Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
Get HideMyAss! VPN, PC Mag's Top 10 VPNs of 2016 for 55% off for a Limited Time ×
Security

Video F-Troop and the 'Internet of Thingies' (Video) 43

F-Troop? This is an interview with IT journalist Tom Henderson, who managed to get a mention of F-Troop into a serious(ish) discussion of "Internet of Things" insecurities. And, says Tom, the more things we hook to the Internet, the more potential security problems we create. Is it time to unplug everything because of the growing amount of unvetted software we're adding to our home and business networks? Hmmm....

Robin Miller for Slashdot: This is Tom Henderson. You’ve seen him with us before and you’ll probably see him with us again. Today, we are talking about something he wrote about how a tea kettle -- yes, an internet of thingies thing – can be used to hack your network. So what’s up with that, Tom? Should we unplug everything?

Tom: Robin, it might be that case. Consider the fact of the iKettle. The iKettle comes with a wonderful module that you can take your cell phone off, one of these

Slashdot: Yeah.

Tom: ...and turn it on and turn it off. And it has a module inside of its base that has all of the security of an egg, and can be cracked as easily. You can drive by, you can break it open, watch all of the yolk and egg white just run all over the counter. Now you might have bought this because -- Hey! It is convenient—you need to have that wonderful cup of tea. Tea is my favorite. I drink quite a bit of tea every day now that I’ve quit coffee. I feel better for having done so, hey let me take a sip.

Slashdot: I have coffee for you; don’t worry.

Tom: Thank you. So here’s what ends up happening. Because you can crack this thing open like anything it takes no talent at all, although there is a really interesting video on Slashdot which is where I derived my blog from. Yes, you can come by, break open all of this, match all of the keys and passwords and hey! Suddenly you are on the same network. Well, let’s say that same network happens to be in the employee lounge of Mr. Large Organization.com.

Slashdot: Uh oh.

Tom: Suddenly we have a nexus and intro, a backdoor. That’s right. And we can target the rest of you, get rid of those as fast as you can because what can we do, we can read all your traffic. Oh, let’s see the person whose phone number we just go let’s go jump in there and see if they might have scripts with the encryption keys to AWS and all of your assets. Yum, better than tea, don’t you think?

Slashdot: Yes.

Tom: Yeah, so there is this module and we don’t know if this same module has been somehow introduced into other “internet of thingies” products across the planet. What we do know is that there is a team of coders out there, who should be like the openings of every episode of that old famous TV show F Troop, lined up where we can snatch away every chevron, every epaulette, every sign of possible rank these coders had so that they can be demoted. Where is this stuff now? We don’t know.

Slashdot: Cloud.

Tom: Could it be in a pacemaker? Is that where that Wi-Fi code is? Can we dial up your heart with our cell phones and go, well, let’s see what kind of password we can find here folks.

Slashdot: I saw this on a TV drama show about heroic government employees who don’t know anything about computers, the kind who can guess a password watching the little lines of code go by on a screen, very artful trick. Anyway, they had a show where somebody had hacked baby monitors. Actually, that really happened too, in real life both.

Tom: It is still hacked Robin. You can still go out and use different strings to look at everything from burglar alarms all the way through to baby monitors that are now in the parents’ guest room, uh, let’s go watch some of that, hey guys, but what we also have here is a total disconnect. Imagine we let these devices come into the country to begin with, because we happened to have invented them we have insurance liability costs that are soaring through the roof because of different breaches that we have had, and now instead of doing things like testing every product to make sure that there is no ¼ inch hole that you can put a rod through and therefore, electrocute yourself. Underwriters laboratories.

Slashdot: Yes.

Tom: C-S-A-T-U-V and the whole alphabet soup of insurance underwriting folks need to get on the ball, and they need to have a new section of their test regimens or stupid Wi-Fi modules. Why? Because they are going to become prevalent. Who knows what you can bring into an organization that has integral Wi-Fi, you can’t be cracked open like that same proverbial egg, thus exposing still another easy – pretty easy that.

Slashdot: And you know, what I 'veI been hearing? Separate stuff, not from the technology people, but from insurance people, I follow them too a little, car insurance. Really, I mean the insurance companies, they have some smart people working in the back running their big UNIX mainframes and stuff and some of those smart people came up to the front ofice where your executive work and said, you know, Mr. Boss, you see that thing where they hacked that Jeep Grand Cherokee and threw it in the mud? I saw that screen. Guy from the back, sir, says, well Mr. Boss it is real, they can do it to our insured parties.

Tom: Right. And so although these sorts of hacks hack today this being the end of October of 2015, and people will come back and they said, look at them burn, they were right, somebody hacked my car and now I am in heaven.

