Internet of Things

  • Thread starter Deleted member 9563
  • Start date
D

Deleted member 9563

Guest
I'm sure people here have things to say about IoT.
I personally find it mostly useless and the wrong way to go in most cases. It basically takes scripting, which belongs on the command line, to your house - and beyond.

Security is one of the major problems for most people, since they haven't any clue about what security could be about, outside of of installing a deadbolt on their door. This aspect really hit home when it was discovered that people's security cameras were being used for DDoS attacks. I got hit by that one.

Another thing that I find abhorrent is that it simply isn't needed in most cases, and serves no useful purpose for healthy people who might actually need the exercise that some device is intended to eliminate. In my artistic house, a lot of modern technology actually would look downright stupid, if not just out of place. I have always tried to cut out plastic objects in my living space because it's just cheap, and I have more self esteem than that. However, I have considered lighting control since I have an awful lot of lights to make the place look nice.

So, what thoughts and concerns do other people have about IoT?
 
I think it's always good to embrace change and evolution -- you wouldn't want to use a washboard for your laundry nowadays, would you?

Anyways, security should be much more of a concern! I don't have a lot of "things", basically a self-designed system for controlling shutters and two chinese vacuum robots.

I still haven't finished the shutter control properly, but of course, doing it myself, all data will stay in my internal network and if I decide to add some public API, I'll make sure to properly secure it.

The vacuums indeed worried me a bit when it comes to security. They offer great features through a smartphone app (like showing them where exactly to clean, monitoring of all maintenance tasks, cleaning history with maps etc), but for all of this to work, they need to connect to a chinese cloud service. I ended up setting up a new wifi ssid for them, with very long random WPA-PSK, in a network segment that is only allowed internet access and with bandwith throttling to a reasonable value. That way, I feel it is acceptable for me.

I see the point, "normal" people will never do that, they can't even assess what the device could mean security-wise. But like with a lot of other technology that was new some day, I think after a few "major incidents", awareness for risks will be raised and the products will improve.

My cleaning robots already surprised me by refusing to use an unencrypted Wifi (I wanted to do a quick test run on my guest network) -- that's probably a good thing.
 
OJ said:
I personally find it mostly useless and the wrong way to go in most cases.
Click to expand...
Most things people buy nowadays are just that.
OJ said:
Security is one of the major problems for most people
Click to expand...
They know nothing about it. They learn how to write enough code--and now they are "coders"(!)--and only cause problems for the rest of us after causing problems for themselves. Then manufacturers put locks on things so they can't hurt themselves but the same people complain about "walled gardens".
OJ said:
I have an awful lot of lights to make the place look nice.
Click to expand...
If you mean you set up your house like "stage lighting" then I'm impressed. If I had the time I'd do the same. The few times I've been to homes where someone has done that it's been just so comfortable and beautiful.
 
IOT is just a new term for embedded electronics right? So now you can tie your thermostat to the internet.
Truth is IOT is everywhere already. ATM's, Vending Machines, Parking Kiosks.
What I find amusing is that much of the Gen1 gear only used 3G networking due to low bandwidth requirments.
Now ATT is EOL its 3G network... I have seen many commercial security systems out there run 3G modems for backup network...
 
OJ said:
This aspect really hit home when it was discovered that people's security cameras were being used for DDoS attacks. I got hit by that one.
Click to expand...
Well at least you admit your problem. What did you do to fix it?
I run opnSense and it handles all that for me. I have no need for my IP cameras to be available to the world.
My camera setup uses an email based alert system. I have motion zones that trigger alerts.
 
Don’t reduce the discussion to IoT for consumers only. Not all devices connected to the internet are IoT ones. A real IoT device communicates autonomously with other devices e.g. for all kind of automation purposes. In this respect, the device as such is innocent like a child, and if it serves the purpose, we want to consider it a good device. That said, the purposes shall be discussed, and we need to take special care for purposes which are not ours.

For example an IoT device which monitors a production process and takes suitable actions together with other devices for maintaining a high quality output, is certainly a good one for a good purpose. An IoT device which would monitor the fuel level of our car and inform the next gas station to adapt the price accordingly, might be a good device but for an evil purpose.
 
Phishfry said:
Well at least you admit your problem. What did you do to fix it?
Click to expand...
There isn't much one can do on a public facing resolver since blocking is not possible. However, one can use iptables rules. But for sure, once you get into many requests per second, it's quite disconcerting.

BTW, why wouldn't I admit it? It has nothing to do with me or how I set things up. :)
 
It is enablement gone hype.

If it is possible to put an address on a gadget and have it talk to the network, and if this solves problems or makes things possible that weren't possible before, then there is no reason to not do it.

There was something like an urban legend in the 90ies, about some coffee maker with an IP address (and from all I know, that coffee-maker did actually exist). This was cool, this was the vision, and for all the people knowing how the network functions it was obvious that this can be done. So, what is now called Internet-of-Things, is just what I used to promise to people in the 90ies.

