traffic
Use Shodan every now and then to make a list of machines to scan.
Analyze for vulnerabilities
Maybe the embedded code is inaccessible, maybe it isn't. If remote updates are a feature at least part of the code is accessible. Once it's connected to the internet the time and location limitations of probing for vulnerabilities is far lower.