Main Area and Open Discussion > Living Room
Internet of Things thread (IoT)
wraith808:
Renegade is a Prophet and I think you ought to listen to what he has to say to you!
Samsung smart fridge leaves Gmail logins open to attack
Failures in exploit discovery process are cold comfort for IoT fridge owners
http://www.theregister.co.uk/2015/08/24/smart_fridge_security_fubar
Samsung has contacted us to say that they were looking into the matter: "At Samsung, we understand that our success depends on consumers’ trust in us, and the products and services that we provide. We are investigating into this matter as quickly as possible. Protecting our consumers’ privacy is our top priority, and we work hard every day to safeguard our valued Samsung users.”
--- End quote ---
A bit late for that mea culpa...
IoT security is RUBBISH says IoT vendor collective
Renegade:
Renegade is a Prophet and I think you ought to listen to what he has to say to you!
-wraith808 (August 27, 2015, 10:29 AM)
--- End quote ---
That's some pretty high praise! I'll graciously accept! Thank you! :-*
But this is just the tip of the iceberg. It will get worse.
Somewhat off topicI'm privileged to have some inside information from time to time, and I get to see some of what is coming to the market before most people. So, I'm not really a prophet, but I do pay some attention to what I do every day. ;)
As I work under NDAs, I have to be careful sometimes when I speak. I have to act in the best interests of my clients when I'm paid to do so. Just today I advised a client on an issue in their best interests against my own preferences/ideals (I'm such a whore sometimes :P ).
The IoT specifications do not include any security at all. None. Zero. Nadda. Zip. Zilch.
Security in IoT is classified as "out of scope".
But the abuse there is just the beginning. It will get much worse.
In the future, quite literally - and I do mean LITERALLY - someone or some computer will know whether you took a pee or a poo.
* They'll know when you went to sleep.
* When you woke up.
* When and how long you showered for, or if you took a bath.
* When you left the house.
* When you got home.
And those are just the absolute most basic things. Much more advanced information will be available.
Start thinking about smart fridges and smart garbage pails, and things will get very, very dark very quickly. And that will come. It has already been nebulously outlined. It is coming.
Every now and then people ask me about what I do, and sometimes those conversations go beyond the typical 2 seconds. I invariably tell people to "RUN" when they hear "smart" or "IoT".
At the industrial level, IoT can do wonders (though there are nightmares there). At the consumer level, I see the nightmares far outweighing the benefits.
Just ask yourself if it is worth sending people to prison for taking a shower for too long. That is where it will go. People are too much busy bodies for it not to go there. People love to tell other people how to live their lives.
It ain't gonna end well.
Or people can just call me paranoid.
xtabber:
For the paranoid who worry where the masters of the IOT universe plan to lead us, ars technica's review of Google OnHub should provide plenty of fodder.
Google’s smart home Trojan horse is a $200 leap of faith
Today it's a $200 Wi-Fi router. Tomorrow? We have no idea. (Ok, maybe some idea.)
And remember, after (or maybe before) they take over your home, they plan to take over your car.
Renegade:
Pen Test Partners have a nice little bit about a kettle...
https://www.pentestpartners.com/blog/new-wi-fi-kettle-same-old-security-issues-meh/
NEW WI-FI KETTLE, SAME OLD SECURITY ISSUES? MEH.
We saw that Smarter's iKettle 2.0 and Smarter Coffee machine were reviewed on ITV’s This Morning yesterday.
If you’re not familiar with the iKettle it’s a device that solves one problem (physically having to get up and switch your kettle on!) and creates a whole bunch more.
We haven’t been shy about our security research findings, you can find them covered here, here, here, and here.
The fundamental issue is that if you have this kettle it’s possible for someone to get your wireless network key, and help themselves to whatever is on your network, or use your Wi-Fi for whatever purpose they choose.
Anyway, that’s all in the past because the new iKettle 2.0 model fixes all that. …erm, except it doesn’t.
--- End quote ---
More at the link.
IoT is going to burn a lot of people. ;)
Shades:
Start using an old PC as a router (make sure it has 2 good NIC's) for your home. Router software such as Untangle and pfSense are perfectly able to block whatever communication takes place between IoT devices and the outside world. You know, in case you don't care about IoT, but aren't able to buy whatever device you need without IoT.
Heck, learn to use this class of software and see how much control you get over the bandwidth of your internet connection. Untangle is powerful and comes with a rather nice and easier to understand interface, while pfSense is pure awesome in getting extremely fine grained control, but it is not as easy (without a firm grasp of networking concepts and terminology). Untangle's basic package is free, for the extra's you will need to pay and there are options to buy support if you need it. Stock pfSense is much more feature complete and free to use, can be extended with free and paid for additions and there are options to buy support if you need it.
In case you are concerned about the costs of running such a device, Untangle does require a more powerful old PC to make it work, while pfSense has (much) lower hardware requirements and it is also a lot smaller download if you are into such things. Both are completely manageable by a web browser, so whether you go for Untangle or pfSense on an old PC, this PC won't need a monitor, keyboard or mouse. Whichever solution you choose, neither will add much to your electricity bill. Web interfaces make this a moot point, but Untangle is linux-based, while pfSense uses BSD as operating system.
5 Years ago I started using Untangle (v9.x) as a router on a 5 year old PC. Last week this computer broke down and there was no way to get it up and running again. So I took a look at the latest offering of Untangle (v11.x) and thought to take a look at alternatives. Now I use the pfSense router software on a old clunker I created from spare parts that I had laying around. My impressions so far are very, very good.
The insights about bandwidth usage you get from using pfSense together with the Ntop extension is nothing short of amazing. Extensive and clearly represented in different visual ways. Very helpful. Prioritizing types of network traffic, strictly or fluidly assigning only a percentage of bandwidth to applications and/or computer(s) at any given time of the day, package inspection, spam pre-filtering, parental controls...it's all there and won't cost you a dime in pfSense. Besides spending time figuring this out, that is.
So, for people that think the negatives of IoT outweigh the positives and are willing to do some work, they can get a sense of control back by getting, "grokking" and applying router software.
Navigation
[0] Message Index
[#] Next page
[*] Previous page
Go to full version