Join Early Retirement Today
Reply
 
Thread Tools Search this Thread Display Modes
Internet of Things - Security
Old 06-05-2016, 10:13 AM   #1
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
Chuckanut's Avatar
 
Join Date: Aug 2011
Location: West of the Mississippi
Posts: 6,322
Internet of Things - Security

Warning: Very geeky stuff follows.

FWIW, we are now seeing an increase in the number of things inside our hourses, cars and maybe soon what we area wearing, that are connected to the internet in some way. This is being called the Internet of Things (IOT).

However, many of these devices are not secure. That clever device that allows you to tell your home to turn up the heat while your are driving home from work, essentially allows something outside your home to control something inside your home. Is it secure?

Here is a good discussion of the IoT and why these early devices are not secure. The speaker expects there will be security standards in the future but warns that devices you buy today probably will not conform to those standards. So, you get the buy them again.

Of course, it is one man's opinion, but he does back up it with studies of IoT devices done by others.

The discussion starts about 80% down from the top. Search for: So IoT in its infancy.

https://www.grc.com/sn/sn-562.pdf


Quote:
And so taking a meta view, stepping
back from the details a bit, these first-
generation IoT devices are trying to do the
impossible. They're trying to be, they're
pretending to be a limited-use, purpose-specific appliance,
with at the same time having
all the sophisticated communications
and connectivity power of a general-purpose
computer hidden inside.
But they're also trying not to have, not to present any of the
responsibility baggage that all of our experience has
taught us necessarily comes along
with any powerful, connected,
general-purpose computer
Quote:
What we see are companies producing feature-laden
monitors that are virtually devoid of
security. Meaning that
anywhere, anyone in the world can be looking at your baby
sleeping, or wherever you have aimed this camera.
I mean, they're just - it's horrifying.
And they don't care. They're selling functionality. They're not selling security.
__________________

__________________
The worst decisions are usually made in times of anger and impatience.
Chuckanut is offline   Reply With Quote
Join the #1 Early Retirement and Financial Independence Forum Today - It's Totally Free!

Are you planning to be financially independent as early as possible so you can live life on your own terms? Discuss successful investing strategies, asset allocation models, tax strategies and other related topics in our online forum community. Our members range from young folks just starting their journey to financial independence, military retirees and even multimillionaires. No matter where you fit in you'll find that Early-Retirement.org is a great community to join. Best of all it's totally FREE!

You are currently viewing our boards as a guest so you have limited access to our community. Please take the time to register and you will gain a lot of great new features including; the ability to participate in discussions, network with our members, see fewer ads, upload photographs, create a retirement blog, send private messages and so much, much more!

Old 06-05-2016, 11:08 AM   #2
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
audreyh1's Avatar
 
Join Date: Jan 2006
Location: Rio Grande Valley
Posts: 16,457
Yeah - we've been avoiding this.
__________________

__________________
Well, I thought I was retired. But it seems that now I'm working as a travel agent instead!
audreyh1 is online now   Reply With Quote
Old 06-05-2016, 11:16 AM   #3
Moderator Emeritus
aja8888's Avatar
 
Join Date: Apr 2011
Location: The Woodlands, TX
Posts: 7,149
Heck, most folks can't get their wireless systems to work in their homes with any degree of reliability.

They can look at my internet camera all they want as all it shows in my front porch.

On a more serious note, it's the financial stuff I worry about. Around here, most crooks that break into houses can't read English and use a disposable flip phone or a stolen one (while its still working).

For personal security and information gathering, I think I'd be more worried about Facebook information that people so proudly upload.
__________________
......."Everybody has a plan until they get punched in the face." -- philosopher Mike Tyson.
aja8888 is offline   Reply With Quote
Old 06-05-2016, 12:05 PM   #4
Thinks s/he gets paid by the post
Sunset's Avatar
 
Join Date: Jul 2014
Location: Chicago
Posts: 4,717
Quote:
Originally Posted by aja8888 View Post
Heck, most folks can't get their wireless systems to work in their homes with any degree of reliability.

