Why IoT Security Is So Critical (techcrunch.com) 148
An anonymous reader writes: Software engineer Ben Dickson starts off an opinion piece about Internet of Things security with this amusing comment: "Twenty years ago, if you told me my phone could be used to steal the password to my email account or to take a copy of my fingerprint data, I would've laughed at you and said you watch too much James Bond. But today, if you tell me that hackers with malicious intents can use my toaster to break into my Facebook account, I will panic and quickly pull the plug from the evil appliance." Dickson then lays out many of the issues with securing internet-connected devices, and explains the work being done to make them more secure. He highlights areas that manufacturers must focus on: "In contrast to human-controlled devices, they go through a one-time authentication process, which can make them perfect sources of infiltration into company networks. Therefore, more security needs to be implemented on these gateways to improve the overall security of the system. ... There also must be a sound plan for installing security updates on IoT devices. Each consumer will likely soon own scores — if not hundreds — of connected devices. The idea of manually installing updates on so many devices is definitely out of the question, but having them automatically pushed by manufacturers also can be a risky business."
Why "IoT" security is so critical (Score:5, Insightful)
is because morons won't stop adding devices to the "IoT" instead of leaving them dumb like they should be. FFS this is a problem created by a trend with no benefits in the first place.
Re: (Score:2, Funny)
Butbutbut I need to turn on the toaster from the bedroom so the toast is ready when I arrive in the kitchen!
Re: (Score:3, Insightful)
Communication in the other directio
Re: (Score:2)
If the toaster can detecting when I've finished showering, I can program it so that my toast will pop up when I've showed and dressed.
How does the toaster know it's you in the shower and not someone else ?
If my doorbell or telephone rings, then it can pause and resume later, so the toast hasn't had time to cool down before I get to it.
Sound like a potential DOT attack to me (Denial of Toast)
Communication in the other direction would let it notify me in whatever room I'm in when the toast is ready.
Beeping would do the same thing, or gosh even the popping up the toast on most toasters is noisy enough already.
It could communicate with the fridge that I was likely to get butter out soon, which would mean that I'd be likely to open the door soon. This would let the fridge postpone running the compressor until afterwards (no point chilling air that's just about to be removed from the fridge).
You already got the bread out of the fridge to put into the toaster, a sane person would already have taken the butter at that point so it can soften a little. This is silly talk.
Re: (Score:1)
Sane people don't put bread in the fridge.
Re: (Score:2)
"Sane people don't put bread in the fridge."
Err, they do if they want their bread to keep longer than a few days before going stale.
Re: (Score:2)
For most kinds of bread and most climates the bread kept outside of the fridge lasts longer and tastes better. ;)
However: no idea where you live
Re: (Score:3)
Fridges work by being a closed air-con unit, as part of that process they draw moisture out of the air. Bread, placed in a fridge therefore goes stale quicker.
To keep bread, either freeze it (and let it slowly defrost at air temperature to get it back to best condition) or put it in a closed container like a bread bin. Or buy bread so laced with chemicals that there's hardly any flour used in its production.
Re: (Score:2)
Wha?? Putting bread in the fridge guarantees that the bread will become stale in under 10 hours. Freezing is even worse.
Re: (Score:2)
"Sane people don't put bread in the fridge."
Err, they do if they want their bread to keep longer than a few days before going stale.
Is this a serious comment? Bread doesn't last longer than a couple of days before going stale regardless of what you do with it. Unless you are buying some weird, horrible, white chemical pudding instead of actual bread.
For toast, you can always slice some bread and keep it in the freezer. But actual bread needs to be fresh.
Re: (Score:2)
"Sane people don't put bread in the fridge."
Err, they do if they want their bread to keep longer than a few days before going stale.
Or they live in an area in which cockroaches make an appearance so regular fumigation of the building is necessary. When I lived in Texas the only things kept in my kitchen cupboards besides pots and pans and cutlery was canned goods. Everything else edible was stored in the refrigerator or freezer.
I think the Texas Tourist Board need to hire a new PR agency.
Re: (Score:2)
Unless the toaster can also cut the bread and insert it, then there isn't much value in being able to turn it on remotely. There are lots of reasons where it might be nice to have some connectivity though:
Communication in the other direction would let it notify me in whatever room I'm in when the toast is ready.
These are just the ones that come to mind immediately. I'm sure there are other applications.
