Jump to content

Another reason why the IoT may not be that good an idea ...


jaclaz

Recommended Posts

Not strictly IOT related, but "close enough":

http://www.theinquirer.net/inquirer/news/2443276/wtf-lenovo-protects-your-backdoor-security-with-a-really-really-really-bad-password

You may want to take note of the statement by the good Lenovo guys:

In a statement Lenovo did not apologise, but it did say that it would now start to follow industry standards for protecting people.

 

(bolding/highlighting is mine)

 

jaclaz

 

Unbelievable. :rolleyes:

 

--JorgeA

Link to comment
Share on other sites


Here's another angle on the implications of the Internet of Things:

 

New Technologies Give Government Ample Means to Track Suspects, Study Finds

 

The products, ranging from “toasters to bedsheets, light bulbs, cameras, toothbrushes, door locks, cars, watches and other wearables,” will give the government increasing opportunities to track suspects and in many cases reconstruct communications and meetings.

 

He noted that in the current stalemate there was little discussion of the “ever-expanding ‘Internet of things,’ where telemetry from teakettles, televisions and light bulbs might prove surprisingly, and worryingly, amenable to subpoena from governments around the world.”

 

It boggles the mind to think that telemetry (hmm, where have we heard that word before?) from tea kettles or toothbrushes could be used to build a case against suspected enemies of the state.

 

--JorgeA

 

Link to comment
Share on other sites

Because power comes hand in hand with paranoia, that 's why. ;)

Regular, normal people mind their own business, they don't stick their nose in someone else's lives because they don't have the knowledge, the technology and the spare time for that. And they usually have no reason either.

Link to comment
Share on other sites

Why single out the government? It really gives an opportunity to anyone.

 

That's what the report in the newspaper article focused on, although of course the same could also apply to private malicious hackers.

 

--JorgeA

Link to comment
Share on other sites

Well, it's OFFICIAL :w00t::ph34r: now:

http://www.theguardian.com/technology/2016/feb/09/internet-of-things-smart-home-devices-government-surveillance-james-clapper

In an appearance at a Washington thinktank last month, the director of the National Security Agency, Adm Michael Rogers, said that it was time to consider making the home devices “more defensible”, but did not address the opportunities that increased numbers and even categories of connected devices provide to his surveillance agency.

However, James Clapper, the US director of national intelligence, was more direct in testimony submitted to the Senate on Tuesday as part of an assessment of threats facing the United States.

“In the future, intelligence services might use the [internet of things] for identification, surveillance, monitoring, location tracking, and targeting for recruitment, or to gain access to networks or user credentials,” Clapper said.

 

 

jaclaz

Link to comment
Share on other sites

VTECH has found a neat solution to security:

http://www.troyhunt.com/2016/02/no-vtech-cannot-simply-absolve-itself.html

changing the Limitation of liability in there T&C (Terms and Conditions) to include:

YOU ACKNOWLEDGE AND AGREE THAT ANY INFORMATION YOU SEND OR RECEIVE DURING YOUR USE OF THE SITE MAY NOT BE SECURE AND MAY BE INTERCEPTED OR LATER ACQUIRED BY UNAUTHORIZED PARTIES

 

 

:w00t::ph34r:

 

jaclaz

Edited by jaclaz
Link to comment
Share on other sites

Hackers take control of a TOILET

 

Hikohiro Lin, head of the firm's product security team, revealed that potty-minded researchers managed to hack their way into a bluetooth-enabled Japanese toilet.

 

These super-loos allow users to control various functions using a smartphone.

 

But researchers found that one of these high-tech toilets was protected with only a basic password.

 

This meant they could take control of the toilet, allowing them to flush it at an awkward moment or even surprise people by unexpectedly aiming a jet of water at their nether regions.

 

For the life of me, I can't figure out why you'd want to control a toilet with your smartphone, but there you go...

 

Merely the thought of installing an operating system on a commode just boggles the mind. Imagine the possibilities if it were Windows 10 IoT Core, phoning home. Do we really want to be that connected? :wacko:

Your toilet needs some updates and needs to restart.We've scheduled a time we think is convenient for you.

--JorgeA

 

Link to comment
Share on other sites

VTECH has found a neat solution to security:

http://www.troyhunt.com/2016/02/no-vtech-cannot-simply-absolve-itself.html

changing the Limitation of liability in there T&C (Terms and Conditions) to include:

YOU ACKNOWLEDGE AND AGREE THAT ANY INFORMATION YOU SEND OR RECEIVE DURING YOUR USE OF THE SITE MAY NOT BE SECURE AND MAY BE INTERCEPTED OR LATER ACQUIRED BY UNAUTHORIZED PARTIES

 

 

:w00t::ph34r:

 

jaclaz

 

Sounds outrageous, but I'm thinking that if (say) Microsoft, Google, and Apple were to adopt this type of clause in their user agreements, it might put the brakes on the whole cloud/IoT trend. :yes:

 

--JorgeA

Link to comment
Share on other sites

but, but,.... nobody reads them!!! (and being a nobody, you know I do, yes?)