They can look at my internet camera all they want as all it shows in my front porch.

On a more serious note, it's the financial stuff I worry about. Around here, most crooks that break into houses can't read English and use a disposable flip phone or a stolen one (while its still working).

For personal security and information gathering, I think I'd be more worried about Facebook information that people so proudly upload.
One of the issues is since your internet camera is actually a webserver computer.
If a person can get root access to your internet camera, then from within your intranet, they can now as a trusted device access other computers on the network since they are within your firewall.

A few years ago it was found a certain manufacturer of internet cameras used the same admin password for all cameras, users needed to download a firmware update to fix this, probably few did.

You are right to be worried about FB, etc, especially if you use real answers for the security questions on banks, email, etc.
__________________
Sunset is offline   Reply With Quote
Old 06-07-2016, 09:46 AM   #5
Thinks s/he gets paid by the post
John Galt III's Avatar
 
Join Date: Oct 2008
Posts: 1,285
Donning tin foil hat. I'd be concerned about having the ability to opt out of the Internet of Things. Seems like the Green Overlords would love to be able to monitor and micromanage your use of electrical appliances.
__________________
John Galt III is offline   Reply With Quote
Old 06-07-2016, 10:31 AM   #6
Moderator Emeritus
aja8888's Avatar
 
Join Date: Apr 2011
Location: The Woodlands, TX
Posts: 7,149
Quote:
Originally Posted by Sunset View Post
One of the issues is since your internet camera is actually a webserver computer.
If a person can get root access to your internet camera, then from within your intranet, they can now as a trusted device access other computers on the network since they are within your firewall.

A few years ago it was found a certain manufacturer of internet cameras used the same admin password for all cameras, users needed to download a firmware update to fix this, probably few did.

You are right to be worried about FB, etc, especially if you use real answers for the security questions on banks, email, etc.
Agreed, internet cameras are not very secure and one must use caution when setting up a system for surveillance.

On a side note, anyone accessing our home computers via our secure network would be wasting their time and bandwidth as there is nothing of importance stored on them. Maybe they would be interested in reviewing about 10 GB of old work reports stored in Word and .pdf files? (I should dump all that crap anyways).
__________________
......."Everybody has a plan until they get punched in the face." -- philosopher Mike Tyson.
aja8888 is offline   Reply With Quote
Old 06-07-2016, 11:41 AM   #7
Recycles dryer sheets
YVRRocketSurgery's Avatar
 
Join Date: Dec 2015
Location: Vancouver
Posts: 338
Excuse the ignorance but don't most of these Internet connected devices have at least password security built in? In these early days, I would suspect most hacking would be against the low hanging fruit such as people that have not changed their devices' passwords from the default.
__________________
Target April 2022
"Life moves pretty fast. If you don't stop and look around for a while, you could miss it."
YVRRocketSurgery is offline   Reply With Quote
Old 06-07-2016, 11:55 AM   #8
Thinks s/he gets paid by the post
ExFlyBoy5's Avatar
 
Join Date: May 2013
Posts: 1,977
Well, security is great and all, but lots of people willing let all sorts of applications take over their phones/tablets. I just read an article about Facebook's use of devices phones/tablets to "listen" what going on. Of course, the great folks at FB say it's just used to tag songs and such, but if you look at the ACTUAL permissions your give the application, it says (very specifically) "MICROPHONE: LISTEN AND RECORD."

I am not usually a tin-foil kind of guy, but I think many of the apps we use everyday (with very little thought) take the permissions to an extreme that we are not fully aware of yet.