I know you're going with the example provided, but this is ridiculous. Are we bringing in high technology and introducing a much lager attack surface just so people don't have to wait for their toast?
Re: (Score:3)
You can do all of these things right now without involving the internet at all.
Re: (Score:2)
All the things you mention could be done with a home network without the internet. The hacking games with an internet connected network are scary. Turn the toaster or stove on to create a fire hazard. Turn the refrigerator off to create unsafe food storage. And last but not least give companies or the government fine grain surveillance of peoples personal lives.
Isn't that the first principle of any security design? Limit exposure to the outside as much as possible. Your database should not be directly accessible from the internet (indeed, firewall rules should only allow access from the machines which need it). You probably don't need to access your toaster from outside your LAN. It makes sense for your fridge to have a limited interface to the outside world - VPN for you to query if you are running low on eggs, or PUSH technology to inform you the milk is about t
Re: (Score:2)
Re: (Score:2)
Well, there's no need for a toaster to be able to do internet, but look at other things that actually can benefit from it - like ventilation systems and you have a completely different case. Thermostats that can detect not only presence of people but also power consumption in a room and predict the ventilation level needed.
Personally I would set up a separate network for my devices that controls my home. But it would still be good from the security point of view if the devices themselves have protections bu
Re: (Score:1)
I do Internet of Things = Idiot.
Wider Area Network of Things = WANT
I've just filed my first patent for nano fleas which swarm around me filming me from every direction so I don't even need a selfie stick. They have the added bonus of helping me sniff my own farts and helping me give ratings based on my vegan/paleo diet (depending which side of the fence I swing). Based on the smell of my farts they also find me suitable grinder dates in my vicinity.
But I'm a new age hipster spiritualist so I'm AC because my
Re: (Score:3, Insightful)
"ike ventilation systems and you have a completely different case. Thermostats that can detect not only presence of people but also power consumption in a room and predict the ventilation level needed."
And the thermostats need to be online because....?
"I can also think of devices like the fridge or freezer to be able to talk to the internet to be more cost efficient - cool extra during cheap hours and cool less when electricity is more expensive."
Wtf? Perishable food needs to be kept cool regardless of the
Re: (Score:2)
And the thermostats need to be online because....?
Because some power companies currently and more will soon give you a price break for cutting usage during a surge in demand. Sometimes this can be predicted, sometimes it can't. Hence the need for real-time comms.
Wtf? Perishable food needs to be kept cool regardless of the price of the electricity unless you want to risk food poisoning to save a few pennies.
For a refrigerator, you're likely right. Think about a freezer, though. Maybe you're set to -10C most of the time. However, you're going to be gone all day and your usage patterns don't show you opening the freezer in the morning, maybe it is better to cool everything to -25C overnight, and then NO
Re: (Score:2)
"Because some power companies currently and more will soon give you a price break for cutting usage during a surge in demand. Sometimes this can be predicted, sometimes it can't. Hence the need for real-time comms."
Oh please. I warm my house to be the temp I want it to be. I'm not going to shiver to save a teeny tiny amount of cash. If you're that skint then you won't be able to afford all this tech anyway - wear a jumper.
"Opening the door is what creates energy usage. Having an app to keep inventory can dr
Re: (Score:2)
Here's a novel idea: Don't plug this shit in if you don't want to use it.
For those without photographic memory, or those that don't mind putting on a jacket to save some money, let us have these devices to save money and help the planet, and let's work on making them safer.
Re: (Score:3)
"Don't plug this shit in if you don't want to use it."
And what happens if it gets to the point where I don't have a bloody choice because the fridge refuses to work unless its downloaded some new firmware or whatever?
"et us have these devices to save money and help the planet"
Help the planet? You having a laugh? You might want to check out the mess the mining the precious metals for all our playtoy devices causes and then the pollution from their refining and the manufacture of the device itself plus transp
Re: (Score:2)
I used to live alone. I'm going to be returning home with someone. I can't even imagine how many times I've opened the fridge door after forgetting why I went to the kitchen in the first place. I'm pretty sure that the added person in the house isn't going to help matters much.
I'm also not sure how she's going to react to having my friends meander in and out of the house at random and at odd hours. They don't help either. I don't lock my doors (honest people are honest and criminals will just kick it in - I
Re: (Score:2)
Re: (Score:2)
And the thermostats need to be online because....?
