Proposed standards for Internet of Things

[bkenobi]

And looking at the comments section...<crickets>.  No one seems to care.  They already give all that type of information away to the worlds riches marketing company (Facebook), so why not let the NSA know how you walk and where you go too?  I've pointed this type of issue out to people I consider rational and they generally give me a response that suggests I'm a paranoid conspiracy theorist.  Realistically though, it doesn't matter if I never go to facebook or not as my wife posts enough pictures an info for the both of us...

[Tuicemen]

  Realistically though, it doesn't matter if I never go to facebook or not as my wife posts enough pictures an info for the both of us...

There are enough of us it that boat Now! 

[dhouston]

Here's an interesting article on IoT...
https://www.washingtonpost.com/news/innovations/wp/2016/02/26/whats-blocking-smart-beds-from-helping-you-get-a-great-nights-rest/

[bkenobi]

I like how they gloss over the most ignored part (security).  It's cool when you can watch your dog at home from work.  It's not quite as cool when a peeping Tom watches you when you are home or a burglar figures out when you are not...

I'm usually an early adopter of technologies, but since MyBook and FaceSpace came out years ago, I've been wary of privacy issues too.  Now it will be possible to know when someone is home and washing their hair due to status alerts and then turn on the camera to see if they washed behind their ears!

[dhouston]

This article notes one of the scariest things, IMHO, about clouds. Most, if not all, cloud servers run Linux and, as the article states, "...three-quarters of the vulnerabilities out there are on Linux and Mac machines". And it notes that Mac software has its roots in Linux, as well.
http://www.technewsworld.com/story/83158.html?google_editors_picks=true

I've never understood why open sores advocates think Linux more secure when the fact that all the bad guys can see the source code makes finding, creating and exploiting security flaws all the easier. We've seen a number of 20+ year old flaws discovered recently and I expect that is just the tip of the iceberg.

I've a large capacity HDD arriving today that will go into a WiFi-enabled housing, leaving me nothing but blue skies from now on (assuming my router has no security holes - most routers are also Linux based).

[3Com]

Hello everyone. New kid on the block here.

I've a large capacity HDD arriving today that will go into a WiFi-enabled housing, leaving me nothing but blue skies from now on (assuming my router has no security holes - most routers are also Linux based).

Last famous words. dhouston, I hope you don't have an Asus router  . Based on the article linked below there might be some hope as far as improving security in IoT.

http://arstechnica.com/security/2016/02/asus-lawsuit-puts-entire-industry-on-notice-over-shoddy-router-security/

[dhouston]

No - mine is not Asus nor any of those mentioned in the article you linked to but I was aware of the Asus (and some other) security issues when I made the router reference. I was also aware of the problems with Belkin's WeMo home automation devices which, apparently, connect directly to the Internet, bypassing the router and this is the thing I find most worrisome about IoT.

This site lists historical vulnerabilities by vendor if you want check your on own gear.
http://www.cvedetails.com/index.php

[3Com]

This site lists historical vulnerabilities by vendor if you want check your on own gear.
http://www.cvedetails.com/index.php

Good info. Thanks for the link.

[dhouston]

I guess not all clouds are dark. Here's one (only mentioned peripherally in the article) that's beneficial.
http://www.nytimes.com/2016/02/23/health/a-do-it-yourself-revolution-in-diabetes-care.html?ref=health

[dhouston]

Here is an attempt to address security of IoT devices...
http://www.computerworld.com/article/3075438/security/iot-security-is-getting-its-own-crash-tests.html?google_editors_picks=true

[dhouston]

My apologies for reawakening an old topic but there has just been a massive Distributed Denial of Service (DDoS) attack that used hijacked routers, cameras and other Linux based IoT devices to shut down Krebs on Security after he wrote about this very topic.
http://www.networkworld.com/article/3123672/security/largest-ddos-attack-ever-delivered-by-botnet-of-hijacked-iot-devices.html
http://www.networkworld.com/article/3123806/security/krebsonsecurity-moves-to-project-shield-for-protection-against-ddos-attack-censorship.html?google_editors_picks=true

[bkenobi]

So light bulbs ARE dangerous!   

[dhouston]

So light bulbs ARE dangerous!   

Anything with an IP address is potentially at risk but I suspect those most at risk have a bit more processing power. Routers, IP cameras and digital video recorders (DVRs) are mentioned in most of the reports.

[bkenobi]

Sounds like the primary issue is using the default user name/password on an externally exposed device.  There are other issues, but if those are changed, the bot looking for new victims will likely move on to easier targets.  I doubt light bulbs would be included in this type of attack, but that doesn't mean they couldn't be utilized in the future.

[dhouston]

Also, because they are capturing thousands (or hundreds of thousands) of devices, the outbound traffic volume from any single device may not always be obvious, making detection somewhat difficult. One online article said, "the source of the junk traffic was a botnet made up of 145,607 hacked digital video recorders and IP cameras".

And, I've seen other articles about lax (or lacking) security for cloud connections for IoT type devices.

With $5-10 WiFi IoT style processors coming down the pike (or already here), I have to wonder what security features they have.

https://www.wemos.cc/product/d1-mini-pro.html

https://www.kickstarter.com/projects/onion/omega2-5-iot-computer-with-wi-fi-powered-by-linux/description

http://www.computerworld.com/article/3124779/internet-of-things/make-a-wi-fi-gadget-with-a-999-orange-pi-development-board.html