Quote:
Originally Posted by YVRRocketSurgery View Post
Excuse the ignorance but don't most of these Internet connected devices have at least password security built in? In these early days, I would suspect most hacking would be against the low hanging fruit such as people that have not changed their devices' passwords from the default.
As mentioned in an earlier post, not too long ago, an internet camera that was popular had a default admin password that was THE SAME for every unit it possessed. And I would venture to guess that there are quite a few people who never changed it. Perhaps that's where THIS website came from:

http://www.insecam.org/

These folks probably have ZERO idea that the world can watch in their living room: http://www.insecam.org/en/view/324690/
__________________
Founder and Head Lounger @ The Life of Leisure Institute
Retired in 2014 at the Ripe Age of 40.
ExFlyBoy5 is offline   Reply With Quote
Old 06-07-2016, 12:27 PM   #9
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
Chuckanut's Avatar
 
Join Date: Aug 2011
Location: West of the Mississippi
Posts: 6,322
Quote:
Originally Posted by YVRRocketSurgery View Post
Excuse the ignorance but don't most of these Internet connected devices have at least password security built in? In these early days, I would suspect most hacking would be against the low hanging fruit such as people that have not changed their devices' passwords from the default.
Many do have passwords, but if you read the material in the conversation I mentioned, some of these products communicate passwords in UN-encrypted formats. Other passwords are created from easy to guess technical information. Others have flaws that allow bad guys to bypass password issues.
__________________
The worst decisions are usually made in times of anger and impatience.
Chuckanut is offline   Reply With Quote
Old 06-07-2016, 12:42 PM   #10
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
harley's Avatar
 
Join Date: May 2008
Location: Following the nice weather
Posts: 6,422
As someone who spent a significant portion of their career as a network security dude, my only comment is "we're doomed". Security has always been an afterthought, and it's only going to get worse. I remember doing pen tests and finding Cisco routers on our internet facing network that still had the default admin password. And I learned from my professional security peers that this sort of thing was very common in both private and public networks. Talk about leaving the barn door open! I'm sure if the NSA wanted to, they would be watching me through my laptop camera as I type this. Security and privacy are very important to me (as shown by my refusal to install Win10), but I don't see any way to avoid this. Big Brother was a piker compared to the IoT.
__________________
"Good judgment comes from experience. Experience comes from bad judgement." - Will Rogers, or maybe Sam Clemens
DW and I - FIREd at 50 (7/06), living off assets
harley is offline   Reply With Quote
Old 06-07-2016, 02:22 PM   #11
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
Chuckanut's Avatar
 
Join Date: Aug 2011
Location: West of the Mississippi
Posts: 6,322
Quote:
Originally Posted by harley View Post
As someone who spent a significant portion of their career as a network security dude, my only comment is "we're doomed". .
As much as I hate to admit it, it will probably take a major lawsuit, brought by greedy, bull dog lawyers , costing some organization tens of millions, maybe hundreds of millions of dollars before companies sit up, take notice and spend the resources necessary to secure our data.

On

Much of my personal information is out in the wild thanks to a health insurance company that did not take basic security measures such as encrypting the data of their customers. The consequences of that loss of data can pop-up to bite me anytime in the remainder of my life.


Their response was a 'poor victimized us' letter that talked about how criminals broke into their computer system. They tactfully avoided mentioning their lack of good data security practices and why the criminals were able to spend months inside their computer system before being detected.

They offered me a free subscription to a credit monitoring service. I signed up and sure enough, 6 weeks after I got a new credit card, the monitoring service e-mailed me with a notice about the new account. So for six weeks criminals could have been charging up a storm using my identity. Gosh, that makes me feel so good.

Off
__________________
The worst decisions are usually made in times of anger and impatience.
Chuckanut is offline   Reply With Quote
Old 06-07-2016, 02:48 PM   #12
Thinks s/he gets paid by the post
ExFlyBoy5's Avatar
 
Join Date: May 2013
Posts: 1,977
Quote:
Originally Posted by Chuckanut View Post
As much as I hate to admit it, it will probably take a major lawsuit, brought by greedy, bull dog lawyers , costing some organization tens of millions, maybe hundreds of millions of dollars before companies sit up, take notice and spend the resources necessary to secure our data.

