|
|
Internet of Things - Security
06-05-2016, 09:13 AM
|
#1
|
Give me a museum and I'll fill it. (Picasso) Give me a forum ...
Join Date: Aug 2011
Location: West of the Mississippi
Posts: 17,265
|
Internet of Things - Security
Warning: Very geeky stuff follows.
FWIW, we are now seeing an increase in the number of things inside our hourses, cars and maybe soon what we area wearing, that are connected to the internet in some way. This is being called the Internet of Things (IOT).
However, many of these devices are not secure. That clever device that allows you to tell your home to turn up the heat while your are driving home from work, essentially allows something outside your home to control something inside your home. Is it secure?
Here is a good discussion of the IoT and why these early devices are not secure. The speaker expects there will be security standards in the future but warns that devices you buy today probably will not conform to those standards. So, you get the buy them again.
Of course, it is one man's opinion, but he does back up it with studies of IoT devices done by others.
The discussion starts about 80% down from the top. Search for: So IoT in its infancy.
https://www.grc.com/sn/sn-562.pdf
Quote:
And so taking a meta view, stepping
back from the details a bit, these first-
generation IoT devices are trying to do the
impossible. They're trying to be, they're
pretending to be a limited-use, purpose-specific appliance,
with at the same time having
all the sophisticated communications
and connectivity power of a general-purpose
computer hidden inside.
But they're also trying not to have, not to present any of the
responsibility baggage that all of our experience has
taught us necessarily comes along
with any powerful, connected,
general-purpose computer
|
Quote:
What we see are companies producing feature-laden
monitors that are virtually devoid of
security. Meaning that
anywhere, anyone in the world can be looking at your baby
sleeping, or wherever you have aimed this camera.
I mean, they're just - it's horrifying.
And they don't care. They're selling functionality. They're not selling security.
|
__________________
Comparison is the thief of joy
The worst decisions are usually made in times of anger and impatience.
|
|
|
|
Join the #1 Early Retirement and Financial Independence Forum Today - It's Totally Free!
Are you planning to be financially independent as early as possible so you can live life on your own terms? Discuss successful investing strategies, asset allocation models, tax strategies and other related topics in our online forum community. Our members range from young folks just starting their journey to financial independence, military retirees and even multimillionaires. No matter where you fit in you'll find that Early-Retirement.org is a great community to join. Best of all it's totally FREE!
You are currently viewing our boards as a guest so you have limited access to our community. Please take the time to register and you will gain a lot of great new features including; the ability to participate in discussions, network with our members, see fewer ads, upload photographs, create a retirement blog, send private messages and so much, much more!
|
06-05-2016, 10:08 AM
|
#2
|
Give me a museum and I'll fill it. (Picasso) Give me a forum ...
Join Date: Jan 2006
Location: Rio Grande Valley
Posts: 38,145
|
Yeah - we've been avoiding this.
__________________
Retired since summer 1999.
|
|
|
06-05-2016, 10:16 AM
|
#3
|
Moderator Emeritus
Join Date: Apr 2011
Location: Conroe, Texas
Posts: 18,731
|
Heck, most folks can't get their wireless systems to work in their homes with any degree of reliability.
They can look at my internet camera all they want as all it shows in my front porch.
On a more serious note, it's the financial stuff I worry about. Around here, most crooks that break into houses can't read English and use a disposable flip phone or a stolen one (while its still working).
For personal security and information gathering, I think I'd be more worried about Facebook information that people so proudly upload.
__________________
*********Go Yankees!*********
|
|
|
06-05-2016, 11:05 AM
|
#4
|
Give me a museum and I'll fill it. (Picasso) Give me a forum ...
Join Date: Jul 2014
Location: Spending the Kids Inheritance and living in Chicago
Posts: 17,099
|
Quote:
Originally Posted by aja8888
Heck, most folks can't get their wireless systems to work in their homes with any degree of reliability.
They can look at my internet camera all they want as all it shows in my front porch.
On a more serious note, it's the financial stuff I worry about. Around here, most crooks that break into houses can't read English and use a disposable flip phone or a stolen one (while its still working).
For personal security and information gathering, I think I'd be more worried about Facebook information that people so proudly upload.
|
One of the issues is since your internet camera is actually a webserver computer.
If a person can get root access to your internet camera, then from within your intranet, they can now as a trusted device access other computers on the network since they are within your firewall.
A few years ago it was found a certain manufacturer of internet cameras used the same admin password for all cameras, users needed to download a firmware update to fix this, probably few did.
