X10 Community Forum

💬General Category => General Discussion => Topic started by: dhouston on March 28, 2014, 07:04:41 AM

Title: Proposed standards for Internet of Things
Post by: dhouston on March 28, 2014, 07:04:41 AM
While it does not address security, per se, a proposal from several major manufacturers that would create interoperability standards for IoT devices is encouraging. Their interest is industrial applications but I think it inevitable that similar standards will evolve for the types of devices of interest here.
Title: Re: Proposed standards for Internet of Things
Post by: dhouston on April 08, 2014, 06:32:37 AM
An article in today's NYT indicates that 25%-75% of corporate network hacker penetration comes by way of third party devices/systems connected to the corporate network.
HVAC systems, vending machines, even online menus from restaurants frequented by employees are among the exploits. As IoT devices proliferate in homes, hackers are sure to follow.
Title: Re: Proposed standards for Internet of Things
Post by: dhouston on April 11, 2014, 07:48:00 AM
The OpenSSL Heartbleed bug, currently in the news, is likely to affect a multitude of embedded devices (e.g. routers) used in home networks, most of which use open-sores versions of Linux.
You should check with the manufacturers of your various devices to see whether their hardware is affected and, if so, how to fix the problem.
Title: Re: Proposed standards for Internet of Things
Post by: dave w on April 17, 2014, 08:21:36 PM
I think it only a matter of time before we have our own Fukushima or total collapse of the grid, do to hacking. Seems like the "IoT" will only exacerbate that threat.
Title: Re: Proposed standards for Internet of Things
Post by: dhouston on April 17, 2014, 09:49:47 PM
And I've expected a catastrophic cloudburst ever since cloud computing became the latest thing.

I had to change a couple of online passwords where OpenSSL was in use. My wireless router did not use it but I'm not sure how to check whether my Smart TV uses it nor how to update it in case it does.

EDIT: Vizio tech support tells me my TV is not affected by Heartbleed.
Title: Re: Proposed standards for Internet of Things
Post by: Brian H on April 18, 2014, 06:05:48 AM
There was a news story here in CT. On constant attacks on the utilities from all around the world. In hopes of taking down the power grid and other utilities. As most are controlled by computers.  ???
Title: Re: Proposed standards for Internet of Things
Post by: HA Dave on April 18, 2014, 10:33:29 PM
There was a news story here in CT. On constant attacks on the utilities from all around the world. In hopes of taking down the power grid and other utilities. As most are controlled by computers.  ???

Doesn't the nations communications (network and phone) backbone run through there too?  

I think it only a matter of time before we have our own Fukushima or total collapse of the grid, do to hacking. Seems like the "IoT" will only exacerbate that threat.

I think it's already happened! Actually I am pretty positive the NSA already has complete access to all PC's, and phones (mobile and landline), along with the records of all the traffic by the device users. And if the bumbling idiots in the government can do that... who can't?!?!?!?

There are no secrets... and any device.... gadget or structure can be broken into. Your phones, your PC's, your steel clad front door, the fireproof safe.... all are easy to get into. A half a century ago.... the police had devices that could listen to conversations whispered in a bedroom. Privacy... is an illusion. 
Title: Re: Proposed standards for Internet of Things
Post by: dhouston on June 02, 2014, 07:34:02 AM
The author of this article in the NYT shares my concerns with IoT security.
While it doesn't address IoT security explicitly, here is an excellent security primer for those using iOS or Android devices.
Title: Re: Proposed standards for Internet of Things
Post by: dhouston on June 03, 2014, 09:56:57 AM
A Heartbleed variant called Cupid allows hackers to penetrate networks (home and commercial) through WiFi routers.
Title: Re: Proposed standards for Internet of Things
Post by: Brian H on June 04, 2014, 06:12:18 AM
I have seen web posts. That some of the larger Cable Companies {Comcast for one} now use the WiFi interface they supply. For local hot spots for their systems.
Customer does not see the data used by the hot spots as part of their monthly data usage.

IMHO.
Going to cloud storage and use is a real bad idea.
I have seen the Insteon HUB users standing out in the cold. When the cloud service went down.
Title: Re: Proposed standards for Internet of Things
Post by: HA Dave on June 04, 2014, 01:10:03 PM
.....
IMHO.
Going to cloud storage and use is a real bad idea.
I have seen the Insteon HUB users standing out in the cold. When the cloud service went down.

Of course you're correct! As the world... and our technologies.... get more advanced/complex the more interdependent and fragile they become. But what do we do? Kerosene lamps, wood burning stoves, letter writing instead of email, and [automation] club memberships instead of forums? To be honest.... that doesn't sound half bad. But it's never going to happen.

We've eliminated the drudgery of cleaning soot from lanterns and chimneys... with the boredom of updating software and running virus scans. The recent events with X10 have taught us all that all things sooner or later do fail. Efforts and risks will forever alter and change. We just keep changing and altering with them. Nothing lasts forever. 
Title: Re: Proposed standards for Internet of Things
Post by: dhouston on June 04, 2014, 02:56:59 PM
I'm no Luddite - I tend to surf the bleeding edge of technology - but I do think it important to be aware of the security issues that these new technologies present and to point to 'best practice' methods.

I try to avoid clouds, preferring the sunny side of the street. Not only are there those issues noted about Insteon Hub cloud services and X10 servers but I see no reason why security cameras need to connect to remote servers. For data backup, I prefer local HDDs. I have a 500GB USB HDD connected to each PC plus a 1TB USB HDD connected to my router, providing common storage for all my network devices. While I have to worry about security issues vis a vis my router, I don't have to worry about little birdies (NSA drones) flying through remote clouds coming across my data.

A little more about 'best practices'...
My WiFi router does not advertise its presence, is password protected and uses MAC filtering for all WiFi connections. My main PC runs an antivirus scan daily. Other PCs, which are only on occasionally, run a virus scan at least once a week. I have implemented most, although not all, of these 'best practices'...
Title: Re: Proposed standards for Internet of Things
Post by: JeffVolp on June 04, 2014, 06:53:49 PM
For data backup, I prefer local HDDs. I have a 500GB USB HDD connected to each PC plus a 1TB USB HDD connected to my router, providing common storage for all my network devices.

I agree with you.  All the PCs I've built have at least 2 physical hard drives, and the second is used for on-line backup.  More recently I'm using the huge memory sticks for off site backup.  I just bought another 128G for $40 to back up all our photographs.  It is incredible how cheap storage has become.

Jeff
Title: Re: Proposed standards for Internet of Things
Post by: dhouston on June 04, 2014, 07:17:01 PM
It is incredible how cheap storage has become.
Agreed! Yesterday I saw an eBay vendor selling 32GB microSDHC cards with SD adapter for $0.99 + $2.00 shipping.

When I later tried to order, the page appeared to be a mistake as neither the Buy Now or Add to Cart buttons would work. Going to the vendors store revealed a $9 price + $2 shipping.
Title: Re: Proposed standards for Internet of Things
Post by: dhouston on June 04, 2014, 07:23:23 PM
...some of the larger Cable Companies {Comcast for one} now use the WiFi interface they supply. For local hot spots for their systems.
Those might prove to be more tempting targets for war-drivers than run-of-the-mill home routers.
And, they are also likely to be vulnerable to man-in-the-middle attacks by exploiting a newly discovered 10 year old bug in OpenSSL.
And now comes yet another OpenSSL bug. This one is 15 years old. So much for the virtues of open-sores software.
And, it continues - seven security flaws have NOW been found and patched in OpenSSL.
Title: Re: Proposed standards for Internet of Things
Post by: dhouston on June 12, 2014, 03:28:30 PM
I have seen web posts. That some of the larger Cable Companies {Comcast for one} now use the WiFi interface they supply. For local hot spots for their systems.
Soon we may see...Comcast turns 50,000 home networks into hacker's amusement park.
Title: Re: Proposed standards for Internet of Things
Post by: dhouston on June 23, 2014, 09:30:13 AM
There's a new heavyweight player in the game.