Slashdot: So we are back to the future and beyond. So we have no idea, we don’t even have Marty McFly’s vision forward over the edge.

Tom: We simply have lightning bolts at 88 miles per hour—that’s it. So we have all of these great automotive components which are trying to be okay because Congress in the United States tries to enact legislation thus possibly leaving the world, who knows these days, to make all of that code opaque so it can’t be hacked. So that you can’t get inside of it, you can’t correct, you don’t even know if it has been updated. How would you like to be going down the road, and suddenly you see on your console “update failed.” Jeez! What does that mean? Now we have all of these Wi-Fi devices that are out in the world. We have no idea what the quantity is because nobody is going to investigate this, at any level. We don’t know how many of those devices are out there, and how many of them can be hacked except that if we randomly find one, cool, well, let’s see what we can do.

This discussion has been archived. No new comments can be posted.

F-Troop and the 'Internet of Thingies' (Video)

Comments Filter:
  • by 93 Escort Wagon ( 326346 ) on Tuesday October 27, 2015 @04:53PM (#50812989)

    Starring Ken Berry and Forest Tucker. I guess it's better than "The Internet of Things, RFD"...

    Oh, and get off my lawn.

  • by meglon ( 1001833 ) on Tuesday October 27, 2015 @04:58PM (#50813023)
    "Don't think of it as retreating, think of it as advancing in a different direction."

    Pups.
  • yep, that will be your ID-I.O.T. car.
  • >> Is it time to unplug everything because of the growing amount of unvetted software we're adding to our home and business networks?

    Unplug, eh? Well I've heard about this cool new technology called "WiFi" that may someday replace all the coax and twisted pair cables that connect all our phones and computers today.

    • >> Is it time to unplug everything because of the growing amount of unvetted software we're adding to our home and business networks?

      Unplug, eh? Well I've heard about this cool new technology called "WiFi" that may someday replace all the coax and twisted pair cables that connect all our phones and computers today.

      Was my thought also. Which means, it's not necessary to unplug, just don't give the thingy your wifi password.

      You *do* have a wifi password, right?

    • Hey! I still "rewind" my DVR ...
  • Is it time to unplug everything

    Not necessarily. But it IS far past time to plug things in "just because we can" without thinking though the consequences.

  • As per all comedies of this genre (good natured, but apparent bumbling idiots), regardless of their activities they managed to have saved the day before the final credits rolled. And while they may have been stripped of their ranks at a point in the narrative, they all had them back by the same time next week.

    He could easily have mentioned Gilligan's island, Get Smart or Police Squad and still been just as wrong.

  • Unplug? (Score:4, Insightful)

    by grimmjeeper ( 2301232 ) on Tuesday October 27, 2015 @05:35PM (#50813253) Homepage

    Is it time to unplug everything because of the growing amount of unvetted software we're adding to our home and business networks?

    A lot of us never understood the point of plugging all that stuff into the internet in the first place.

  • by argStyopa ( 232550 ) on Tuesday October 27, 2015 @05:41PM (#50813291) Journal

    Or, maybe the whole "internet of things" that a very small group of people seem to be talking about ALL THE FUCKING TIME is just an idiotic thing that isn't actually going to take off, because grownups understand that there are things that aren't necessarily meaningfully better (in ways that outweigh the new failure risks) connected to other things?

    • Not only is it not going to take off, it's been in the process of not taking off for about 20 years. People have been plugging things like coffee pots into the internet since the 90s. I remember hearing Scott McNealy give a speech about how my refrigerator would soon be running Java and doing all sorts of things on the internet. In the 90s. It's not a new technological revolution, it's old technological ideas that are resurfacing because now that most people carry very powerful networked computers in th

      • And add to your last statement: "...meanwhile serving back to its corporate masters every detail about you, your choices, your habits, your preferences, and every other piece of trivia its sensors can gather to sell to the highest bidder, to generate ultimately more revenue over the lifespan of the article than the original purchase by you."

        What a great world.

  • Is it time to unplug everything because of the growing amount of unvetted software we're adding to our home and business networks?

    No; it's time to unplug everything because everything is being used more and more to spy on us and violate our privacy [slashdot.org].

  • Where Haley Berry takes most of her clothes off, it can't be a bad thing...

    Oh wait, even with that Swordfish was a horrible horrible thing.

    Never mind.

  • What's needed is sensible regulation like:
    all internet connectable devices must be able to upgrade the software components in the field.
    all internet connectable devices must be supported for reasonable periods after last customer shipment. Where reasonable periods is 10 years for TVs, routers, fridges, DVRs.

    Today it is ridiculous that buy a internet connectable TVs etc. and you get no bug fixes for from then manufacturers. We know that there will be bugs given the cost tradeoffs to be build the devices at

1 Sagan = Billions & Billions

Working...