Please login or register.

Login with username, password and session length
Pages: 1 ... 3 4 [5] 6 7 8

Author Topic: Proposed standards for Internet of Things  (Read 40867 times)

dhouston

  • Advanced Member
  • Hero Member
  • ******
  • Helpful Post Rating: 37
  • Posts: 2547
    • davehouston.org
Re: Proposed standards for Internet of Things
« Reply #60 on: October 14, 2016, 08:12:57 AM »

Logged
This message was composed entirely from recycled letters of the alphabet using only renewable, caffeinated energy sources.
No twees, wabbits, chimps or whales died in the process.
https://www.laser.com/dhouston

dhouston

  • Advanced Member
  • Hero Member
  • ******
  • Helpful Post Rating: 37
  • Posts: 2547
    • davehouston.org
Re: Proposed standards for Internet of Things
« Reply #61 on: October 14, 2016, 02:06:08 PM »

And here's another article addressing the lack of security on most residential IoT devices.
http://www.csoonline.com/article/3128805/internet-of-things/the-internet-of-insecure-things-thousands-of-internet-connected-devices-are-a-security-disaster-in.html?google_editors_picks=true
I suspect the IoT power supplies referenced are UPS devices. That's a vulnerability I hadn't considered.
Logged
This message was composed entirely from recycled letters of the alphabet using only renewable, caffeinated energy sources.
No twees, wabbits, chimps or whales died in the process.
https://www.laser.com/dhouston

bkenobi

  • PI Expert
  • Hero Member
  • ******
  • Helpful Post Rating: 24
  • Posts: 2081
Re: Proposed standards for Internet of Things
« Reply #62 on: October 14, 2016, 05:35:32 PM »

Are networked UPS's a consumer level thing now?  Last I checked they were enterprise only.  Then again, I haven't looked at UPS's in a couple years or more so it could be an entry level feature.

After reading the article, I see that this remark was specific to a data center's UPS setup.  But, a google search of "network manageable UPS" came up with several options for remote access.  So, these are a consumer level thing as well now (~$250 on Amazon).
« Last Edit: October 14, 2016, 05:47:19 PM by bkenobi »
Logged

dhouston

  • Advanced Member
  • Hero Member
  • ******
  • Helpful Post Rating: 37
  • Posts: 2547
    • davehouston.org
Re: Proposed standards for Internet of Things
« Reply #63 on: October 14, 2016, 05:50:18 PM »

Are networked UPS's a consumer level thing now?  Last I checked they were enterprise only.  Then again, I haven't looked at UPS's in a couple years or more so it could be an entry level feature.

You're probably right. My UPS has a USB link to my main PC which, of course, links to my router . I don't know whether that can be exploited but it's probably not beyond the realm of possibility. I won't lose sleep over it but it does raise my awareness should I need to replace it.
« Last Edit: October 14, 2016, 05:54:24 PM by dhouston »
Logged
This message was composed entirely from recycled letters of the alphabet using only renewable, caffeinated energy sources.
No twees, wabbits, chimps or whales died in the process.
https://www.laser.com/dhouston

dhouston

  • Advanced Member
  • Hero Member
  • ******
  • Helpful Post Rating: 37
  • Posts: 2547
    • davehouston.org
Re: Proposed standards for Internet of Things
« Reply #64 on: October 14, 2016, 06:59:00 PM »

Actually, I found this 10-yr old engadget post which seems to indicate that, once again, I'm late to the party, and that a USB link MIGHT be exploited. I might lose sleep, after all, and it might not be totally because of this weekend's super/hunters moon...
https://www.engadget.com/2006/07/25/how-to-network-your-ups/
« Last Edit: October 14, 2016, 07:06:51 PM by dhouston »
Logged
This message was composed entirely from recycled letters of the alphabet using only renewable, caffeinated energy sources.
No twees, wabbits, chimps or whales died in the process.
https://www.laser.com/dhouston

dhouston

  • Advanced Member
  • Hero Member
  • ******
  • Helpful Post Rating: 37
  • Posts: 2547
    • davehouston.org
Re: Proposed standards for Internet of Things
« Reply #65 on: October 15, 2016, 08:37:43 AM »

After reading the article, I see that this remark was specific to a data center's UPS setup.  But, a google search of "network manageable UPS" came up with several options for remote access.  So, these are a consumer level thing as well now (~$250 on Amazon).

Thanks for the update.

One thing that would help here is a way for the router to send alerts whenever there's an abnormal rate of outgoing traffic. I've yet to see anything like this. Of course, even this would only help with DDoS swarms, not with incoming probes looking for personal data.
« Last Edit: October 15, 2016, 09:30:53 AM by dhouston »
Logged
This message was composed entirely from recycled letters of the alphabet using only renewable, caffeinated energy sources.
No twees, wabbits, chimps or whales died in the process.
https://www.laser.com/dhouston

bkenobi

  • PI Expert
  • Hero Member
  • ******
  • Helpful Post Rating: 24
  • Posts: 2081
Re: Proposed standards for Internet of Things
« Reply #66 on: October 17, 2016, 12:26:39 PM »

I haven't looked recently, but I bet DDWRT or Tomato have features for this kind of thing.  You can control the QOS (quality of service) setting to limit traffic during different times of day.  If that's possible, then it shouldn't be too much harder to detect certain types of traffic over a given threshold and report it somehow.