Wink - Smart Home Hub
and...
Title: Re: Proposed standards for Internet of Things
Post by: dhouston on July 09, 2014, 09:20:48 AM
Time Magazine has an article on yet another smart integrator, SmartThings which makes a hub that communicates with lights, outlets, sensors, etc. Unfortunately, the article is short on technical details.
Perhaps, the SmartThings webpage will give more details.
The list of protocols supported does not include X-10 but it may be possible to interface with any new WiFi device from X-10.
From the SmartThings developer documentation...
Quote
What Protocols Does It Support?

We wanted to support as many off-the-shelf devices as possible, out-of-the-box. We also wanted to limit radio interference. So we chose to support the following protocols in the SmartThings Hub:

    ZigBee - A Personal Area Mesh Networking standard for connecting and controlling devices. ZigBee is an open standard supported by the ZigBee Alliance. For more information on ZigBee see http://en.wikipedia.org/wiki/ZigBee.
    Z-Wave - A proprietary wireless protocol for Home Automation and Lighting Control. For more information on Z-Wave see http://en.wikipedia.org/wiki/Z-Wave.
    IP-Connected Devices - Local Area Network (LAN) connected devices (both hard-wired and WiFi) within the home can be connected to the SmartThings Hub.
    Cloud-Connected Devices - Some device manufacturers have their own Cloud solutions that support their devices and want us to connect to them. Most of these devices are actually WiFi connected devices, but they connect to a proprietary set of Cloud services and therefore we have to go through those services to gain access to the device.
It is cloud-based which will make it a big, fat, juicy target for hackers.
Title: Re: Proposed standards for Internet of Things
Post by: dhouston on July 10, 2014, 03:23:55 AM
It seems yet another consortium of manufacturers is creating yet another standard for IoT connectivity
which is likely to impede system-wide integration rather than foster it.
The Federal Trade Commission held a workshop late last year on privacy and security issues involved with IoT.
Title: Re: Proposed standards for Internet of Things
Post by: dhouston on July 17, 2014, 07:32:50 AM
And yet another consortium...
Title: Re: Proposed standards for Internet of Things
Post by: dhouston on August 04, 2014, 07:38:59 AM
LIFX LED bulbs had a security flaw which allowed researchers to get passwords by posing as a new WiFi-enabled light bulb. LIFX says they have now plugged the hole.
There are likely to be thousands more such issues as more and more IoT dwvices are introduced.
Title: Re: Proposed standards for Internet of Things
Post by: dhouston on September 11, 2014, 09:15:23 AM
Here's a good article on the need for both security and interoperability of IoT devices/systems.
Title: Re: Proposed standards for Internet of Things
Post by: dhouston on October 08, 2014, 09:15:02 AM
This is encouraging...
Quote
Microsoft CEO Satya Nadella said Windows has been re-architected to give it a central role in the IoT (Internet of things. He sees the company's upcoming operating system Windows 10 as integral in managing every aspect of the IoT, from the sensors, mechanical systems, to the applications and analytics that underlie it.

This might help standardize things and, if MS can provide an IoT interface, it should also help with security. While there have been security issues with Windows, MS has always responded fairly quickly with fixes.
Title: Re: Proposed standards for Internet of Things
Post by: dhouston on December 31, 2014, 11:00:21 AM
Here's a recent article on IoT Standards...
http://www.pcworld.com/article/2863572/iot-groups-are-like-an-orchestra-tuning-up-the-music-starts-in-2016.html (http://www.pcworld.com/article/2863572/iot-groups-are-like-an-orchestra-tuning-up-the-music-starts-in-2016.html)

And here is an article on just how big a deal IoT will become...
http://www.wired.com/2014/12/enterprises-billions-of-devices-internet/ (http://www.wired.com/2014/12/enterprises-billions-of-devices-internet/)
Title: Re: Proposed standards for Internet of Things
Post by: dhouston on January 05, 2015, 08:44:41 AM
While this has nothing to do with IoT standards it might be of interest.
http://www.bitdefender.com/box/?icid=NA_box_homepage_banner (http://www.bitdefender.com/box/?icid=NA_box_homepage_banner)
There's very little information on the web page but it is claimed to offer security for IoT devices.
Title: Re: Proposed standards for Internet of Things
Post by: dhouston on January 15, 2015, 06:34:44 PM
Another long extant bug has been discovered in routers (12 million in total) from numerous manufacturers.
http://arstechnica.com/security/2014/12/12-million-home-and-business-routers-vulnerable-to-critical-hijacking-hack/ (http://arstechnica.com/security/2014/12/12-million-home-and-business-routers-vulnerable-to-critical-hijacking-hack/)
It can be extremely difficult to determine whether or not your router is affected. In a few such cases I have resorted to email to the hardware manufacturer, asking whether their hardware was vulnerable.
Title: Re: Proposed standards for Internet of Things
Post by: dhouston on January 22, 2015, 04:47:19 AM
Here's a NYT article related to standards (or the lack thereof)...
http://www.nytimes.com/2015/01/22/garden/the-rise-of-the-smartbulb.html (http://www.nytimes.com/2015/01/22/garden/the-rise-of-the-smartbulb.html)
Title: Re: Proposed standards for Internet of Things
Post by: HA Dave on January 22, 2015, 12:01:07 PM
Here's a NYT article related to standards (or the lack thereof)...
http://www.nytimes.com/2015/01/22/garden/the-rise-of-the-smartbulb.html (http://www.nytimes.com/2015/01/22/garden/the-rise-of-the-smartbulb.html)

For years I have repeated that IMHO home automation was a niche market. The new products have proved me wrong. Apparently the marketing people now have to find and define all us nerdy automation types and convince us to all march to the beat of the same drummer (or at least a limited number of different drummers).

Because of what recent events in technology has done to X10... this has all been a bit depressing. Yet... the possibilities are also very exciting. 
Title: Re: Proposed standards for Internet of Things
Post by: dhouston on January 28, 2015, 06:53:02 AM
The FTC seems to, at least, be aware of the enormous security risks these things present.
http://bits.blogs.nytimes.com/2015/01/27/f-t-c-calls-for-strong-data-and-privacy-protection-with-connected-devices/?ref=business (http://bits.blogs.nytimes.com/2015/01/27/f-t-c-calls-for-strong-data-and-privacy-protection-with-connected-devices/?ref=business)
Title: Re: Proposed standards for Internet of Things
Post by: dhouston on February 09, 2015, 07:02:52 AM
Last night, in a 60 Minutes segment, Lesley Stahl touched on the security issues related to IoT but devoted most of her time to demonstrating a wireless hacker takeover of a car via its emergency communications system.
http://2paragraphs.com/2015/02/hackers-can-now-control-your-car-while-youre-driving/ (http://2paragraphs.com/2015/02/hackers-can-now-control-your-car-while-youre-driving/)
And then there's this...
http://www.nytimes.com/2015/02/09/business/report-sees-weak-security-in-cars-wireless-systems.html?ref=business (http://www.nytimes.com/2015/02/09/business/report-sees-weak-security-in-cars-wireless-systems.html?ref=business)
And this...
http://www.theregister.co.uk/2015/02/09/samsung_listens_in_to_everything_you_say_to_your_smart_tellie/ (http://www.theregister.co.uk/2015/02/09/samsung_listens_in_to_everything_you_say_to_your_smart_tellie/)
http://www.bbc.co.uk/news/technology-31360870 (http://www.bbc.co.uk/news/technology-31360870)
Title: Re: Proposed standards for Internet of Things
Post by: hazlett on February 10, 2015, 11:20:35 PM
I was a bit surprise after knowing that even trucks are not safe for hackers.
http://www.esecurityplanet.com/network-security/report-warns-of-cyber-security-vulnerabilities-in-cars-trucks.html
Title: Re: Proposed standards for Internet of Things
Post by: HA Dave on February 11, 2015, 12:53:54 AM
I was a bit surprise after knowing that even trucks are not safe for hackers.
http://www.esecurityplanet.com/network-security/report-warns-of-cyber-security-vulnerabilities-in-cars-trucks.html


