Jump to content

Another reason why the IoT may not be that good an idea ...

jaclaz

By jaclaz
in Technology News

 Share

Recommended Posts

jaclaz

jaclaz

Posted
  • Author
Posted

And while I am at it, today it is Comcast/Xfinity:
http://www.wired.com/2016/01/xfinitys-security-system-flaws-open-homes-to-thieves/
 

Security researchers at Rapid7 have found vulnerabilities inComcast’s Xfinity Home Security system that would cause it to falsely report that a property’s windows and doors are closed and secured even if they’ve been opened; it could also fail to sense an intruder’s motion.

 
And much worse than that:

Comcast did not respond to a request for comment from WIRED. But after our story published, spokesperson Charlie Douglas sent a statement implying that all home security systems have the same problem and therefore Comcast shouldn’t be singled out. “Our home security system uses the same advanced, industry-standard technology as the nation’s top home security providers. The issue being raised is technology used by all home security systems that use wireless connectivity for door, window and other sensors to communicate.” WIRED was unable to verify if all other systems do indeed have the same problem.

 

jaclaz

Link to comment
Share on other sites

Tripredacus

Tripredacus

Posted
Posted

spokesperson Charlie Douglas sent a statement implying that all home security systems have the same problem

 

jaclaz

Not entirely sure about this effecting all security equipment. I can understand the blocking of the communication between the security panel and the monitoring company, but not the sensors. If the security panel loses connection with any of the sensors, it will trigger an alert. This happened to me personally, when I removed a sensor to replace a door. They received an alert that a sensor went offline/missing, even though the system was disarmed.

Link to comment
Share on other sites
jaclaz

jaclaz

Posted
  • Author
Posted

 

Not entirely sure about this effecting all security equipment. 

Of course not :no:, it was just a failed attempt by the PR to minimize the issue by making it a common issue to all systems, by putting the blame on the generic technology instead of the (flawed) specific implementation.

 

For NO apparent reason ;):

https://en.wikipedia.org/wiki/Così_fan_tutte

 

jaclaz

Link to comment
Share on other sites
JorgeA

JorgeA

Posted
Posted

 

I live in a Comcast area. While I haven't run across anybody quite that bad, in my years with them I have had one or two pretty tense phone chats with customer service reps. I'd say about half the time, the problem has to do more with incompetence or lack of knowledge, than with malice.

 

--JorgeA

Link to comment
Share on other sites
JorgeA

JorgeA

Posted
Posted (edited)

CES 2016: In the smart home, the user is the one kept in the dark about data

 

I was thinking about this yesterday as I talked with the folks at Smarter. Their mats are meant to monitor the weights of the assorted groceries in your pantry or refrigerator. Then, when the volume on your salsa or your Speculoos or your barley dips low, the mat pings your phone, which in turn pings you with a reminder to buy more. According to Smarter, a feature of this system is its location-awareness; as you pass Trader Joe's, your smartphone alerts you that hey, you just happen to be by the great Speculoos-and-salsa store, so pick some up.

 

Let's itemize some of the information that goes into that if-then-Speculoos sequence:

 

1. The types of food you have in the house

2. How frequently you consume an individual unit of those foodstuffs

3. Where you are at a given point in space and time

4. Whether or not you replenished your food within a 24-hour period of receiving a location-based alert

 

No room for mischief in any of that, now is there?  :dubbio:

 

--JorgeA

Edited by JorgeA
Link to comment
Share on other sites
Drugwash

Drugwash

Posted
Posted

It's only when one gets a severe warning on their TV screen from their doctor for not following a certain diet and then a fine (or worse) from the police for ignoring doctor's advices that we wake up to realise what a sick, demented world we got to be living in. And some dare say we did it to ourselves! Hm, maybe by ignoring the signs and accepting (tiny) compromises…?

Link to comment
Share on other sites
jaclaz

jaclaz

Posted
  • Author
Posted

The new word for today is "agnotology".

https://en.wikipedia.org/wiki/Agnotology

 

It helps to believe how ignorance is not our own fault but of the "system", which leads us to "agnoiology" (and that makes two new words for today), from an article by Keith Lehrer cited here:

http://judithcurry.com/2011/07/11/agnotology-agnoiology-and-cognitronics/

A person may reasonably accept some experimental report, hypothesis or theory because there is a consensus among an appropriate reference group of experts. It may be unreasonable, moreover, for a person to accept such statements when there is a consensus against such acceptance. A person may, however, conclude on the basis of careful study that the experts are in error. Having concluded thus, he may reasonable dissent from the experts, refusing to accept what they do, or accepting what they do not. For such a man, dissensus is reasonable and conformity counterproductive. When is it reasonable for a person to conform to a consensus and when is it reasonable for him to dissent?

