Internet of Things

  • Thread starter Deleted member 9563
  • Start date
One of the funniest ones I've seen is the Nike smart shoes which connect to your smartwatch via bluetooth. Thus there is a direct connection to Nike via the internet. One can only hope that they don't brick your shoes while you're sprinting to catch a bus. :)
 
PMc said:
...big italian machines as you find in good bars....
Click to expand...

IOT was specially developed for programmers with a massive addiction on original Italian coffee.

Good espresso machines need a warm-up time ...., e.g. 1/2 hour, especially in winter. My machine is connected to an ioT outlet and 1/2 hour before I get home, I turn it on with my iPhone remote control.
The iOT- outlet even measures the power consumption, even pretty much exactly.
So iOT saves life, I would die if I couldn`t get my exactly temperatured Espresso- shot immediately , when I come home. ☕
 
  • Like
Reactions: PMc
Any company that sells an IOT device with a factory assigned password that is not randomized should be held accountable.
That should be a bare minimum requirement on anything internet connected.
So the factory has to add a sticker with the randomized password.
This would cut your botnet problem in half.
There has to be some kind of penalty for manufacturing internet devices with poor security practices.
 
The Register (or was it Krebs) did an exposé on some companies and one Chinese manufacturer rose to the occasion and started doing it right. Can't find the article right now, but it's nice to see that at least one company saw a marketing advantage to this.
 
Phishfry said:
Any company that sells an IOT device with a factory assigned password that is not randomized should be held accountable.
Click to expand...
Actually, that wouldn't even be necessary, if vendors set up the "OS" and networking in a sensible fashion. For example, let's take the WiFi-connected light bulb. I would have no problem with the factory default password being "password" on all of them, if the only thing you can do with a password is to turn the light on and off, or change the color. At that point, the worst thing that can happen is that a neighbor plays pranks on you, and after the first time, you will learn to set more reasonable passwords. If the operating system on the lightbulb were configured safely enough that it really can only act as an endpoint, does not have the capability to start a connection, and the only functionality is really to turn the light on and off.

The real problem is actually much worse, and the default password "password" is just the tip of the iceberg: A lot of IP-connected devices are just engineered really badly. Cheap manufacturers find a random OS, don't bother to think through security, don't bother to think through usability in unusual situations and recovery from unusual problems, and ship it.

How many reports are there actually of household IoT devices being used for botnets?

And what rigoletto said is absolutely correct: 99.9% of IoT does not happen in the public eye. Nearly all of it happens in industrial and commercial settings, on networks that are usually completely shielded, and much of it causes no problem whatsoever, and is of high economic utility.

I know that my household is not a good example of an industrial site, but I do have exactly a half-dozen IoT devices around. None of them are even reachable from the world-wide internet (my router won't let packets from the outside get into them unless it is on an existing connection). I know that 2 of them are capable of connecting to the outside, but I do monitor what they connect to, and open just those destinations and ports. I'm quite sure that they are reasonably secure, with passwords complicated enough that I have to look them up everytime I need to actually use them directly.
 
I've got a clapper in my collection of vintage electronics, and indeed when I first heard about these things (I was much younger) I thought it was cool. Now ... not so much.
 
I don’t understand why some people are so taken with the current (ToT) Technology of Things :)

It’s all about turning Things connected by wires or radio waves ON or OFF with help of physical switches and logical gates that provide audio-visual output - assuming there’s enough AC or DC to power all those Things . But, if we run out of AC and DC what will you do then?

Personally, I’m trying to learn more about Primitive Technologies than IoT, just in case. Thus far, I found out that I can, maybe, survive without AC and DC extra 30 days before I get killed or eaten by another low-tech homo primate :-(
 
The IoT thing seems more like marketing hype to me than anything else. I don't have any IoT devices in my home and haven't felt like I'm missing anything. There are some conveniences IoT devices offer, but I've not seen anything that makes a huge difference in quality of life.

Thing about IoT is it relies on WiFi. I'm down on WiFi in terms of security. There are some rather obscure security holes in the WiFi standards. For example the WPA pin is a big security risk and some routers don't even allow you to disable it. Took me a while to figure out how to disable it on my own router. I turn on my WiFi only when I actually need it which is on limited occasion. All my internet devices are wired and I avoid adding devices otherwise.

