Jump to content

Another reason why the IoT may not be that good an idea ...


jaclaz

Recommended Posts

 

There is something that's simply bizarre about the second sentence (highlighted)  below:

 

“We bought some light bulbs and examined how they talked to each other and saw that one of the messages was about the username and password,” said Michael Jordon, Research Director at Context. “By posing as a new bulb joining the network we were able to get that information,” he added.

 

--JorgeA

Link to comment
Share on other sites


:lol:

 

I see what you mean :D , but no, what I had in mind was the very idea of "joining a light bulb to a computer network." :blink:

 

BTW, if this IoT thing does catch on, imagine the limitless possibilities for mischief that it will present for both terrorists and governments...

 

--JorgeA

Link to comment
Share on other sites

I saw this as an ad-tweet today but I can't find the original one. Just someone retweeted. Anyways basically Merrill Lunch wrote an article about IoT. Getting your bank account/investments mixed into IoT sounds pretty scary to me.

https://www.ml.com/articles/how-the-internet-of-things-will-connect-everything.html

The article does have this mention near the end, but it really should be the primary focus.

Greater connectivity may lead to increased productivity, but it also makes companies potentially more vulnerable to hacking and data theft.

Secure your product, then connect your things. Usually, these things are done in reverse.

Link to comment
Share on other sites

:lol:

 

I see what you mean :D , but no, what I had in mind was the very idea of "joining a light bulb to a computer network." :blink:

 

BTW, if this IoT thing does catch on, imagine the limitless possibilities for mischief that it will present for both terrorists and governments...

 

--JorgeA

Yep, as I see it, one issue is why light bulbs would want (or *need*) to "talk to each other" but once given that this allows for *whatever* enhancement in the life of human beings, the real question is why they should chat between themselves using the same (wireless) network the human beings use to communicate and why to the same network every kind of potentially dangerous (dangerous for integrity or privacy of data, and not only) devices are also connected.

 

It simply makes no sense, just too many things can go wrong in such a design when it comes to practical implementations of it.

 

The hacks about cars are so serious not because of the potential risks about incidents, collisions and the like but because they show that even a "closed" environment, wholly designed by a team of (I presume capable) security oriented engineers, comprising ONLY devices provided by the manufacturer is hackable to some degree, imagine what can happen when a non engineer puts together any kind of devices from different manufacturers, all sharing the same access credentials. :w00t:

And I will re-state how - unlike any other physical hack which is still possible - these are "remote" ones, they can be done while comfortably seated in a car outside the house i.e. virtually undetectable/unnoticeable.

 

On the other hand, until now an office with  (say) 128 devices on a (wired) LAN was what I would call a medium/large Lan, something that was assembled with (hopefully high quality) routers and switches and that was maintained by an engineer/IT specialist.

 

Still, it had from time to time some issue and needed to be checked/repaired (besides audited for security).

 

What will happen when you will have 128 devices in your home?

Even if they are the best quality ever seen on earth there will be issues, who will fix them?

 

jaclaz

Link to comment
Share on other sites

imagine what can happen when a non engineer puts together any kind of devices from different manufacturers, all sharing the same access credentials. :w00t:

We already have that with cell phones. The underlying firmware (the OS behind the OS) is extremely trusting. The cell phone will connect to any network it happens to find. An average person may have encountered this where their phone may turn into roaming mode. Or in cases where a person is near a border, the phone will connect to the other country's network instead. These cases stand out because the user ends up with a large phone bill.

But it is exactly why this thing works well for police:

https://en.wikipedia.org/wiki/Stingray_phone_tracker

Link to comment
Share on other sites

Casually:
http://mjg59.dreamwidth.org/37522.html 

 

The Internet of Incompatible Things

...

The dystopian future we're heading towards isn't Gibsonian giant megacorporations engaging in physical warfare, it's one where buying a new toaster means replacing all your lightbulbs or discovering that the code making your home alarm system work is now considered a copyright infringement. 

...

 

 

 

jaclaz

Link to comment
Share on other sites

[...] for both terrorists and governments...

And how can you tell them apart…? :whistle:

 

On the other hand, until now an office with  (say) 128 devices on a (wired) LAN was what I would call a medium/large Lan, something that was assembled with (hopefully high quality) routers and switches and that was maintained by an engineer/IT specialist.

 

Still, it had from time to time some issue and needed to be checked/repaired (besides audited for security).

 

What will happen when you will have 128 devices in your home?

Even if they are the best quality ever seen on earth there will be issues, who will fix them?

 

Hooray, new jobs for an increasedly large world population! :angel  Home Appliances Network Auditor - best job in the 21st century! :whistle:

 

Don't they need some credible reasons to "visit" our homes every now and then, see if there's any "abnormal" activity, snoop around, maybe place some extra "bugs" if the national security requires it (as if using Win10 wouldn't be enough)…? :ph34r:

Link to comment
Share on other sites

  • 2 weeks later...

I like the concept of "vague dread of a malicious world" :w00t: :

http://ieet.org/index.php/IEET/more/rinesi20150925

 

The price of the Internet of Things will be a vague dread of a malicious world

Just as any user feels their computer to be a fairly unpredictable device full of programs they’ve never installed doing unknown things to which they’ve never agreed to benefit companies they’ve never heard of, inefficiently at best and actively malignant at worst (but how would you now?), cars, street lights, and even buildings will behave in the same vaguely suspicious way. Is your self-driving car deliberately slowing down to give priority to the higher-priced models? Is your green A/C really less efficient with a thermostat from a different company, or it’s just not trying as hard? And your tv is supposed to only use its camera to follow your gestural commands, but it’s a bit suspicious how it always offers Disney downloads when your children are sitting in front of it.

None of those things are likely to be legal, but they are going to be profitable, and, with objects working actively to hide them from the government, not to mention from you, they’ll be hard to catch.

 

 

jaclaz

Link to comment
Share on other sites

For a while now, I've been seeing this wifi AP broadcasting in my neighborhood:

Type CH Signal BSSID Security SSID

AP BSS 6 28% 00:d0:2d:53:1e:fc OFF NewThermostat_531EFC

Edited by jumper
Link to comment
Share on other sites

Case in point as to why IoT is a bad idea...

Have no security fears though, because this thermostat-generated network disappears once you’ve finished Wi-Fi Setup.

This is from a guide on how to connect your new Honeywell Thermostat to a wireless network. If said SSID has been present "for a while" then it is likely a case where a technology is enabled by default where it probably shouldn't be.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...