Because otherwise they'd have to sell you the devices rather than renting them to you.
Re: (Score:2)
There are plenty of reasons, such as monitoring the temperature in your refrigerator to make sure things haven't gotten too warm, keeping track of inventory and expiration dates, starting dinner a few hours before getting home, monitoring the health and maintenance status of appliances.
Re: (Score:2)
There are plenty of reasons, such as monitoring the temperature in your refrigerator to make sure things haven't gotten too warm, keeping track of inventory and expiration dates, starting dinner a few hours before getting home, monitoring the health and maintenance status of appliances.
None of which require an internet connection.
Re: (Score:2)
How about a device, sort of like a firewall or a WSUS setup, that collects data from the internet and then allows only a one-way access from your devices to update, get rates (these needn't be completely real-time, say polling every ten minutes or something) for electricity, and whatnot. They could check for signatures, match hash values, and ensure that the updates were legit/signed. Using something like PNP or automated port forwarding, they could automatically configure what they need for information and
Re: (Score:2)
Little is "required". People like Internet connections for the IoT because it's convenient and, contrary to what TFA claims, is low risk.
Re: (Score:2)
First: Level of cooling can vary and using technique like Glauber's salt can keep the actual temperature within the stipulated range for the food for storage. As long as the freezer is closed the temperature will be pretty steady for hours, but waiting an hour to turn on the cooling won't make much difference - and if you cool extra in the morning before the price rises if you are billed by the hour then it might not need cooling until much later.
Re: (Score:2)
On the thermostats being online - well, if the thermostat is in a network with one thermostat per room then it may be a good idea to network it with the radiator valves and with the air condition unit. The better you know the indoor climate the better you can manage it. One central thermostat is like tuning a watch with an axe. One room can be in shadow and need heating while another is getting sunshine and need cooling. A smart ventilation system with a sensor network will offer an opportunity to manage th
Re: (Score:2)
When I retired, I went on a bender and did a whole ton of drugs. (I've disclosed that before. I'm okay with the world knowing.) During this time, I kind of worried about my sanity. So, I went to a head shrinker. The head shrinker was a learned lady who felt I should attend a group therapy session. Which I did. I kind of liked it. I learned about CBT and stuff. Kind of neat... I went for quite a while, it was helpful.
Anyhow, during this session I too became a learned man and what instructions were given seem
Re: (Score:2)
Well, there's no need for a toaster to be able to do internet, but look at other things that actually can benefit from it - like ventilation systems and you have a completely different case. Thermostats that can detect not only presence of people but also power consumption in a room and predict the ventilation level needed.
How are those cases different? I'm not seeing how the internet has to be involved for any of them.
IOT (Score:2)
If morons don't do it, Chinese manufacturers will do the IOT for you
http://thehackernews.com/2013/... [thehackernews.com]
Re: (Score:2)
Re: (Score:1)
Re: (Score:2)
Well, that's already in place. Each cow have a dongle around the neck and then that is used to identify the cow so a system can keep track of how much milk that's produced, which quality it has and then the cow get the correct amount of food from it.
DOA (Score:3, Insightful)
Google/phone manufacturers cant even keep android phones patched more than a few years. What makes people believe that "IoT" devices will do any better?
Re:DOA (Score:5, Insightful)
Look at smart TV's and the number of updates that they get.
Manufacturer's goals are not compatible with IoT concept. you own your TV for a decade or more between replacing it. Refrigerator's can go 20+ years easy.
Do manufacturer's really want to provide support that long? if the answer is no then it doesn't belong in the Iot category.
Re: (Score:2)
Built in limited lifetime of the device. "Sorry the product you have is end of life, no more updates. Buy a new one."
Re: (Score:2)
Manufacturers see the IoT as a great way to make otherwise perfectly good appliances obsolete. They would rather you didn't keep your TV for 10 years or your fridge for 20 years. Actually our last washing machine was over 30 years.
They are banking on consumers being short sighted and not realizing that the cool gimmick their new fridge has will be useless in a year or two. Brand loyalty is dead so they don't care about giving a good impression. Consumers choose by price, fashion and gimmicks so as long as t
Re: (Score:2)
This is why manufacturer's love the idea so much. A fridge lasting 20 years is a terrible for sales.