You are right to be worried about FB, etc, especially if you use real answers for the security questions on banks, email, etc.
|
|
|
06-07-2016, 08:46 AM
|
#5
|
Thinks s/he gets paid by the post
Join Date: Oct 2008
Posts: 2,796
|
Donning tin foil hat. I'd be concerned about having the ability to opt out of the Internet of Things. Seems like the Green Overlords would love to be able to monitor and micromanage your use of electrical appliances.
|
|
|
06-07-2016, 09:31 AM
|
#6
|
Moderator Emeritus
Join Date: Apr 2011
Location: Conroe, Texas
Posts: 18,731
|
Quote:
Originally Posted by Sunset
One of the issues is since your internet camera is actually a webserver computer.
If a person can get root access to your internet camera, then from within your intranet, they can now as a trusted device access other computers on the network since they are within your firewall.
A few years ago it was found a certain manufacturer of internet cameras used the same admin password for all cameras, users needed to download a firmware update to fix this, probably few did.
You are right to be worried about FB, etc, especially if you use real answers for the security questions on banks, email, etc.
|
Agreed, internet cameras are not very secure and one must use caution when setting up a system for surveillance.
On a side note, anyone accessing our home computers via our secure network would be wasting their time and bandwidth as there is nothing of importance stored on them. Maybe they would be interested in reviewing about 10 GB of old work reports stored in Word and .pdf files? (I should dump all that crap anyways).
__________________
*********Go Yankees!*********
|
|
|
06-07-2016, 10:41 AM
|
#7
|
Full time employment: Posting here.
Join Date: Dec 2015
Location: Vancouver
Posts: 915
|
Excuse the ignorance but don't most of these Internet connected devices have at least password security built in? In these early days, I would suspect most hacking would be against the low hanging fruit such as people that have not changed their devices' passwords from the default.
__________________
Good Riddance. April 2022
"Yes, there's some shady stuff going down but it's fuelled by stupidity."
|
|
|
06-07-2016, 10:55 AM
|
#8
|
Give me a museum and I'll fill it. (Picasso) Give me a forum ...
Join Date: May 2013
Location: ATL --> Flyover Country
Posts: 6,649
|
Well, security is great and all, but lots of people willing let all sorts of applications take over their phones/tablets. I just read an article about Facebook's use of devices phones/tablets to "listen" what going on. Of course, the great folks at FB say it's just used to tag songs and such, but if you look at the ACTUAL permissions your give the application, it says (very specifically) "MICROPHONE: LISTEN AND RECORD."
I am not usually a tin-foil kind of guy, but I think many of the apps we use everyday (with very little thought) take the permissions to an extreme that we are not fully aware of yet.
Quote:
Originally Posted by YVRRocketSurgery
Excuse the ignorance but don't most of these Internet connected devices have at least password security built in? In these early days, I would suspect most hacking would be against the low hanging fruit such as people that have not changed their devices' passwords from the default.
|
As mentioned in an earlier post, not too long ago, an internet camera that was popular had a default admin password that was THE SAME for every unit it possessed. And I would venture to guess that there are quite a few people who never changed it. Perhaps that's where THIS website came from:
http://www.insecam.org/
These folks probably have ZERO idea that the world can watch in their living room: http://www.insecam.org/en/view/324690/
__________________
FIRE'd in 2014 @ 40 Years Old
Professional Retiree
|
|
|
06-07-2016, 11:27 AM
|
#9
|
Give me a museum and I'll fill it. (Picasso) Give me a forum ...
Join Date: Aug 2011
Location: West of the Mississippi
Posts: 17,265
|
Quote:
Originally Posted by YVRRocketSurgery
Excuse the ignorance but don't most of these Internet connected devices have at least password security built in? In these early days, I would suspect most hacking would be against the low hanging fruit such as people that have not changed their devices' passwords from the default.
|
Many do have passwords, but if you read the material in the conversation I mentioned, some of these products communicate passwords in UN-encrypted formats. Other passwords are created from easy to guess technical information. Others have flaws that allow bad guys to bypass password issues.
__________________
Comparison is the thief of joy
The worst decisions are usually made in times of anger and impatience.
|
|
|
06-07-2016, 11:42 AM
|
#10
|
Give me a museum and I'll fill it. (Picasso) Give me a forum ...