I wouldn't place too much faith (or any trust) in these government reports released by Washington leftist's [U.S. Senator Edward Markey (D-Mass)] on the verge of an FCC take over of the Internet.
Title: Re: Proposed standards for Internet of Things
Post by: dhouston on March 09, 2015, 06:18:10 PM
There was an article in today's Pittsburgh Post Gazette that said, in effect, that you shouldn't install any IoT thingy if there would be important issues should it prove hackable.
http://www.govtech.com/products/Your-Smart-Home-Devices-Might-be-Smart-but-Are-They-Secure.html (http://www.govtech.com/products/Your-Smart-Home-Devices-Might-be-Smart-but-Are-They-Secure.html)

That said, I've no clue whether the ESP8266 WiFi module or the JY-MCU Bluetooth module I plan to support in the X10 controller I'm designing will be secure. I will include a disclaimer to that effect. http://davehouston.org/ultimate-X10.htm (http://davehouston.org/ultimate-X10.htm)
Title: Re: Proposed standards for Internet of Things
Post by: dhouston on March 10, 2015, 07:16:53 AM
Finally - a practical thing...http://www.nytimes.com/2015/03/10/business/smart-luggage-for-the-connected-age.html?ref=technology (http://www.nytimes.com/2015/03/10/business/smart-luggage-for-the-connected-age.html?ref=technology)
I haven't flown in many years but from the mid-70s thru mid-80s I probably averaged 8-10 flights per week. After many cases of lost luggage (Everytime I went to St. Louis they lost my bags.) I learned to take everything I needed in a carry-on garment bag.
Title: Re: Proposed standards for Internet of Things
Post by: HA Dave on March 10, 2015, 09:22:07 AM
I've been looking at the BT/WiFi battery powered chips that attaches to items you want to keep track of... currently marketed for finding keys, wallets, and cell phones.

The concept usually involves downloading an app that can communicate with the chips and locate your own. One brand is featuring an app that reports the location of every chip it discovers (apparently to the cloud servers). I think the idea involves using the cloud so that a chip can be discovered (eventually) anywhere in the world.

This type of device.... could be a fascinating thief prevention tool if the apps and chip technology was to become standardized.   
Title: Re: Proposed standards for Internet of Things
Post by: dhouston on March 13, 2015, 11:13:57 PM
This was written in June of last year - wish I had come across it sooner. Welcome to the future.
http://www.wired.com/2014/06/the-nightmare-on-connected-home-street/ (http://www.wired.com/2014/06/the-nightmare-on-connected-home-street/)
Title: Re: Proposed standards for Internet of Things
Post by: dhouston on May 23, 2015, 10:13:51 AM
This might help (or hinder) standardization for IoT thingys.
http://tech.firstpost.com/news-analysis/google-is-developing-brillo-a-new-android-based-os-for-internet-of-things-report-268007.html (http://tech.firstpost.com/news-analysis/google-is-developing-brillo-a-new-android-based-os-for-internet-of-things-report-268007.html)
Title: Re: Proposed standards for Internet of Things
Post by: dhouston on June 06, 2015, 07:56:40 AM
While it does not address security, this WP article does address the central issue of interoperability of multiple sensors/systems.
http://www.washingtonpost.com/blogs/the-switch/wp/2015/06/05/apple-and-google-set-their-sights-on-their-next-battleground-your-home/ (http://www.washingtonpost.com/blogs/the-switch/wp/2015/06/05/apple-and-google-set-their-sights-on-their-next-battleground-your-home/)
Title: Re: Proposed standards for Internet of Things
Post by: dhouston on June 24, 2015, 11:15:42 AM
And here is yet another article bemoaning the lack of interoperability.
http://phys.org/news/2015-06-hitch-smart-home.html#nRlv (http://phys.org/news/2015-06-hitch-smart-home.html#nRlv)
Title: Re: Proposed standards for Internet of Things
Post by: dhouston on June 24, 2015, 03:27:04 PM
Here's another (not so) Smart device.
http://venturebeat.com/2015/06/24/you-can-now-play-jay-z-through-a-light-bulb-but-do-you-want-to/ (http://venturebeat.com/2015/06/24/you-can-now-play-jay-z-through-a-light-bulb-but-do-you-want-to/)
Title: Re: Proposed standards for Internet of Things
Post by: dhouston on June 29, 2015, 09:19:20 AM
Here's a lengthy, in depth article exploring what the federal government is and is not doing regarding IoT.
http://www.politico.com/agenda/story/2015/06/internet-of-things-caucus-legislation-regulation-000086?hp=t3_r (http://www.politico.com/agenda/story/2015/06/internet-of-things-caucus-legislation-regulation-000086?hp=t3_r)
Title: Re: Proposed standards for Internet of Things
Post by: dhouston on August 11, 2015, 04:13:36 PM
Here's yet another IoT security issue...
http://www.zdnet.com/article/critical-security-flaws-leave-connected-home-devices-vulnerable/ (http://www.zdnet.com/article/critical-security-flaws-leave-connected-home-devices-vulnerable/)
Title: Re: Proposed standards for Internet of Things
Post by: dhouston on November 07, 2015, 02:06:25 PM
Here's a link to the most comprehensive article I've yet seen on IoT.
http://arstechnica.com/unite/2015/10/the-future-is-the-internet-of-things-deal-with-it/ (http://arstechnica.com/unite/2015/10/the-future-is-the-internet-of-things-deal-with-it/)
Title: Re: Proposed standards for Internet of Things
Post by: dhouston on February 09, 2016, 01:05:40 PM
Here's a search engine for IoT devices. You can see which of your devices are being spied upon.
https://www.shodan.io/ (https://www.shodan.io/)
Title: Re: Proposed standards for Internet of Things
Post by: dhouston on February 10, 2016, 10:38:13 AM
Here's yet another article on the personal data that can be gathered from IoT devices...
http://fortune.com/2016/02/10/why-no-one-should-be-surprised-the-internet-of-things-is-a-gift-to-spies/?xid=gn_editorspicks&google_editors_picks=true (http://fortune.com/2016/02/10/why-no-one-should-be-surprised-the-internet-of-things-is-a-gift-to-spies/?xid=gn_editorspicks&google_editors_picks=true)
Title: Re: Proposed standards for Internet of Things
Post by: bkenobi on February 10, 2016, 02:12:49 PM
And looking at the comments section...<crickets>.  No one seems to care.  They already give all that type of information away to the worlds riches marketing company (Facebook), so why not let the NSA know how you walk and where you go too?  I've pointed this type of issue out to people I consider rational and they generally give me a response that suggests I'm a paranoid conspiracy theorist.  Realistically though, it doesn't matter if I never go to facebook or not as my wife posts enough pictures an info for the both of us... B:(
Title: Re: Proposed standards for Internet of Things
Post by: Tuicemen on February 10, 2016, 03:21:55 PM
  Realistically though, it doesn't matter if I never go to facebook or not as my wife posts enough pictures an info for the both of us... B:(
There are enough of us it that boat Now!  rofl
Title: Re: Proposed standards for Internet of Things
Post by: dhouston on February 26, 2016, 08:09:00 AM
Here's an interesting article on IoT...
https://www.washingtonpost.com/news/innovations/wp/2016/02/26/whats-blocking-smart-beds-from-helping-you-get-a-great-nights-rest/ (https://www.washingtonpost.com/news/innovations/wp/2016/02/26/whats-blocking-smart-beds-from-helping-you-get-a-great-nights-rest/)
Title: Re: Proposed standards for Internet of Things
Post by: bkenobi on February 26, 2016, 10:17:43 AM
I like how they gloss over the most ignored part (security).  It's cool when you can watch your dog at home from work.  It's not quite as cool when a peeping Tom watches you when you are home or a burglar figures out when you are not...