EDIT:
YAMon for DDWRT
http://www.dd-wrt.com/phpBB2/viewtopic.php?t=259806

I don't use Tomato or any of the other variants, but a usage monitor should be available for all custom router firmware.
« Last Edit: October 17, 2016, 12:30:19 PM by bkenobi »
Logged

dhouston

  • Advanced Member
  • Hero Member
  • ******
  • Helpful Post Rating: 37
  • Posts: 2547
    • davehouston.org
« Last Edit: October 21, 2016, 12:09:25 PM by dhouston »
Logged
This message was composed entirely from recycled letters of the alphabet using only renewable, caffeinated energy sources.
No twees, wabbits, chimps or whales died in the process.
https://www.laser.com/dhouston

dhouston

  • Advanced Member
  • Hero Member
  • ******
  • Helpful Post Rating: 37
  • Posts: 2547
    • davehouston.org
Re: Proposed standards for Internet of Things
« Reply #68 on: October 21, 2016, 01:46:07 PM »

YAMon for DDWRT
http://www.dd-wrt.com/phpBB2/viewtopic.php?t=259806
I've wondered what, if anything, can be done regarding security for small, embedded devices like those most likely to be used for hobbyist IoT. The Orange Omega2 is such a device. It runs OpenWRT which is compatible with YAMon.
https://www.kickstarter.com/projects/onion/omega2-5-iot-computer-with-wi-fi-powered-by-linux/description
Logged
This message was composed entirely from recycled letters of the alphabet using only renewable, caffeinated energy sources.
No twees, wabbits, chimps or whales died in the process.
https://www.laser.com/dhouston

dhouston

  • Advanced Member
  • Hero Member
  • ******
  • Helpful Post Rating: 37
  • Posts: 2547
    • davehouston.org
Re: Proposed standards for Internet of Things
« Reply #69 on: October 23, 2016, 01:00:06 PM »

There was another massive DDoS attack this morning although it's probably too early to know whether it also harnessed IoT devices.
Brian Krebs (Internet Security Expert) now has a list of IoT devices used against his site last month. They comprise a usual suspects list of devices probably also used in Friday's DDoS attack on Dyn.
https://krebsonsecurity.com/2016/10/who-makes-the-iot-things-under-attack/

Interestingly, it mentions Brian Karas, a name (good guy) that will be familiar those of us who used to frequent Usenet's comp.home.automation discussion group.
« Last Edit: October 23, 2016, 01:42:32 PM by dhouston »
Logged
This message was composed entirely from recycled letters of the alphabet using only renewable, caffeinated energy sources.
No twees, wabbits, chimps or whales died in the process.
https://www.laser.com/dhouston

dhouston

  • Advanced Member
  • Hero Member
  • ******
  • Helpful Post Rating: 37
  • Posts: 2547
    • davehouston.org
Re: Proposed standards for Internet of Things
« Reply #70 on: October 24, 2016, 09:00:41 AM »

While looking into how to monitor outbound web traffic I came across another KrebsonSecurity article that is about a million times scarier.
https://krebsonsecurity.com/2016/02/this-is-why-people-fear-the-internet-of-things/
The first line...
Quote
Imagine buying an internet-enabled surveillance camera, network attached storage device, or home automation gizmo, only to find that it secretly and constantly phones home to a vast peer-to-peer (P2P) network run by the Chinese manufacturer of the hardware.
« Last Edit: October 24, 2016, 09:02:35 AM by dhouston »
Logged
This message was composed entirely from recycled letters of the alphabet using only renewable, caffeinated energy sources.
No twees, wabbits, chimps or whales died in the process.
https://www.laser.com/dhouston

dhouston

  • Advanced Member
  • Hero Member
  • ******
  • Helpful Post Rating: 37
  • Posts: 2547
    • davehouston.org
Logged
This message was composed entirely from recycled letters of the alphabet using only renewable, caffeinated energy sources.
No twees, wabbits, chimps or whales died in the process.
https://www.laser.com/dhouston

bkenobi

  • PI Expert
  • Hero Member
  • ******
  • Helpful Post Rating: 24
  • Posts: 2081
Re: Proposed standards for Internet of Things
« Reply #72 on: November 03, 2016, 10:58:21 AM »

I wish they hadn't cut away without saying how long the time gap was.  Does it take 10 seconds or many sessions (recharging the drone being the limitation) to take over the lights?

dhouston

  • Advanced Member
  • Hero Member
  • ******
  • Helpful Post Rating: 37
  • Posts: 2547
    • davehouston.org
Re: Proposed standards for Internet of Things
« Reply #73 on: November 03, 2016, 12:00:53 PM »

I hadn't watched the video. I saw this...
Quote
The researchers were able to spread infection in a network inside a building by driving a car 229 feet away.
and then quickly scanned the rest of the article. The low tech car-based method is similar to war-driving to find vulnerable WiFi networks which hackers have been doing for about as long as there have been WiFi networks. However, if they used a Tesla, they might still need to be concerned about their battery.
Logged
This message was composed entirely from recycled letters of the alphabet using only renewable, caffeinated energy sources.
No twees, wabbits, chimps or whales died in the process.
https://www.laser.com/dhouston

dhouston

  • Advanced Member
  • Hero Member
  • ******
  • Helpful Post Rating: 37
  • Posts: 2547
    • davehouston.org
Logged
This message was composed entirely from recycled letters of the alphabet using only renewable, caffeinated energy sources.
No twees, wabbits, chimps or whales died in the process.
https://www.laser.com/dhouston
Pages: 1 ... 3 4 [5] 6 7 8
 

X10.com | About X10 | X10 Security Systems | Cameras| Package Deals
© Copyright 2014-2016 X10.com All rights reserved.