Join Date: May 2008
Location: No fixed abode
Posts: 8,765
|
As someone who spent a significant portion of their career as a network security dude, my only comment is "we're doomed". Security has always been an afterthought, and it's only going to get worse. I remember doing pen tests and finding Cisco routers on our internet facing network that still had the default admin password. And I learned from my professional security peers that this sort of thing was very common in both private and public networks. Talk about leaving the barn door open! I'm sure if the NSA wanted to, they would be watching me through my laptop camera as I type this. Security and privacy are very important to me (as shown by my refusal to install Win10), but I don't see any way to avoid this. Big Brother was a piker compared to the IoT.
__________________
"Good judgment comes from experience. Experience comes from bad judgement." - Anonymous (not Will Rogers or Sam Clemens)
DW and I - FIREd at 50 (7/06), living off assets
|
|
|
06-07-2016, 01:22 PM
|
#11
|
Give me a museum and I'll fill it. (Picasso) Give me a forum ...
Join Date: Aug 2011
Location: West of the Mississippi
Posts: 17,265
|
Quote:
Originally Posted by harley
As someone who spent a significant portion of their career as a network security dude, my only comment is "we're doomed". .
|
As much as I hate to admit it, it will probably take a major lawsuit, brought by greedy, bull dog lawyers , costing some organization tens of millions, maybe hundreds of millions of dollars before companies sit up, take notice and spend the resources necessary to secure our data.
On
Much of my personal information is out in the wild thanks to a health insurance company that did not take basic security measures such as encrypting the data of their customers. The consequences of that loss of data can pop-up to bite me anytime in the remainder of my life.
Their response was a ' poor victimized us' letter that talked about how criminals broke into their computer system. They tactfully avoided mentioning their lack of good data security practices and why the criminals were able to spend months inside their computer system before being detected.
They offered me a free subscription to a credit monitoring service. I signed up and sure enough, 6 weeks after I got a new credit card, the monitoring service e-mailed me with a notice about the new account. So for six weeks criminals could have been charging up a storm using my identity. Gosh, that makes me feel so good.
Off
__________________
Comparison is the thief of joy
The worst decisions are usually made in times of anger and impatience.
|
|
|
06-07-2016, 01:48 PM
|
#12
|
Give me a museum and I'll fill it. (Picasso) Give me a forum ...
Join Date: May 2013
Location: ATL --> Flyover Country
Posts: 6,649
|
Quote:
Originally Posted by Chuckanut
As much as I hate to admit it, it will probably take a major lawsuit, brought by greedy, bull dog lawyers , costing some organization tens of millions, maybe hundreds of millions of dollars before companies sit up, take notice and spend the resources necessary to secure our data.
On
Much of my personal information is out in the wild thanks to a health insurance company that did not take basic security measures such as encrypting the data of their customers. The consequences of that loss of data can pop-up to bite me anytime in the remainder of my life.
Their response was a ' poor victimized us' letter that talked about how criminals broke into their computer system. They tactfully avoided mentioning their lack of good data security practices and why the criminals were able to spend months inside their computer system before being detected.
They offered me a free subscription to a credit monitoring service. I signed up and sure enough, 6 weeks after I got a new credit card, the monitoring service e-mailed me with a notice about the new account. So for six weeks criminals could have been charging up a storm using my identity. Gosh, that makes me feel so good.
Off
|
I feel your pain. I am still *slightly* miffed that my information from previous government security clearance applications that have a TON of information on them were hacked into. Thanks Uncle Sugar, I appreciate it!
__________________
FIRE'd in 2014 @ 40 Years Old
Professional Retiree
|
|
|
06-07-2016, 10:25 PM
|
#13
|
Thinks s/he gets paid by the post
Join Date: Mar 2010
Location: Kerrville,Tx
Posts: 3,361
|
of course you could get a second wifi access point, not connect it to the internet, and have all your IOT things point to it. The IOT things will be accessable around the house, but not over the internet. I was reading a report that someone has figured out how to use the motion sensor in a smart phone as a mike to pick up conversations. All the more reason to leave the phone off most of the time. (after all phones have voicemail)
|
|
|
06-08-2016, 07:25 AM
|
#14
|
Give me a museum and I'll fill it. (Picasso) Give me a forum ...
Join Date: May 2008
Location: No fixed abode
Posts: 8,765
|
Quote:
Originally Posted by meierlde
of course you could get a second wifi access point, not connect it to the internet, and have all your IOT things point to it. The IOT things will be accessable around the house, but not over the internet.
|
I like that idea, although it won't work for the things that I want to be able to access remotely, like my wifi camera and thermostat at my snowbird house. But if I start getting nagged by my refrigerator and toilet, I'll definitely put them on an electronic dead end.