I'm usually an early adopter of technologies, but since MyBook and FaceSpace came out years ago, I've been wary of privacy issues too.  Now it will be possible to know when someone is home and washing their hair due to status alerts and then turn on the camera to see if they washed behind their ears!
Title: Re: Proposed standards for Internet of Things
Post by: dhouston on February 26, 2016, 11:38:32 AM
This article notes one of the scariest things, IMHO, about clouds. Most, if not all, cloud servers run Linux and, as the article states, "...three-quarters of the vulnerabilities out there are on Linux and Mac machines". And it notes that Mac software has its roots in Linux, as well.
http://www.technewsworld.com/story/83158.html?google_editors_picks=true (http://www.technewsworld.com/story/83158.html?google_editors_picks=true)

I've never understood why open sores advocates think Linux more secure when the fact that all the bad guys can see the source code makes finding, creating and exploiting security flaws all the easier. We've seen a number of 20+ year old flaws discovered recently and I expect that is just the tip of the iceberg.

I've a large capacity HDD arriving today that will go into a WiFi-enabled housing, leaving me nothing but blue skies from now on (assuming my router has no security holes - most routers are also Linux based).
Title: Re: Proposed standards for Internet of Things
Post by: 3Com on February 26, 2016, 11:09:04 PM
Hello everyone. New kid on the block here.

Quote
I've a large capacity HDD arriving today that will go into a WiFi-enabled housing, leaving me nothing but blue skies from now on (assuming my router has no security holes - most routers are also Linux based).
Last famous words. dhouston, I hope you don't have an Asus router  ;) . Based on the article linked below there might be some hope as far as improving security in IoT.

http://arstechnica.com/security/2016/02/asus-lawsuit-puts-entire-industry-on-notice-over-shoddy-router-security/
Title: Re: Proposed standards for Internet of Things
Post by: dhouston on February 27, 2016, 05:59:55 AM
No - mine is not Asus nor any of those mentioned in the article you linked to but I was aware of the Asus (and some other) security issues when I made the router reference. I was also aware of the problems with Belkin's WeMo home automation devices which, apparently, connect directly to the Internet, bypassing the router and this is the thing I find most worrisome about IoT.

This site lists historical vulnerabilities by vendor if you want check your on own gear.
http://www.cvedetails.com/index.php (http://www.cvedetails.com/index.php)
Title: Re: Proposed standards for Internet of Things
Post by: 3Com on February 27, 2016, 03:02:26 PM
Quote
This site lists historical vulnerabilities by vendor if you want check your on own gear.
http://www.cvedetails.com/index.php
Good info. Thanks for the link.
Title: Re: Proposed standards for Internet of Things
Post by: dhouston on February 28, 2016, 07:25:56 AM
I guess not all clouds are dark. Here's one (only mentioned peripherally in the article) that's beneficial.
http://www.nytimes.com/2016/02/23/health/a-do-it-yourself-revolution-in-diabetes-care.html?ref=health (http://www.nytimes.com/2016/02/23/health/a-do-it-yourself-revolution-in-diabetes-care.html?ref=health)
Title: Re: Proposed standards for Internet of Things
Post by: dhouston on May 26, 2016, 10:53:09 AM
Here is an attempt to address security of IoT devices...
http://www.computerworld.com/article/3075438/security/iot-security-is-getting-its-own-crash-tests.html?google_editors_picks=true (http://www.computerworld.com/article/3075438/security/iot-security-is-getting-its-own-crash-tests.html?google_editors_picks=true)
Title: Re: Proposed standards for Internet of Things
Post by: dhouston on September 27, 2016, 11:31:52 AM
My apologies for reawakening an old topic but there has just been a massive Distributed Denial of Service (DDoS) attack that used hijacked routers, cameras and other Linux based IoT devices to shut down Krebs on Security after he wrote about this very topic.
http://www.networkworld.com/article/3123672/security/largest-ddos-attack-ever-delivered-by-botnet-of-hijacked-iot-devices.html (http://www.networkworld.com/article/3123672/security/largest-ddos-attack-ever-delivered-by-botnet-of-hijacked-iot-devices.html)
http://www.networkworld.com/article/3123806/security/krebsonsecurity-moves-to-project-shield-for-protection-against-ddos-attack-censorship.html?google_editors_picks=true (http://www.networkworld.com/article/3123806/security/krebsonsecurity-moves-to-project-shield-for-protection-against-ddos-attack-censorship.html?google_editors_picks=true)
Title: Re: Proposed standards for Internet of Things
Post by: bkenobi on September 27, 2016, 04:59:41 PM
So light bulbs ARE dangerous!   -:)
Title: Re: Proposed standards for Internet of Things
Post by: dhouston on September 28, 2016, 10:15:49 AM
So light bulbs ARE dangerous!   -:)
Anything with an IP address is potentially at risk but I suspect those most at risk have a bit more processing power. Routers, IP cameras and digital video recorders (DVRs) are mentioned in most of the reports.
Title: Re: Proposed standards for Internet of Things
Post by: bkenobi on September 28, 2016, 11:01:41 AM
Sounds like the primary issue is using the default user name/password on an externally exposed device.  There are other issues, but if those are changed, the bot looking for new victims will likely move on to easier targets.  I doubt light bulbs would be included in this type of attack, but that doesn't mean they couldn't be utilized in the future.
Title: Re: Proposed standards for Internet of Things
Post by: dhouston on September 28, 2016, 12:17:33 PM
Also, because they are capturing thousands (or hundreds of thousands) of devices, the outbound traffic volume from any single device may not always be obvious, making detection somewhat difficult. One online article said, "the source of the junk traffic was a botnet made up of 145,607 hacked digital video recorders and IP cameras".

And, I've seen other articles about lax (or lacking) security for cloud connections for IoT type devices.

With $5-10 WiFi IoT style processors coming down the pike (or already here), I have to wonder what security features they have.

https://www.wemos.cc/product/d1-mini-pro.html (https://www.wemos.cc/product/d1-mini-pro.html)

https://www.kickstarter.com/projects/onion/omega2-5-iot-computer-with-wi-fi-powered-by-linux/description (https://www.kickstarter.com/projects/onion/omega2-5-iot-computer-with-wi-fi-powered-by-linux/description)

http://www.computerworld.com/article/3124779/internet-of-things/make-a-wi-fi-gadget-with-a-999-orange-pi-development-board.html (http://www.computerworld.com/article/3124779/internet-of-things/make-a-wi-fi-gadget-with-a-999-orange-pi-development-board.html)
Title: Re: Proposed standards for Internet of Things
Post by: dhouston on October 14, 2016, 08:12:57 AM
Here's yet another article that addresses the need for IoT standards...
http://www.nytimes.com/2016/10/14/automobiles/steering-cars-toward-the-internet-of-things-on-ramp.html?ref=business (http://www.nytimes.com/2016/10/14/automobiles/steering-cars-toward-the-internet-of-things-on-ramp.html?ref=business)
Title: Re: Proposed standards for Internet of Things
Post by: dhouston on October 14, 2016, 02:06:08 PM
And here's another article addressing the lack of security on most residential IoT devices.
http://www.csoonline.com/article/3128805/internet-of-things/the-internet-of-insecure-things-thousands-of-internet-connected-devices-are-a-security-disaster-in.html?google_editors_picks=true (http://www.csoonline.com/article/3128805/internet-of-things/the-internet-of-insecure-things-thousands-of-internet-connected-devices-are-a-security-disaster-in.html?google_editors_picks=true)
I suspect the IoT power supplies referenced are UPS devices. That's a vulnerability I hadn't considered.
Title: Re: Proposed standards for Internet of Things
Post by: bkenobi on October 14, 2016, 05:35:32 PM
Are networked UPS's a consumer level thing now?  Last I checked they were enterprise only.  Then again, I haven't looked at UPS's in a couple years or more so it could be an entry level feature.