Our family is on its third fridge (and third washing mahince) in a little over ten years. Maybe it's different if you buy a really high quality (expensive) machine?
We tend just to get the cheapest one with a name we've heard of.
Why the Internet of Things is so stupid (Score:5, Informative)
Fixed that headline for you.
Engineers with a hammer treating everything as a nail, and marketeers seeking to mine information from everyone's daily actions are evidently a very bad combination.
Re: (Score:3)
Yup, just say no to this crap.
The only thing I want to be internet connected is my computers, my tablet, and only very rarely my phone.
The rest of this internet connected crap I have no interest in, because I assume the security is incompetently written, and the product is mostly geared to allow analytics and ads ... none of which I have any interest in.
An endless series of crap products which are connecting to the intertubes is just marketing hype.
IoT and Privacy Complaints (Score:1)
And yet we see people blaming more and more privacy invasions on companies like Apple in the iCloud Hack that exposed various celebrity nudes. More and more data that people add to the internet means the more private moments will be exposed to entertain the sick perverts of the world. Not to mention the IoT's could allow people to gain access to accounts via question and answer password resets. What is your favorite food? Well per your toaster you love Bagels and per your fridge you love Strawberry Crea
what a bunch of b.s. (Score:3)
No, not really. If your home network security assumes that every single attached device is patched and secure, you have already lost. You should deploy your IoT devices in such a way that, even if they get compromised, the damage is limited.
I don't really see how "corporate hackers and industrial spies" can "make profits" by breaking into Apple and stealing data about when I turn on my toaster. "Corporate hackers and industrial spies" generally don't go after such low value data, they go after credit card numbers and corporate secrets.
No, it really doesn't need to be. Unless you have specific and clear evidence to the contrary (plus an assumption of liability by the manufacturer), consider all IoT devices to be inherently insecure and use them accordingly.
Re: (Score:2)
I don't really see how "corporate hackers and industrial spies" can "make profits" by breaking into Apple and stealing data about when I turn on my toaster. "Corporate hackers and industrial spies" generally don't go after such low value data, they go after credit card numbers and corporate secrets.
They will be going after the credit card numbers and corporate secrets, the point is that your toaster would be the weak link in your systems. If they can hack the toaster, they can get the admin password for the toaster as well as the addresses of all the other things in the house. Form there try that admin password on something like the fridge. Most people will probably reuse the same password for all their appliances so they now have admin access to the fridge which has a reorder system for items keep th
Re: (Score:2)
That's utter nonsense. Most IoT devices run on Z-Wave or ZigBee networks and are paired by button presses; they don't have network passwords or user passwords, and
Re: (Score:1)
I don't really see how "corporate hackers and industrial spies" can "make profits" by breaking into Apple and stealing data about when I turn on my toaster.
It's not just the toaster. The "dream" of IoT is every disposable thing in your house and on your person is connected to the 'net. The data from one sensor might not tell anyone much, but when they are aggregated you have a total fucking panopticon.
Just imagine someone monitoring the data feed from the house down the street where an attractive young woman lives by herself. After a few days, definitely after a month, a complete profile of her activities could be constructed.
Re: (Score:2)
Really? Like what? That she keeps her house at 65F? That she wakes up at 6:30 am and goes to bed ad 10 pm? That she does laundry twice a week, usually on a Thu and Sun? That she usually leaves for work at 8:00 am and returns at 5:30 pm? So what?
Re: (Score:2)
Such as whether or not she's home at a given time, or whether or not she has company, for two obvious examples. But examples aren't needed. Even if the data really is meaningless and harmless (which it is not), it is still a fact that it's nobody's damned business.
Re: (Score:2)
I wasn't objecting to the idea that you can get some information about people, but that you can get a (and I quote) "complete profile".
And that is precisely why such data is legally and technologically protected. What we are discussing here is what
Re: (Score:2)
Really? Like what? That she keeps her house at 65F? That she wakes up at 6:30 am and goes to bed ad 10 pm? That she does laundry twice a week, usually on a Thu and Sun? That she usually leaves for work at 8:00 am and returns at 5:30 pm? So what?
I think at least some of that information would be useful to a potential burglar or rapist, don't you?
Always the same stupid story, again and again (Score:5, Insightful)
First, it was mainframes that were insecure. When they were finally secured, the same mistakes were repeated with workstations. Then the same mistakes were repeated with PCs. Now they are repeated with mobile phones and with cars. Next they will be repeated with IoT.