__________________
"Good judgment comes from experience. Experience comes from bad judgement." - Anonymous (not Will Rogers or Sam Clemens)
DW and I - FIREd at 50 (7/06), living off assets
|
|
|
06-08-2016, 07:35 AM
|
#15
|
Give me a museum and I'll fill it. (Picasso) Give me a forum ...
Join Date: May 2005
Location: Lawn chair in Texas
Posts: 14,183
|
A hacker just burned my toast!
__________________
Have Funds, Will Retire
...not doing anything of true substance...
|
|
|
06-08-2016, 07:39 AM
|
#16
|
Give me a museum and I'll fill it. (Picasso) Give me a forum ...
Join Date: May 2013
Location: ATL --> Flyover Country
Posts: 6,649
|
Quote:
Originally Posted by harley
I like that idea, although it won't work for the things that I want to be able to access remotely, like my wifi camera and thermostat at my snowbird house. But if I start getting nagged by my refrigerator and toilet, I'll definitely put them on an electronic dead end.
|
I don't think there would be too much of an invasion of privacy issue at your snowbird house. If there is no one there, there is literally nothing to see there. And when you ARE there, you can simply disconnect the camera.
__________________
FIRE'd in 2014 @ 40 Years Old
Professional Retiree
|
|
|
06-08-2016, 07:53 AM
|
#17
|
Give me a museum and I'll fill it. (Picasso) Give me a forum ...
Join Date: May 2008
Location: No fixed abode
Posts: 8,765
|
Quote:
Originally Posted by FlyBoy5
I don't think there would be too much of an invasion of privacy issue at your snowbird house. If there is no one there, there is literally nothing to see there. And when you ARE there, you can simply disconnect the camera.
|
No, but an annoying a*hole could reset the thermostat higher (causing mold to grow everywhere) or lower (costing me money on wasted A/C). Pretty unlikely, I admit. But while I used my house as an example, it would still be a problem for people with nanny cams and such. A little real security and privacy built in would be really helpful.
I've always thought that internet connected devices should come with a randomized, unique password. If that was the case, most people would at least change it from the default to something they could remember. And if they didn't, they'd likely have a pretty secure password to start with. Certainly better than "admin" and "password". But that's me. I'm security conscious. I suspect, as usual, convenience/user friendliness would trump security.
__________________
"Good judgment comes from experience. Experience comes from bad judgement." - Anonymous (not Will Rogers or Sam Clemens)
DW and I - FIREd at 50 (7/06), living off assets
|
|
|
06-08-2016, 08:05 AM
|
#18
|
Give me a museum and I'll fill it. (Picasso) Give me a forum ...
Join Date: May 2013
Location: ATL --> Flyover Country
Posts: 6,649
|
Quote:
Originally Posted by harley
No, but an annoying a*hole could reset the thermostat higher (causing mold to grow everywhere) or lower (costing me money on wasted A/C). Pretty unlikely, I admit.
|
I am not sure about your model, but mine has alerts where if a temperature limit is reached (mine is set at 83 and 55) then it will email and/or text you. Of course, if they hack into I suppose they could change the email and text notifications. Nonetheless, it could alleviate *a little* of the worry.
__________________
FIRE'd in 2014 @ 40 Years Old
Professional Retiree
|
|
|
06-08-2016, 08:22 AM
|
#19
|
Full time employment: Posting here.
Join Date: Apr 2013
Posts: 834
|
I have cameras in my snowbird houses, thermostats that can be monitored/adjusted, garage doors that can be opened closed remotely and temperature monitors.
I love this stuff and the more the better. I figure what privacy I do have left is what it is and well worth the trade off. Can't wait for more functionality.
__________________
The Constitution. It's not just a good idea...it's the law.
|
|
|
06-08-2016, 09:44 AM
|
#20
|
Give me a museum and I'll fill it. (Picasso) Give me a forum ...
Join Date: May 2006
Location: west coast, hi there!
Posts: 8,809
|
Quote:
Originally Posted by audreyh1
Yeah - we've been avoiding this.
|
Same here. I'm not letting any East European dudes take over my refrigerator -- could ruin the 4th of July BBQ.
|
|
|
|
|
Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
|
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
|
» Recent Threads
|
|
|
|
|
|
|
|
|
|
|
|
|
» Quick Links
|
|
|