After reading the article, I see that this remark was specific to a data center's UPS setup.  But, a google search of "network manageable UPS" came up with several options for remote access.  So, these are a consumer level thing as well now (~$250 on Amazon).
Title: Re: Proposed standards for Internet of Things
Post by: dhouston on October 14, 2016, 05:50:18 PM
Are networked UPS's a consumer level thing now?  Last I checked they were enterprise only.  Then again, I haven't looked at UPS's in a couple years or more so it could be an entry level feature.

You're probably right. My UPS has a USB link to my main PC which, of course, links to my router . I don't know whether that can be exploited but it's probably not beyond the realm of possibility. I won't lose sleep over it but it does raise my awareness should I need to replace it.
Title: Re: Proposed standards for Internet of Things
Post by: dhouston on October 14, 2016, 06:59:00 PM
Actually, I found this 10-yr old engadget post which seems to indicate that, once again, I'm late to the party, and that a USB link MIGHT be exploited. I might lose sleep, after all, and it might not be totally because of this weekend's super/hunters moon...
https://www.engadget.com/2006/07/25/how-to-network-your-ups/ (https://www.engadget.com/2006/07/25/how-to-network-your-ups/)
Title: Re: Proposed standards for Internet of Things
Post by: dhouston on October 15, 2016, 08:37:43 AM
After reading the article, I see that this remark was specific to a data center's UPS setup.  But, a google search of "network manageable UPS" came up with several options for remote access.  So, these are a consumer level thing as well now (~$250 on Amazon).

Thanks for the update.

One thing that would help here is a way for the router to send alerts whenever there's an abnormal rate of outgoing traffic. I've yet to see anything like this. Of course, even this would only help with DDoS swarms, not with incoming probes looking for personal data.
Title: Re: Proposed standards for Internet of Things
Post by: bkenobi on October 17, 2016, 12:26:39 PM
I haven't looked recently, but I bet DDWRT or Tomato have features for this kind of thing.  You can control the QOS (quality of service) setting to limit traffic during different times of day.  If that's possible, then it shouldn't be too much harder to detect certain types of traffic over a given threshold and report it somehow.

EDIT:
YAMon for DDWRT
http://www.dd-wrt.com/phpBB2/viewtopic.php?t=259806

I don't use Tomato or any of the other variants, but a usage monitor should be available for all custom router firmware.
Title: Re: Proposed standards for Internet of Things
Post by: dhouston on October 21, 2016, 11:59:21 AM
There was another massive DDoS attack this morning although it's probably too early to know whether it also harnessed IoT devices.
http://www.theatlantic.com/technology/archive/2016/10/when-the-entire-internet-seems-to-break-at-once/504956/?google_editors_picks=true (http://www.theatlantic.com/technology/archive/2016/10/when-the-entire-internet-seems-to-break-at-once/504956/?google_editors_picks=true)
http://www.usatoday.com/story/tech/2016/10/21/cyber-attack-takes-down-east-coast-netflix-spotify-twitter/92507806/ (http://www.usatoday.com/story/tech/2016/10/21/cyber-attack-takes-down-east-coast-netflix-spotify-twitter/92507806/)
Title: Re: Proposed standards for Internet of Things
Post by: dhouston on October 21, 2016, 01:46:07 PM
YAMon for DDWRT
http://www.dd-wrt.com/phpBB2/viewtopic.php?t=259806
I've wondered what, if anything, can be done regarding security for small, embedded devices like those most likely to be used for hobbyist IoT. The Orange Omega2 is such a device. It runs OpenWRT which is compatible with YAMon.
https://www.kickstarter.com/projects/onion/omega2-5-iot-computer-with-wi-fi-powered-by-linux/description (https://www.kickstarter.com/projects/onion/omega2-5-iot-computer-with-wi-fi-powered-by-linux/description)
Title: Re: Proposed standards for Internet of Things
Post by: dhouston on October 23, 2016, 01:00:06 PM
There was another massive DDoS attack this morning although it's probably too early to know whether it also harnessed IoT devices.
Brian Krebs (Internet Security Expert) now has a list of IoT devices used against his site last month. They comprise a usual suspects list of devices probably also used in Friday's DDoS attack on Dyn.
https://krebsonsecurity.com/2016/10/who-makes-the-iot-things-under-attack/ (https://krebsonsecurity.com/2016/10/who-makes-the-iot-things-under-attack/)

Interestingly, it mentions Brian Karas, a name (good guy) that will be familiar those of us who used to frequent Usenet's comp.home.automation discussion group.
Title: Re: Proposed standards for Internet of Things
Post by: dhouston on October 24, 2016, 09:00:41 AM
While looking into how to monitor outbound web traffic I came across another KrebsonSecurity article that is about a million times scarier.
https://krebsonsecurity.com/2016/02/this-is-why-people-fear-the-internet-of-things/ (https://krebsonsecurity.com/2016/02/this-is-why-people-fear-the-internet-of-things/)
The first line...
Quote
Imagine buying an internet-enabled surveillance camera, network attached storage device, or home automation gizmo, only to find that it secretly and constantly phones home to a vast peer-to-peer (P2P) network run by the Chinese manufacturer of the hardware.
Title: Re: Proposed standards for Internet of Things
Post by: dhouston on November 03, 2016, 03:58:11 AM
Yet another IoT security issue.
http://www.nytimes.com/2016/11/03/technology/why-light-bulbs-may-be-the-next-hacker-target.html (http://www.nytimes.com/2016/11/03/technology/why-light-bulbs-may-be-the-next-hacker-target.html)
Title: Re: Proposed standards for Internet of Things
Post by: bkenobi on November 03, 2016, 10:58:21 AM
I wish they hadn't cut away without saying how long the time gap was.  Does it take 10 seconds or many sessions (recharging the drone being the limitation) to take over the lights?
Title: Re: Proposed standards for Internet of Things
Post by: dhouston on November 03, 2016, 12:00:53 PM
I hadn't watched the video. I saw this...
Quote
The researchers were able to spread infection in a network inside a building by driving a car 229 feet away.
and then quickly scanned the rest of the article. The low tech car-based method is similar to war-driving to find vulnerable WiFi networks which hackers have been doing for about as long as there have been WiFi networks. However, if they used a Tesla, they might still need to be concerned about their battery.
Title: Re: Proposed standards for Internet of Things
Post by: dhouston on November 07, 2016, 10:28:25 AM
WeMo devices (even the WiFi Crockpot) vulnerable to hijacking.
http://www.computerworld.com/article/3138991/security/update-your-belkin-wemo-devices-before-they-become-botnet-zombies.html?google_editors_picks=true (http://www.computerworld.com/article/3138991/security/update-your-belkin-wemo-devices-before-they-become-botnet-zombies.html?google_editors_picks=true)
Title: Re: Proposed standards for Internet of Things
Post by: bkenobi on November 07, 2016, 11:51:28 AM
AHHHH, zombie crockpot!   :o
Title: Re: Proposed standards for Internet of Things
Post by: dhouston on November 13, 2016, 12:42:24 PM
Here's today's home network security flaw...
http://www.computerworld.com/article/3138023/internet/another-hnap-flaw-in-d-link-routers.html?google_editors_picks=true (http://www.computerworld.com/article/3138023/internet/another-hnap-flaw-in-d-link-routers.html?google_editors_picks=true)
Title: Re: Proposed standards for Internet of Things
Post by: dhouston on November 13, 2016, 01:03:50 PM
In an article about the recent DDoS attacks, I came across this...
Quote
“In a relatively short time we’ve taken a system built to resist destruction by nuclear weapons and made it vulnerable to toasters,” quipped Jeff Jarmoc, Lead Product Security Engineer at Salesforce.com
Title: Re: Proposed standards for Internet of Things
Post by: bkenobi on November 14, 2016, 11:31:12 AM
Sounds about right.
Title: Re: Proposed standards for Internet of Things
Post by: dhouston on December 04, 2016, 11:50:30 AM
Here's one attempt to tie various HA & IoT things together.
https://www.fastcompany.com/3065864/tech-forecast/inside-ifttts-plan-for-a-more-harmonious-internet?partner=rss&google_editors_picks=true (https://www.fastcompany.com/3065864/tech-forecast/inside-ifttts-plan-for-a-more-harmonious-internet?partner=rss&google_editors_picks=true)
Title: Re: Proposed standards for Internet of Things
Post by: HA Dave on December 04, 2016, 12:38:09 PM
Here's one attempt to tie various HA & IoT things together.
https://www.fastcompany.com/3065864/tech-forecast/inside-ifttts-plan-for-a-more-harmonious-internet?partner=rss&google_editors_picks=true (https://www.fastcompany.com/3065864/tech-forecast/inside-ifttts-plan-for-a-more-harmonious-internet?partner=rss&google_editors_picks=true)