The problem is that most people are completely unable to learn from experiences made by others, and so they repeat the same stupid mistakes whenever there is a new application field. The experts are available and could do better, but they do not get used, because all the bright-eyed "innovators" do not have a clue what they are doing.
Re: (Score:2)
Entirely agree, except it's even worse because the "finally secured" part never actually happens.
IoT is the continued infantalisation of people (Score:3)
Too lazy to check the fridge? There's an app for that. Too stupid to be able to pull your own curtains? There's an app for that. Too bone idle to turn off a light switch? There's an app for that.
Soon the infants masquerading as adults will require robots to wipe their backsides for them and spoon feed them mush for dinner (chew solids? Too much effort). You think the passengers on the starship in Wall-E were just a joke? Hardly - its where we're heading.
Meanwhile all these human vegetables will have all their private data sucked up by corporations and hackers to be used as they please.
Re: (Score:2)
Soon the infants masquerading as adults will require robots to wipe their backsides for them and spoon feed them mush for dinner (chew solids? Too much effort).
For as much as your post seems like "keep off my lawn" vitriol.....
It's absolute truth
I run a amateur radio competition. Essentially make as many contacts with as many locations as possible over a certain time.
Once upon a time, we required mailed in summary sheets (a way to get the logging started, plus some other info we need that isn't in the contact logs.)
But in the age of email, some people would spend hours telling me to go die in a fire because it was too much effort to fill out the pdf and pr
Re: (Score:2)
Well yeah, the summary should be automatically filled in by the data from the SDR, it should have meta data included automatically. Hell, they shouldn't even have to do that (next). Next they'll not even want to click the button to sign anything but have it all done automatically - just ship the meta data off in XML and you have something autonomous do the scoring based on meta data collected from the Google Maps API. Hell, they won't even have to sign up for the contest - just use push notifications over a
Re: (Score:2)
Well yeah, the summary should be automatically filled in by the data from the SDR, it should have meta data included automatically. Hell, they shouldn't even have to do that (next). Next they'll not even want to click the button to sign anything but have it all done automatically - just ship the meta data off in XML and you have something autonomous do the scoring based on meta data collected from the Google Maps API.
There are a few contests that use live updating on teh web. Turns out to be a hassle for any contest that uses Mobiles, Portables or Rovers. But Hams are kind of like Slashdot users, som on the edge, and some worried about teenagers on their lawns. So we get a lot of different lod formats.
Would be cool if the scoring was done the moment the contest ended.
I'm only partially joking but, if nothing changes, then perhaps the writing is on the wall. With a few hours, I was able to pass every single test on the ARRL (I think that was the URL) site - the prep exams, knowing only some of the material from long-since-past EE classes in the late 1980s. I simply noted the errors and the answers and memorized it. What work needs to be done, really?
Yes, the practice exams are more like a beginning, a low bar to entry, than being very difficult.
I decided to not get my license, I'd end up hurting myself.
Reminds me - one of the issues I have with the testing
Re: (Score:2)
And why should I wipe my backside if a robot can do it? Yes I am lazy, laziness is progress. Should I call you lazy because you are not hunting the meat you are eating (or grow your own vegetables, or carry your own water, or...)?
This doesn't mean that we should be lazy for everything, we can still have hobbies or do sports, but if robots can do my chores, that's perfect for me.
Re: (Score:2)
"If I've got an IoT device that is compromised, what can it do?"
Its a computer - it can do anything the hacker wants it to do within the limitations of its hardware. That could involve sniffing your network, overloading the wiring, compromising other devices, being an anon gateway, you name it.
Re: (Score:2)
IoT devices usually run over low speed, low power networks separate from WiFi, so they can't even see WiFi traffic. For the few devices that people do put on WiFi, they are likely much less of a risk than a Windows or Mac computer, since the primary attack vectors against computers--Web, e-mail and apps--don't exist.
An IoT toaster or light bulb has no magical capabilities that
Re: (Score:2)
IoT devices usually run over low speed, low power networks separate from WiFi, so they can't even see WiFi traffic. For the few devices that people do put on WiFi, they are likely much less of a risk than a Windows or Mac computer, since the primary attack vectors against computers--Web, e-mail and apps--don't exist.