The slight difference in matters is just this: in 2000, the Internet was taken over by the money-makers. So today the primary aim is no longer to create improvement, to create cool and great new things. Instead, the primary aim is to make money, and therefore the crap has to be coined "improvement", and the stupid consumer is supposed to swallow it and pay.

What does interest me much more is this: I seem to somehow possess some 1500 sqm of estate property. From the documentation of IPv6 I understand that therefore I am supposed to claim about 2.3 mio. network addresses. How do I get these?
 
PMc said:
The slight difference in matters is just this: in 2000, the Internet was taken over by the money-makers. So today the primary aim is no longer to create improvement, to create cool and great new things. Instead, the primary aim is to make money, and therefore the crap has to be coined "improvement", and the stupid consumer is supposed to swallow it and pay.
Click to expand...
According to the theory of capitalism, this should be the same thing. But discussing this will quickly get philosophical.
 
PMc said:
There was something like an urban legend in the 90ies, about some coffee maker with an IP address (and from all I know, that coffee-maker did actually exist).
Click to expand...

It existed. It was at Cambridge. It was an ethernet connected camera pointing at the coffee machine.
en.wikipedia.org

Trojan Room coffee pot - Wikipedia

en.wikipedia.org en.wikipedia.org

PMc said:
And there is RFC2324 describing the protocol...
Click to expand...

That was an April fools day joke. There are quite a few RFCs released on April 1st that were jokes. Here's a nice list:
 
ekingston said:
That was an April fools day joke.
Click to expand...

At that time, yes.
A couple of years ago I went to buy a new coffee machine. I looked at al the new and fancy stuff available nowadays - and at the price tags: 800€, 1200€, ...
One of the sales people came along, and I asked her, what is the difference between these? Explanation was: this one has a color TFT display. Very well.

Finally I went with a normal coffee maker for 9.99€, that produces just coffee, as computer people are used to.
The only other option, that could make coffee that really tastes, would be one of the big italian machines as you find in good bars, with tap-water attachment. But these depend on continuous throughput and need real skill to operate.
None of these has a TFT display.
 
IoT is a toy. Nothing we call IoT that we use today will still be working in a year, let alone become a security risk 10 years later ;)

Even gimmicky stuff like Alexa or the Apple one will still be running after a couple of generations of the hardware. Apple cannot even keep a 2012 Macbook current, let alone some random speech toy.
 
I'm surprised nobody mentioned Mirai yet. Surely everybody had at least some inconvenience from that. Here is another story about it.
 
OJ said:
Surely everybody had at least some inconvenience from that.
Click to expand...
Nope. This is why it is important to
#1) Update the firmware of any IOT upon arrival.
#2) Change the password for the device. Password is not a real password.
 
Phishfry said:
Nope. This is why it is important to
#1) Update the firmware of any IOT upon arrival.
#2) Change the password for the device. Password is not a real password.
Click to expand...
It is indeed. Unfortunately most users of things like IoT light bulbs and security cameras have no idea about this sort of thing.

BTW, I didn't mean inconvenience for the user of IoT, who won't see a difference, but for users of the Internet who would see some slowdowns here and there. And of course, people who run DNS resolvers with public access. I figured there'd be some of those here. Anyway the Mirai attack was a big deal in the history of the Internet.
 
I did not mean to be flippant. I was not affected by the DDOS caused my Mirai.
OJ said:
Unfortunately most users of things like IoT light bulbs and security cameras have no idea about this sort of thing.
Click to expand...
Yes but they don't plug themselves in right? Users have some responsibility.
I use good quality Arecont IP cameras in my setup. They are much more expensive than a no brand name China camera.
Problem as I see it is, Arecont produces firmware updates for their cameras. When you buy a cheap no name camera where do you get firmware updates? You don't.
You get what you pay for. Attackers are not dumb and choose the easy targets.
 
I have been around security cameras long enough to witness their introduction onto the internet.
Panasonic DSS systems from around 2001 with hardware encoders for video feed and a html landing page.
These systems were easy to find with a googe search for the landing page name.
Even these early IOT systems used 'default' passwords and were easily jacked with no-one even knowing.
To make matters worse Panasonic didn't support these units with firmware fixes so they are a fixed target with known flaws.
Panasonic DSS got better after the first generation IOT devices.
I consider anything that can be accessed via the ethernet automatically just by plugging it in to be an IOT.
There really is no fruitful difference. Plug and play internet is not new by any means.
 
Phishfry said:
I consider anything that can be accessed via the ethernet automatically just by plugging it in to be an IOT.
Click to expand...
Smartphones come awfully close to that, in my opinion.
 
If only I could afford those bluetooth driven socks with integrated heating system..
If only I owned a pair of shoes that tie the shoelaces via the smartphone app.

The internet of things is a security risk, a privacy issue, and it costs energy/electricity.
 
You must log in or register to reply here.
Back
Top