Of course WiFi risk depends on visibility. I live in a densely populated area with many networks in wireless range. If I lived in the country out of "earshot" I'd be a lot less concerned about it.
 
I didn't know that. So how does that work with your cell provider. Don't you have to pay for every device connected to their network?
 
CraigHB said:
Don't you have to pay for every device connected to their network?
Click to expand...
Yes, but it depends on usage scenario.
For example, the corresponding Kindle models include that in the device price assuming "fair use". When people root those devices and start using that "free Internet", the devices get blacklisted.
Another scenario is a company which buys many IoT devices to monitor remote objects. They have a corporate account with a cellular operator and pay per actually used data.
I believe, there are many other scenarios exist.
 
I have worked on the mobile internet end of things and I can tell you aragats is right.
Not sure I even agree with IOT meaning Wireless only.
We have wired computers in meeting rooms that get beamed schedules from a server. Real IP Cameras are IOT too.
IOT is nothing more than a buzzword.
How about anything connected to the internet with a webserver embedded.
That is usually the real problem. Vulnerable webservers that do not get updated.
This crap with default IOT passwords are idiots that should have their internet revoked. Go to safe internet school.
 
Phishfry said:
This crap with default IOT passwords are idiots that should have their internet revoked and morality police cane them.
Click to expand...
Once the typical politician is in a age range where he/she actually understands technology, things will probably change.
At least in my country, it's illegal (punishable by fine) to leave the doors of a car unlocked in public. Leaving a house door unlocked means that insurance won't pay out in case of theft either.
There are many cases like this where the blame is partly laid on the user and I see the same happening once the legal system understands that unprotected online devices are worse than an unlocked door.
 
We had this analogy a while back.
I said I would shoot through my physical door if anybody jiggled my doorhandle.
It was extreme statement but kill or be killed. I prefer to not be killed.

But this thread did make me think a little differently. Is this IOT malware really a threat.
Is bricking someones IOT due to no/default password ethical?
Extreme side of me thinks it is OK to brick but there is no doubt, it is intruding on someones physical device.
Do you wait until someone hijacks it with a botnet or take it out with a pre-emptive strike.
It is an ethical conundrum.
 
There is no doubt that running an IoT device in such a way that it can become a threat to others is an irresponsible thing to do. The question is who's responsibility is it?
 
Oh yea and back to what Aragats was saying I work with large dredges that are vastly automated with AllenBradley controllers.
These are tied to shore via radiowaves. Even the ships engines are tied back to Cat.

I also see rudimentry IOT devices on hopper barges the dredges use for transporting spoil.
They have a blinking light on bow of barge and they now have a pelican hard-case with Sierra modem and cell antenna and embedded PC up there too. It is tied to silt sensors on the bottom of the hopper barge.
When the hopper barge leaks sediment the ArmyCorps of Engineers shuts the permit down and they must replace hopper seals.
All this beamed from solar/battery powered embedded PC. Commercial IOT via 3G. Call it direct reporting needed for ACE permits.
Here is a picture of a very small hopper barge. Our clients use around 200-400ft. long versions.
 
OJ said:
who's responsibility is it?
Click to expand...
Indeed. We don't have a internet hit squad like some oppressed countries might.
But when I see the legal system mentioned I had to chuckle. No law or system stands a chance.
Perhaps like when you lose your driving license, you go to Saturday Driving School to keep your license.
We need that for mild internet enforcment or re-education if you will.

SS7 been flapping and nobody cares and that is a 30+ year problem that can be solved by government..
www.pandasecurity.com

SS7, telecoms’ largest security hole - Panda Security Mediacenter

The SS7 protocol was created in 1975, and has hardly been updated since, which means that it lacks sufficient security for those that make use of it.
www.pandasecurity.com www.pandasecurity.com
I mean really 2FA over this system. Are you kidding me.
 
I have a flipphone without internet access, none of the appliances or meters in my apartment are wireless and don't want Alexa, Alexi or anybody listening to what I say in my own house. We used to call software that monitored your activity Trojans and considered that a bad thing.
 
You must log in or register to reply here.
Back
Top