We shall answer the question in terms of an intellectual concern of science and rational inquiry. Succintly stated, the concern is to obtain truth and avoid error. We shall argue that consensus among a reference group of experts thus concerned is relevant only if agreement is not sought. If a consensus arises unsought in the search for truth and the avoidance of error, such consensus provides grounds which, though they may be overridden, suffice for concluding that conformity is reasonable and dissent is not. If, however, consensus is aimed at by the members of the reference group and arrived at by intent, it becomes conspiratorial and irrelevant to our intellectual concern.

 

jaclaz

Link to comment
Share on other sites
Tripredacus

Tripredacus

Posted
Posted

CES 2016: In the smart home, the user is the one kept in the dark about data

 

Let's itemize some of the information that goes into that if-then-Speculoos sequence:

1. The types of food you have in the house

2. How frequently you consume an individual unit of those foodstuffs

3. Where you are at a given point in space and time

4. Whether or not you replenished your food within a 24-hour period of receiving a location-based alert

 

--JorgeA

I've seen this somewhere before...

Oh right

The-Sims-2-screenshot-the-sims-2-3433012

Link to comment
Share on other sites
JorgeA

JorgeA

Posted
Posted (edited)

Your smart doorbell may let in unwanted visitors

 

...First the hardware is fixed outside the door using two screws, making it easy to steal -- so much so that the company is offering free replacements for nabbed products.

 

That factor adds to the bigger problem, as pointed out in the study:

 

The doorbell is only secured to its back plate by two standard screws. This means that it is possible for an attacker to gain access to the homeowner’s wireless network by unscrewing the Ring, pressing the setup button and accessing the configuration URL.

 

As it is just a simple URL this can be performed quite easily from a mobile device such as a phone and could be performed without any visible form of tampering to the unit.

 

Ring has fixed this problem and it did so quickly after the researchers alerted them to it. Now its up to users to make sure their doorbells are up to date, which seems like a very strange thing to say.

 

--JorgeA

Edited by JorgeA
Link to comment
Share on other sites
jaclaz

jaclaz

Posted
  • Author
Posted

To be fair, that "Ring" (doorbell) thingy issue is not strictly about IOT (in)security but about generic design stupidity. :w00t::ph34r:

 

The "firmware fix" (provided that it is actually effective) is meaningless, the real issue is that you have a device connected to your (wireless) network OUTSIDE your house AND NOT inside a locked, resistant, secured, TAMPERPROOF container, set aside the software issue there are most probably several ways to dump the memory of the device and get the credentials if you have physical access to it.

 

 

Here is the actual report/research:

https://www.pentestpartners.com/blog/steal-your-wi-fi-key-from-your-doorbell-iot-wtf/

 

In any case, and set aside the (in)security of the thingy, it's similar to putting two benjamins tacked on your front door together with a note spelling "Free money, please take it" (though it has to be seen how the device will sell on the - hmmm let's say "second hand" - market ;)).

 

jaclaz

Link to comment
Share on other sites
jaclaz

jaclaz

Posted
  • Author
Posted

Only partially IoT related, but interesting, will the advent of Wi-Fi and IoT cause social clashes with family and friends? :unsure:

 

http://www.troyhunt.com/2015/12/no-you-cant-join-my-wifi-network.html

 

 

 

No, you can’t join my wifi network

 

I’ve had a couple of experiences recently where guests have come to stay and then requested to jump on my wifi. In each case, I’ve declined and in turn they have expressed some degree of shock and outrage. Because it will happen again and because I don’t want upset guests staying in my house, allow me to articulate clearly and objectively why my network is off limits and why perhaps you too want to think twice about allowing access to yours.

It’s not that I don't trust my guests…

Let’s start here because usually just after “No, you can’t get on my network”, I hear “What – don’t you trust me?” and it’s entirely the wrong question for them to ask. The correct question is “What – you don’t trust other people?” to which the answer is an emphatic agreement – I don’t trust other people.

There are so many precedents of environments being compromised not due to malicious intent on behalf of the individual involved, but because of the access they have which is then exploited by a malicious party. That might mean as a result of introducing an infected machine into the network or picking up something unsavoury while they’re browsing around behind the confines of your firewall.

 

 

jaclaz

Link to comment
Share on other sites
JorgeA

JorgeA

Posted
Posted

^^ Well, I can see how that could lead to awkward conversations with your guests, comparable to "What, you won't let me use your bathroom?!?!"

 

Just as the way to avoid that uncomfortable situation would be not to have any bathrooms in the house,  ;)  the (more feasible) solution to the Wi-Fi situation is not to have Wi-Fi in the house.

 

--JorgeA

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...