 

Truly, most of the folks I help can't install a program without messing it up, much less actually read the EULA. That's why there's so much crapware that's entirely legal because the folks clicked "OK".

 

Sigh. :^)

Link to comment
Share on other sites

And (as actually expected) it is now the turn of Samsung (and their "smart" - please do notice the quotes - TV's):

http://www.thedailybeast.com/articles/2015/02/05/your-samsung-smarttv-is-spying-on-you-basically.html
http://theweek.com/speedreads/538379/samsung-warns-customers-not-discuss-personal-information-front-smart-tvs
 

A single sentence buried in a dense “privacy policy” for Samsung’s Internet-connected SmartTV advises users that its nifty voice command feature might capture more than just your request to play the latest episode of Downton Abbey.
“Please be aware that if your spoken words include personal or other sensitive information, that information will be among the data captured and transmitted to a third party,” the policy reads.

 

 

Samsung's official statement is on the same line as other similar statements:

 

"Samsung takes consumer privacy very seriously. In all of our Smart TVs we employ industry-standard security safeguards and practices, including data encryption, to secure consumers’ personal information and prevent unauthorized collection or use," the company said in a statement to The Daily Beast. "Voice recognition, which allows the user to control the TV using voice commands, is a Samsung Smart TV feature, which can be activated or deactivated by the user. The TV owner can also disconnect the TV from the Wi-Fi network.")

 

 

And the further knowledge that the "third party" is (currently) Nuance:

http://www.bbc.com/news/technology-31296188 

http://europe.newsweek.com/samsung-updates-smarttv-policy-names-third-party-collecting-voice-commands-305935?rm=eu

 

may help (or it may not), they are seemingly the same guys behind at least part of the Siri experience:

https://en.wikipedia.org/wiki/Nuance_Communications

 

jaclaz

Edited by jaclaz
Link to comment
Share on other sites

All of this for CCTV that you could otherwise port through the connection of a beeper............????/

I mean if I wanted a security system, I would just have the regular motion monitor with the motion sensor light. I remember when I was a kid I set off the one in my house. We had red lights and flashing lights blinking with nuclear-reactor sounds.

.

.

.

No we are going to use the same system that phones have been using from 1970 something ( UNIX ) and call it a security system with a little help from JAVA. Speaking of JAVA ( which I turned my back on ) it is actually really amazing the things you can do with it, outside of the web.

Edited by ROTS
Link to comment
Share on other sites

So far it seems that voice recognition is more generic and not like you see in Star Trek where the computer can tell who is actually speaking. So the ability to remotely order other people's devices is quite possible. This happened when Xbox One launched and during games people would say "xbox shut off" into their mic and other people in their game would suddenly disconnect. :ph34r:

Link to comment
Share on other sites

So far it seems that voice recognition is more generic and not like you see in Star Trek where the computer can tell who is actually speaking. So the ability to remotely order other people's devices is quite possible. This happened when Xbox One launched and during games people would say "xbox shut off" into their mic and other people in their game would suddenly disconnect. :ph34r:

... as expected, BTW, JFYI:

http://www.msfn.org/board/topic/173316-windows-10-prediction-and-os-ranking/#entry1092785

and actually something similar actually already happened:

http://www.msfn.org/board/topic/174201-windows-10-first-impressions/page-48#entry1102629

 

jaclaz

Link to comment
Share on other sites

Not sure if the following fits the subject of this thread exactly, but for lack of a better location, here goes:

 

Vizio's smart TVs are snitches, lawsuit alleges

 

INDIANAPOLIS — An Indiana man is suing TV manufacturer Vizio for collecting data about his viewing habits and selling it to third parties.

 

He also contends that people did not consent to and or know about Vizio’s practices, which are facing several legal challenges in other states.

 

The “defendant’s smart televisions collect personally identifying information … through its Smart Interactivity software, and then disclose this private information to third parties, such as advertisers or data brokers,” according to the class-action lawsuit, filed Thursday in the U.S. District Court here.

 

“What people don’t understand is in this era ... is who has access to your information and what they know about you,” said lawyer Lynn Toops at Cohen & Malad, whose firm is representing Trent Strader of Indianapolis. “Consumers need to understand that if they connect this TV to Internet, Vizio is collecting information and sending it to advertisers.”

 

--JorgeA

 

 

 

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...