Nice piece. This sounds/reads a lot like what Apple's "homekit" does. Using the app now included with iPhone 10 OS (plus 3 other apps) I can consolidate the functions of (in my case) two different HA flavors to function together in one macro (they call it a robot... I believe).

My garage door  is a chamberlain... that has a hub-like unit that connects it to the internet through my router. The door functions like a normal garage door... push a button in the car... door opens.

But because of the My-Q (hub) connection and apps... door activity also uses sounds/banners for phone notifications. And our phone can also control the door from anywhere.

But now with the Apple homekit compatibility.... a cloud based "robot" (macro) will turn on interior ihome brand lights if the garage door is open after sunset.... but before normal leaving-for-work time.


This does appear to use the "if this than that" type of setup. And, it works flawlessly.

Meanwhile.... X10 (and my BVC and Kate16 voice and a CM15A connection to an old XP laptop... hardwired to a speaker system) gives me voice prompts/warning of door activity when inside the home.

Note: I can use the "hey Siri" function on my iPhone to turn on/off homekit connected lights (NOT X10). But I have yet to try to setup the same "hey Siri" function to open/close the garage door.
Title: Re: Proposed standards for Internet of Things
Post by: dhouston on December 04, 2016, 01:27:04 PM
This does appear to use the "if this than that" type of setup. And, it works flawlessly.
I think I was doing IFTTT long before there were things but the concept was the same with the BX24-AHT...
https://www.laser.com/dhouston/files.html (https://www.laser.com/dhouston/files.html)
but, in those days, I thought of it as a switchboard and even considered calling it Ernestine.
(https://images.search.yahoo.com/images/view;_ylt=A0LEVymyX0RYFa4AxzNXNyoA;_ylu=X3oDMTEyaGRqdHNhBGNvbG8DYmYxBHBvcwMyBHZ0aWQDQjE3OTNfMQRzZWMDc2M-?p=lily+tomlin+switchboard&back=https%3A%2F%2Fsearch.yahoo.com%2Fsearch%3Fp%3Dlily%2Btomlin%2Bswitchboard%26type%3DC111US0D20160705%26ei%3DUTF-8&no=1&fr=mcafee&h=103&w=92&imgurl=archshrk.com%2Fwp-content%2Fuploads%2F2008%2F06%2Flily_tomlin_telephone_operator.jpg&rurl=http%3A%2F%2Farchshrk.com%2F619-269-0041%2Flily_tomlin_telephone_operator&size=39KB&name=lily_tomlin_telephone_operator+-+archshrk&tt=lily_tomlin_telephone_operator+-+archshrk&sigr=11vj3rro1&sigi=12andne4e&sigb=12ovn8t10&sign=119jt6ld9&sigt=119jt6ld9)
Title: Re: Proposed standards for Internet of Things
Post by: dhouston on February 08, 2017, 01:25:46 PM
This is long overdue.
http://www.politico.eu/pro/army-of-light-bulbs-cameras-attack-defenseless-eu-internet-of-things-security/ (http://www.politico.eu/pro/army-of-light-bulbs-cameras-attack-defenseless-eu-internet-of-things-security/)
Let's hope it leads to better security.

I have my router email me daily a log of activity over the past 24 hours. I then search the log for a telltale [DoS attack: ACK Scan] of attempts to enlist my router in a DDoS army. I see an attempt every 2-3 weeks.
Title: Re: Proposed standards for Internet of Things
Post by: dhouston on May 01, 2017, 09:00:10 AM
Here's another view...
https://www.theatlantic.com/technology/archive/2017/05/internet-of-things-ethics/524802/?google_editors_picks=true (https://www.theatlantic.com/technology/archive/2017/05/internet-of-things-ethics/524802/?google_editors_picks=true)
Title: Re: Proposed standards for Internet of Things
Post by: HA Dave on May 01, 2017, 10:05:08 AM
People tend to turn their back to some threats... as a way of keeping order in their own minds. Often times people turn away from one threat simply to avoid dealing with it. I think that is true with cyber security. Of course... the same can be said of acts of international terrorism.

The world is increasingly shrinking to a large neighborhood in size. And it isn't a nice neighborhood. The good news is... there have always plenty of shady people in the world, and nothing has gotten any worst. When it comes down to either a loved one getting their throat slit in a parking lot.... or a bank's credit card in their possession being compromised on-line... the preferred choice is an easy one.

I've had to remind my wife a couple times to be aware while we were out shopping. It doesn't matter how we "feel". To the bad guys who prey on shoppers.... we look the part of old and vulnerable.

Back in the old days..... cops really did check the back doors (actually tried opening them) of all the local businesses EVERY night. And the reason they did that? Because there were no intrusion alarms installed (to speak of).... and that was how the bad guys often got in. No pry bars of fancy "cat burglar" tricks. They just looked for a door someone forgot to lock.

And... that is pretty much where were at with cyber crime now-a-days too. Our once private lives are being collected, inspected, and collated by governments both our own and foreign. And shady criminals from near and far, try to scam us out of spare change.... and/or our lifesavings. Except of the Internet connection..... nothing has changed since the 1950's.
Title: Re: Proposed standards for Internet of Things
Post by: dhouston on May 19, 2017, 12:42:12 PM
Here's a scary picture of the IOT future...
https://www.washingtonpost.com/posteverything/wp/2017/05/16/the-next-ransomware-hack-will-be-worse-than-the-current-one/ (https://www.washingtonpost.com/posteverything/wp/2017/05/16/the-next-ransomware-hack-will-be-worse-than-the-current-one/)

Quote
Everything is becoming a computer. Your microwave is a computer that makes things hot. Your refrigerator is a computer that keeps things cold. Your car and television, the traffic lights and signals in your city and our national power grid are all computers. This is the much-hyped Internet of Things (IoT). It’s coming, and it’s coming faster than you might think. And as these devices connect to the Internet, they become vulnerable to ransomware and other computer threats.
Title: Re: Proposed standards for Internet of Things
Post by: HA Dave on May 19, 2017, 10:45:56 PM
Here's a scary picture of the IOT future... .....