Are you sure? [theregister.co.uk]
Re: (Score:2)
Yes, I'm sure. Which part of "usually" did you not understand?
Obviously, there are a bunch of WiFi-connected IoT devices, but they are the exception.
Re: (Score:2)
"And how is that different than any other computer in my house?"
Go back and read the title of this article.
"I'm not going to ditch it just because it is another unknown on my network."
And that demonstrates why so many idiots in this world get hacked.
Re: (Score:2)
My IoT device saved me several thousand dollars in renovation costs
Yes, but did it save them because it was connected to the internet?
What is IoT? (Score:2)
Re: (Score:3, Informative)
Hackers are not going to do a home invasion. Stop being a paranoid conspiracy nut who likes spreading fear.
Less than 7% of all burglaries are home invasions (US gov data, go look it up). you have a significantly higher chance of dying in your bathtub, or your car exploding on your way to work than a home invasion.
Lastly, 99% of all home invasions are done by drugged out violent criminals, not highly educated and skilled hackers. That last 1%? done by people you know.
Re: (Score:2)
Hackers are not going to do a home invasion. Stop being a paranoid conspiracy nut who likes spreading fear.
Chillax dude, the examples were tongue-in-cheek. My boss got a good laugh out of it, why can't you?
Re: (Score:2)
Lastly, 99% of all home invasions are done by drugged out violent criminals, not highly educated and skilled hackers.
Most malicious hackers are not highly educated or skilled. They're script kiddies running tools made by someone else.
Re: (Score:2)
Lastly, 99% of all home invasions are done by drugged out violent criminals, not highly educated and skilled hackers.
Most malicious hackers are not highly educated or skilled. They're script kiddies running tools made by someone else.
So what? If the tools work you're not going to care whether you were fucked over by a 13 year old in his basement or Dr Evilgeniushacker in a lair beneath a volcano.
Re: (Score:2)
On the flip side, hackers could turn off your lights prior to a home invasion
lol, and then what are they going to do - intimidate me with a Klingon axe-thingy and demand all my caffeinated beverages?
Re: (Score:2)
Pfft... That'd require they leave the basement!
Re: (Score:2)
It's not just the hackers, the government could essentially kill you by disabling everything that keeps you alive (heating, ability to store and cook food, the ability to remain warm and sheltered etc etc.). No need for costly drones.
They will be able to track your every single breath...They will know when you cheated on your taxes just by looking at the quality of beer your purchased.....
Re: (Score:1)
Re: (Score:2)
My boss asked me "What is IoT?", so I explained it to her. I told her it was a collection of "smart" appliances that are connected to the internet, so that you could dim the light bulbs in your living room from your smart phone, or you could adjust the thermostat in your house so it is nice & warm when you get home, or you could preheat the oven to 450 on your way home from the store. On the flip side, hackers could turn off your lights prior to a home invasion, turn your thermostat off during a cold spell so your pipes freeze, or preheat your oven to 600 degrees while you're on vacation.
More likely those hackers will route spam through your toaster, use your fridge as a bot net, make your oven a tor gateway, and make the computer that controls your lights host bit torrent. Or just use them to sniff household network traffic to find anything to use there and possible man in the middle attacks. For that matter, what's the chances somebody will use the same household password on all their appliances including the wifi router and home computer so that when they hack one, they have access to al
Because right now (Score:5, Funny)
Re: (Score:2)
Distributed Denial of Sandwich attack
It's not critical. (Score:4, Interesting)
My door sensor does not need 128 bits of encryption. it needs to talk to a hub inside my home unencrypted, and then the link out from there needs to be secure. The problem is all these "experts" dont have a clue at all about all of this and are clamoring that we need heavy security on everything! ZOMG!!!
WE don't. what we need is 100% open on all the devices so that as the owner of a device I can use it with whatever I want in whatever way I want. heavy security means I will never ever be able to do that.
All of the IOT (I really hate that acronym) crap needs to talk to a single hub and that when allowed to communicate out needs security. There needs to be absolutely ZERO security on the inside protected network other than what already exists with decent systems like Z Wave or Zigbee where they get a key from the hub they join and only talk to that network. can it be still hacked? yes but not by the typical thief who really would not care to as all he has to do is a smash and grab.
My toaster does not need to tweet or talk to westinghouse's servers. it needs to talk to my HA hub, and from there I can decide if it needs access to post to slashdot that my double cinnamon raisin toast is done.