For most people.... all versions of the future are scary.

Maybe.... because in the entire history of mankind... no one has ever been to the future. The future remains the one place that we can only imagine in our minds. And for whatever reason the design of our minds tend to cause them to imagine the future (and dark places) to be scary places full of hidden dangers.

So the one thing that has remained the same through all of recorded history: To own the joy which is ours for the taking... we must have faith... and fear not.

Title: Re: Proposed standards for Internet of Things
Post by: dhouston on May 20, 2017, 06:47:07 AM
And for whatever reason the design of our minds tend to cause them to imagine the future (and dark places) to be scary places full of hidden dangers.

In the case of IoT, future dangers are not hidden but glaringly obvious. Anyway, here's yet another scaredy cat...
https://www.nytimes.com/2017/05/19/opinion/what-happens-when-your-car-gets-hacked.html?ref=opinion (https://www.nytimes.com/2017/05/19/opinion/what-happens-when-your-car-gets-hacked.html?ref=opinion)

As I stated at the beginning of this thread...
Quote
I'm no Luddite - I tend to surf the bleeding edge of technology - but I do think it important to be aware of the security issues that these new technologies present and to point to 'best practice' methods.
Title: Re: Proposed standards for Internet of Things
Post by: HA Dave on May 20, 2017, 09:15:45 PM
...... Anyway, here's yet another scaredy cat... What happens when your car gets hacked?  (https://www.nytimes.com/2017/05/19/opinion/what-happens-when-your-car-gets-hacked.html?ref=opinion)

Yeah.... as of today.... not even ONE car (in the wild) has ever been hacked. Not one, not even once. Yet... nearly 1.3 million people die in road crashes each year, on average 3,287 deaths a day. An additional 20-50 million are injured or disabled.

That means... in the time it took me to reply to this post (about 3 minutes)... 6 people died in old-fashion (no hacking involved) car accidents. I don't mean to poke fun at those who concern themselves with Internet insecurities. I am merely pointing out the need to find relative acceptance of the dangers.

Title: Re: Proposed standards for Internet of Things
Post by: JeffVolp on May 21, 2017, 10:21:51 AM

Yeah.... as of today.... not even ONE car (in the wild) has ever been hacked. Not one, not even once.

Make your own decision:

https://nworeport.me/2017/03/09/wikileaks-journalist-investigating-cia-assassinated-in-hacked-car-crash/

Jeff
Title: Re: Proposed standards for Internet of Things
Post by: dhouston on May 21, 2017, 04:09:35 PM
The headline on and picture in, the NYT article I cited were probably supplied by an editor - the only two references to cars within the article say...
Quote
...it is a system that’s going to fail in the “internet of things”: everyday devices like smart speakers, household appliances, toys, lighting systems, even cars, that are connected to the web...Fast forward five to 10 years, and the world is going to be filled with literally tens of billions of devices that hackers can attack. We’re going to see ransomware against our cars.

The rest dealt with the IoT vulnerabilities that are not likely to be patched in the manner that Microsoft supplied patches for even unsupported versions of Windows.

And, given the limited number of car manufacturers, this is likely to be more manageable there. In fact there have been other vulnerabilities found over the past few years where the auto manufacturers patched problems in their cars. Do a web search using cars hacked and you'll find some cases found by university and/or DARPA hackers.
Title: Re: Proposed standards for Internet of Things
Post by: HA Dave on May 21, 2017, 06:52:29 PM

Yeah.... as of today.... not even ONE car (in the wild) has ever been hacked. Not one, not even once.

Make your own decision:

https://nworeport.me/2017/03/09/wikileaks-journalist-investigating-cia-assassinated-in-hacked-car-crash/

Jeff

Yes.... they even advertise their publication as "conspiracy news"! I am sure all their stories are thrilling fake stories for those want to believe that government has the power of Gods.
Title: Re: Proposed standards for Internet of Things
Post by: HA Dave on May 21, 2017, 07:10:21 PM
....... Do a web search using cars hacked and you'll find some cases found by university and/or DARPA hackers.

Yes! Absolutely true. And.... if you search on Big Foot.... you'll learn that big foot's are a protected [endangered] species in Canada. It's true! Don't believe everything you read. There are reasons why human minds believe some of the crazy crap that we convince ourselves is real. But... finding reference to it on the Internet.... ain't a good one.

No One.... in the wild.... has EVER hacked even ONE car... EVER. Yet.... MILLIONS of known deaths in cars from preventable accidents. It is a total waste.... to concern ourselves with some tinfoil-hat theory about hacking a car.

Much of this stuff is like telling ghost stories around the campfire. The adults know all the old stories... and they know they aren't true. But they tell the stories to scare the kids. And in return... the kids don't wander off into the woods by themselves and get lost. Scary stories keep the frightened kids huddled-up in their tents all night.

And scary story's about the Internet [of things].... may keep a few people from exploring some of the newer home automation technologies. But mostly.... I think it just reads as silly. 
Title: Re: Proposed standards for Internet of Things
Post by: dhouston on July 21, 2017, 11:22:05 AM
Here's a scary picture of the IOT future...
https://www.washingtonpost.com/posteverything/wp/2017/05/16/the-next-ransomware-hack-will-be-worse-than-the-current-one/ (https://www.washingtonpost.com/posteverything/wp/2017/05/16/the-next-ransomware-hack-will-be-worse-than-the-current-one/)
Quote
Everything is becoming a computer. Your microwave is a computer that makes things hot. Your refrigerator is a computer that keeps things cold. Your car and television, the traffic lights and signals in your city and our national power grid are all computers. This is the much-hyped Internet of Things (IoT). It’s coming, and it’s coming faster than you might think. And as these devices connect to the Internet, they become vulnerable to ransomware and other computer threats.

And here's evidence that hackers can definitely think outside the box.
https://www.washingtonpost.com/news/innovations/wp/2017/07/21/how-a-fish-tank-helped-hack-a-casino/ (https://www.washingtonpost.com/news/innovations/wp/2017/07/21/how-a-fish-tank-helped-hack-a-casino/)
Title: Re: Proposed standards for Internet of Things
Post by: HA Dave on July 22, 2017, 07:48:31 PM
And here's evidence that hackers can definitely think outside the box.
https://www.washingtonpost.com/news/innovations/wp/2017/07/21/how-a-fish-tank-helped-hack-a-casino/ (https://www.washingtonpost.com/news/innovations/wp/2017/07/21/how-a-fish-tank-helped-hack-a-casino/)

Oh sure. I am an old man.... and I've never banked at a bank that has never been robbed... worked at a company or business that wasn't burgled, robbed, or otherwise stolen from. Nor [have I] ever lived in a city, town, community, or on a street that hadn't had a break-in.

There are criminals and thieves everywhere. If I had to chose between some drugged up punk with a gun breaking-down my door in the middle of the night.... or some Finnish hacker stealing my credit card number from a resort. I'll chose the hacker.

Hackers are a first-world problem. They aren't an actual danger. The 16 year kid (with a stolen gun he's never fired)... that demands your wallet in the parking lot... THAT is a danger.
Title: Re: Proposed standards for Internet of Things
Post by: dhouston on August 01, 2017, 03:26:57 PM
While inadequate, this is a step in the right direction...
http://www.reuters.com/article/us-usa-cyber-congress-idUSKBN1AH474 (http://www.reuters.com/article/us-usa-cyber-congress-idUSKBN1AH474)
Title: Re: Proposed standards for Internet of Things
Post by: HA Dave on August 01, 2017, 11:16:35 PM
While inadequate, this is a step in the right direction...
http://www.reuters.com/article/us-usa-cyber-congress-idUSKBN1AH474 (http://www.reuters.com/article/us-usa-cyber-congress-idUSKBN1AH474)

Great just what every working American needs. Added regulations that increase the cost of production by adding in more layers of deep-state inspections of American made products. Like the stuff the government buys doesn't cost too much already. Besides.... internal agency regulations already make those new laws both a redundancy... and an impossibility. As no Internet device or appliance is allowed to update from non-government servers. Not even MS patches.