Re: (Score:2)
Re: (Score:2)
Problem is we already have had wireless Alarm systems for well over 2 decades and are extremely common and we still dont have simple thief boxes to override the door sensors.
Thieves don't CARE about your door sensor, they kick it in, let the alarm wail as it dials the alarm company and make off with your TV set and everything else that is easily snatched before the police even get the phone call that someone is breaking in. 20 minutes later a cop might drive by the house.
They don't need to override anyt
Re: (Score:2)
My door sensor does not need 128 bits of encryption. it needs to talk to a hub inside my home unencrypted, and then the link out from there needs to be secure. The problem is all these "experts" dont have a clue at all about all of this and are clamoring that we need heavy security on everything! ZOMG!!!
You are right - but it won't happen that way. Manufacturers will want to be able to push updates, Google will want to know what is being bought and used, (I suspect eventually, little rfid chips in all foodstuffs so an inventory can be done and reported back so you'll be able to get a suggested grocery list complete with ads on some app on your smartphone),food manufacturers will want Google's data, the electric company will want access for power control, ADT will want access for their security services, po
Re: (Score:2)
But it is already headed that way. Look up Wink, Smartthings, IRIS, and the others, all of the current systems are like he describes.
As soon as it catches on, are you saying the big boys won't get involved, and turn it into data? I can see Google getting involved, and selling at a discounted rate, and now things start opening up.
I mean, if the IoT is going to be secure and internalized as you guys figure, it will be really bucking the trend. Why on earth wouldn't it be turned into data? I can see my rfid on foodstuffs for the IoT refrigerator starting off as simple scanning of barcodes - who wouldn't want that info? People have shown a
Re: It's not critical. (Score:1)
Agreed hub to device symmetric key secures that path. But it just makes the hub a more valuable target the more powerful devices connected to it get ( turning on a light versus opening garage door.
Re: (Score:2)
My door sensor does not need 128 bits of encryption. it needs to talk to a hub inside my home unencrypted, and then the link out from there needs to be secure. The problem is all these "experts" dont have a clue at all about all of this and are clamoring that we need heavy security on everything! ZOMG!!!
Perhaps they're thinking that all this stuff will mostly likely be wireless and as accessible to your neighbor or from the street outside your house as to whatever it's supposed to be talking to. While major appliances might get dedicated wire, unless they do network over power, they're probably not going to wire for every place you might put a lamp or toaster.
Re: (Score:2)
Why would anything inside my home ever need to communicate out? Other than data gathering on me and my family, there is no reason for my thermostat to talk to anything else, same for the stupid toaster that sadly became a thing in this discussion.
Some scenarios being pushed include adjusting your thermostat because you're heading home earlier / later than usual, being able to remotely turn on lights so no one knows you're not home, standard home security set up (such as accessing cameras, alerting you to a break in), etc. Your thermostat probably doesn't need to talk with your microwave.
Re: (Score:2)
My thermostat doesn't need to talk to anything. a simple programmable thermostat saves exactly the same amount of money that a smart networked one that delays heating by 30 minutes would. Honestly, my neighbor has a NEST and he saves absolutely nothing compared to the identical house I live in next to him with my Stock bryant thermostat that is "programmable" that I set once back when I moved in and have not touched again since.
Exact same houses, and zero savings or comfort gains from his $300 thermostat.
Re: (Score:2)
My thermostat doesn't need to talk to anything. a simple programmable thermostat saves exactly the same amount of money that a smart networked one that delays heating by 30 minutes would. Honestly, my neighbor has a NEST and he saves absolutely nothing compared to the identical house I live in next to him with my Stock bryant thermostat that is "programmable" that I set once back when I moved in and have not touched again since.
Exact same houses, and zero savings or comfort gains from his $300 thermostat.
As I said, it might be nice to notify your thermostat that you will arrive home earlier than normal. 95% of the time once you've programmed in your schedule you won't change it (small exception of adjusting for daylight savings time twice a year). 99% of the time you remember to turn off lights and lock doors. Each consumer needs to see if the benefits are worth the costs.
Typical Slashdot discussions now (Score:3)
Anything on IoT becomes a shitfest discussion of toasters and fridges. Fuck what happened to this place.