In many cases software driven devices with reported bugs will be corrected internally with government hired/contractor code writers.

Maybe those "Bi-partisan" law makers should be working on cutting the trillion dollars of Obamacare taxes instead of wasting time on bills they don't understand. 


Title: Re: Proposed standards for Internet of Things
Post by: bkenobi on August 02, 2017, 11:10:14 AM
The bill looks like it only applies to devices sold to the US gov't.  That would likely affect many products consumers would use as the vendors would just make sure they comply.  I'm not a fan of gov't telling industry how to do things.  I personally think that the consumers wallet should direct companies on what products they produce.  If people are informed about how bad the security of product A has vs product B, I imagine most consumers would opt for product B.  So, this would force product A to disappear or be improved.  That said, it won't work if every product is the same and all vendors refuse to fix things.  People are dumb and will buy some product even if they are all flawed.  There's a lot of people out there with 3D HDTV's that upgraded for that feature.  Considering it was junk to begin with, never got fixed, and is now dead...yeah.
Title: Re: Proposed standards for Internet of Things
Post by: HA Dave on August 02, 2017, 07:12:16 PM
The bill looks like it only applies to devices sold to the US gov't.  That would likely affect many products consumers would use as the vendors would just make sure they comply. ....

Yeah... but that isn't the way it works. Let's say your a vendor... maybe you make a computer operating system like "windows". If you want to sell windows to the government (and MS does) you would have to open your system for government review and inspection (and they did). Then any patches are also submitted for review/inspection and DL'ed to Government PC's viva government servers ONLY.

The same applies to PC's, printers, everything that CAN connect to a network.

The ONLY way to control the safety and security of every bit and bite of code.... is with the iron fist of government oversight. Who among are ready to turn our homes over to the "federal cyber inspectors" to browse though our hard drives? The NSA has already over-reached far past and constitution government power allowed.   
Title: Re: Proposed standards for Internet of Things
Post by: dhouston on October 14, 2017, 11:45:17 AM
https://www.nytimes.com/2017/10/11/technology/personaltech/cybercriminals-spies.html (https://www.nytimes.com/2017/10/11/technology/personaltech/cybercriminals-spies.html)
Quote
...refused to buy any “Internet of Things” devices, like a Nest thermostat, fearing that all those devices did was give hackers entry into my home.

The above quote is from a cybersecurity reporter for the New York Times.
Title: Re: Proposed standards for Internet of Things
Post by: HA Dave on October 14, 2017, 08:06:27 PM
.... refused to buy any “Internet of Things” devices, like a Nest thermostat, fearing that all those devices did was give hackers entry into my home.

The above quote is from a cybersecurity reporter for the New York Times.

Yep... Nicole Perlroth is the reporters name. She has won a few awards for her writing. She is blatantly open about her paranoia of an Internet intrusion. If you read through some of her work.... I am sure you'll agree she has physiological... challenges. But hey... her struggles with her admitted fears... also pays her bills. What's a gal to do? Get medical help... and loose her job? Or stay scared for the sake of a roof over her head?

Interestingly... the most common of phobia's had for decades has been "speaking in public": Glossophobia. But in recent years technology related phobias
have taken the place of the old fashion fears of yesteryear.

Technophobia: fear of technology. Technophobia is the granddaddy of them all.
Nomophobia: fear of being without a mobile device. ...
Cyberphobia: fear of computers. ...
Telephonophobia: fear of telephones. ...
Selfiephobia: fear of taking a photograph of oneself.
Title: Re: Proposed standards for Internet of Things
Post by: bkenobi on October 16, 2017, 11:28:38 AM
I didn't read the article (I've read enough that sound similar that I didn't have the interest in a rehash).  But, I wanted to say that the fear someone will break into your home is real but remote.  The odds increase in areas where there is higher crime (more criminal activity per capita) and decrease in less populated areas (less criminals because less targets?).  However, when we talk about the technophobia fear of IoT intrusions, local has nothing to do with it nor does number of criminals.  The issue with these devices is that a script kiddie can launch a mass attack on a wide range of addresses and devices with little knowledge and just let the computer tell them what they've come up with.  It's not like someone has to go to every home and do all the work to break in.  They simply download a prepackaged tool and hit the run button.  Yes, I'm over simplifying, but it's still on point.  Oh, and this ignores the NSA issue because that's not going away and is certainly worse.

Until the device manufacturers make security concerns a priority, people who write these type of scare tactic articles will have a base to sell to and will keep a roof over their heads.  It's not her fault she has a job.   :o
Title: Re: Proposed standards for Internet of Things
Post by: HA Dave on October 16, 2017, 04:21:49 PM
.........
Until the device manufacturers make security concerns a priority, people who write these type of scare tactic articles will have a base to sell to and will keep a roof over their heads.  It's not her fault she has a job.   :o

When device sales drop.... or because of real concerns by either governments, lobbyists, constituents, or the device buying public. Then and only then will something be done. Need equals product. Leonardo da Vinci actually conceived the parachute idea in 1485 although few seemed interested in the inverted tent idea...... until someone made airplanes

I don't expect my next iPhone to be made super-volcano resistant.... even if my Internet searches make me paranoid of an erupting Yellowstone Park.  :' However.... if an actual threat besieges my phone I am sure I will see appropriate protections. 

Every Internet device will eventually be infected, or hacked in some way. Also.... every American will be a victim of some sort of crime.... most will be victim to violent crime. I'd much prefer the Chinese learn my shopping habits via a malware add-on to a free game trial.... than roll around in a parking lot with some meth-head with a big hunting knife.
   
Sure it can be great to have Paul riding through the night waving his lantern (an American reference to a legitimate timely warning)..... but it is a pain in the rear to hear the constant wild scream of WOLF, WOLF, WOLF. And unfortunately.... I am left to wonder. Does a longtime highly valued contributor of HA technology have a health issue.... or is this meant to be a naughty prank of some kind?

   
Title: Re: Proposed standards for Internet of Things
Post by: dhouston on October 25, 2017, 12:17:57 PM
It looks like another major botnet is on the horizon...
https://www.nbcnews.com/business/consumer/get-ready-reaper-botnet-it-s-already-infected-over-million-n813826 (https://www.nbcnews.com/business/consumer/get-ready-reaper-botnet-it-s-already-infected-over-million-n813826)
Title: Re: Proposed standards for Internet of Things
Post by: dhouston on October 27, 2017, 02:57:45 PM
And today's IoT vulnerability is...
https://www.nbcnews.com/tech/security/hacked-home-devices-can-spy-you-n814671 (https://www.nbcnews.com/tech/security/hacked-home-devices-can-spy-you-n814671)
Title: Re: Proposed standards for Internet of Things
Post by: bkenobi on October 27, 2017, 04:47:02 PM
My primary concern is that I don't want my "mashing machines" compromised.  I've never had an issue with any mashing machine to date, but all these IoT mashers...that's another story.   rofl
Title: Re: Proposed standards for Internet of Things
Post by: dhouston on October 27, 2017, 06:31:10 PM
I saw that, too, and thought, at first, it was just another instance of autocorrect gone mild but then...
https://en.wikipedia.org/wiki/Mashing (https://en.wikipedia.org/wiki/Mashing)
Title: Re: Proposed standards for Internet of Things
Post by: bkenobi on October 30, 2017, 04:34:53 PM
Nice that they have brewer's concerns in focus.