Re: (Score:2)
Indeed, the biggest area for IoT, the area I happen to work in, is sensor networks. Say you have a vast water distribution network that you need to monitor. Typical ones leak 30-40% of the water out, so you are probably interested in figuring out where the leaks are, as well as metering everyone's usage for billing purposes.
In the past you had to send people out to take readings everywhere. Now you can put IoT sensors everywhere and they send you the data at regular intervals. It's getting so good already t
Re: (Score:2)
This is what the IoT is all about. There are tonnes of other examples as well. How about the guy who invented a system that monitors power usage at his elderly mothers house from his web browser. He knows her routine enough to see power spikes when he should (like the kettle making tea at 10am every morning). If usage looks out of the ordinary he immediately checks up on her to make sure she is ok.
Lots of great stuff happening in maker space. People coming up with all kinds of ingenious way of using em
Re: (Score:1)
Couldn't agree more. This used to be a site for tech enthusiasts; now it's full of get-off-my-lawn luddites who'd rather go back to the days of text-only and 48k memory. (not that there's anything wrong with the command line - I still spend a large fraction of my computing time there)
Of course IoT is stupid without security. But there are plenty of useful applications that have little security risk. The hysteria over IoT here is tiresome. It's just as stupid as the example given in the summary - "use my toa
Why I'm standardizing on the Raspberry Pi (Score:1)
I've been on something of a roll setting up Raspberry Pi's as something of a family IoT cloud.
While it's probably not (yet) completely secure from hackers like the NSA, I do have a lot of confidence in Debian/Raspbian linux. With 7 million RPi's sold and lots of volunteers working on it, I expect it will be getting security updates for a long time.
I've got nice simple Python fabric scripts that I run from my laptop to keep everything up-to-date, setup ssh keys, firewalls, knockd, motion webcams, temperatur
Wrong security model (Score:3)
The it's got wifi and connects to the cloud model is broken by design. It's a great marketing thing to make you replace your outdated bits every few years since they are no longer compatible. But a model that is reliant on lots of vendors to do constant updates to deal with newly uncovered issues fails as white good vendors forget about a model the instant a newer version comes out. All of the cloud features have been how can we nickle and dime you
You need basic encryption/authentication/replay prevention on the network. The device(s) that control those networks need to be secure. We have openhab etc in the opensource side and a small pile of black boxes with varying levels of local intelligence. My vera can not reach the internet it's in an isolated network along with a few other IP based IoT like my garage door controler some DIY kit etc. Oddly it chugs along just fine with openhab relaying any external info it needs like when I should be arriving home or the weather forecast. Sure if there is a network level exploit to zwave, insteon, zigbee or whatever will need to get firmware upgrades on bits. Bet far better to make something thats not intended to be a 20+ year lifespan embed device be the thing thats get upgraded etc. The last thing I want is my fridge having to phone home to do anything, to be reliant that some cloud is still there and supports my 20-30-40 year old device. Sensors can be very well defined it's not like some software upgrade will add a new sensor. Lightbulbs are getting smarter with RGBW and color temps as well as dimming, would expect motion sensing ambient light levels etc to be pretty standard soon. But who wants to worry that the cheap chinese bulbs they got at walmart wont get security patches a couple years from now.
IoT not for me (Score:2)
The last thing in the world I want is more of my devices sending data about me and my belongings to servers that I do not control.
For what I hope are obvious reasons.
Re: (Score:2)
There is absolutely no iteration of IOT that will ever be right.
Not until they make all programming 100% secure and bug proof. Which is at the moment impossible.
Re: (Score:2)
Instead of depending on technology for everything. This is the same as the internet connected cars, focus on driving you moron you dobt need to update your fb status while driving on the highway. Chevy commercials who plug away theor 4g connected cars is retarded, you make sh1t cars and you are trying to sell them as smartphones
Internet connectivity in cars usually is not for the benefit of the driver (GPS being an obvious exception), but for the passengers. Kids get bored on long road trips, so give them internet access to stream songs / movies to placate them.
Any time you have a multi-tasker, the device is generally good at one task and mediocre or poor at the other. Do you want a mediocre phone with a great PDA, or a mediocre PDA with a great phone? Do you want a great car where connectivity was a secondary thought, or great co
Re: (Score:2)
The usual method is to mock the Linux operating system and/or say how great Microsoft is and involve plenty of racism and gay sex to confuse everybody.