On

Much of my personal information is out in the wild thanks to a health insurance company that did not take basic security measures such as encrypting the data of their customers. The consequences of that loss of data can pop-up to bite me anytime in the remainder of my life.


Their response was a 'poor victimized us' letter that talked about how criminals broke into their computer system. They tactfully avoided mentioning their lack of good data security practices and why the criminals were able to spend months inside their computer system before being detected.

They offered me a free subscription to a credit monitoring service. I signed up and sure enough, 6 weeks after I got a new credit card, the monitoring service e-mailed me with a notice about the new account. So for six weeks criminals could have been charging up a storm using my identity. Gosh, that makes me feel so good.

Off
I feel your pain. I am still *slightly* miffed that my information from previous government security clearance applications that have a TON of information on them were hacked into. Thanks Uncle Sugar, I appreciate it!
__________________
Founder and Head Lounger @ The Life of Leisure Institute
Retired in 2014 at the Ripe Age of 40.
ExFlyBoy5 is offline   Reply With Quote
Old 06-07-2016, 11:25 PM   #13
Thinks s/he gets paid by the post
 
Join Date: Mar 2010
Location: Kerrville,Tx
Posts: 2,710
of course you could get a second wifi access point, not connect it to the internet, and have all your IOT things point to it. The IOT things will be accessable around the house, but not over the internet. I was reading a report that someone has figured out how to use the motion sensor in a smart phone as a mike to pick up conversations. All the more reason to leave the phone off most of the time. (after all phones have voicemail)
__________________
meierlde is offline   Reply With Quote
Old 06-08-2016, 08:25 AM   #14
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
harley's Avatar
 
Join Date: May 2008
Location: Following the nice weather
Posts: 6,422
Quote:
Originally Posted by meierlde View Post
of course you could get a second wifi access point, not connect it to the internet, and have all your IOT things point to it. The IOT things will be accessable around the house, but not over the internet.
I like that idea, although it won't work for the things that I want to be able to access remotely, like my wifi camera and thermostat at my snowbird house. But if I start getting nagged by my refrigerator and toilet, I'll definitely put them on an electronic dead end.
__________________
"Good judgment comes from experience. Experience comes from bad judgement." - Will Rogers, or maybe Sam Clemens
DW and I - FIREd at 50 (7/06), living off assets
harley is offline   Reply With Quote
Old 06-08-2016, 08:35 AM   #15
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
HFWR's Avatar
 
Join Date: May 2005
Location: Lawn chair in Texas
Posts: 12,964
A hacker just burned my toast!
__________________
Have Funds, Will Retire

...not doing anything of true substance...
HFWR is offline   Reply With Quote
Old 06-08-2016, 08:39 AM   #16
Thinks s/he gets paid by the post
ExFlyBoy5's Avatar
 
Join Date: May 2013
Posts: 1,977
Quote:
Originally Posted by harley View Post
I like that idea, although it won't work for the things that I want to be able to access remotely, like my wifi camera and thermostat at my snowbird house. But if I start getting nagged by my refrigerator and toilet, I'll definitely put them on an electronic dead end.
I don't think there would be too much of an invasion of privacy issue at your snowbird house. If there is no one there, there is literally nothing to see there. And when you ARE there, you can simply disconnect the camera.
__________________
Founder and Head Lounger @ The Life of Leisure Institute
Retired in 2014 at the Ripe Age of 40.
ExFlyBoy5 is offline   Reply With Quote
Old 06-08-2016, 08:53 AM   #17
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
harley's Avatar
 
Join Date: May 2008
Location: Following the nice weather
Posts: 6,422
Quote:
Originally Posted by FlyBoy5 View Post
I don't think there would be too much of an invasion of privacy issue at your snowbird house. If there is no one there, there is literally nothing to see there. And when you ARE there, you can simply disconnect the camera.
No, but an annoying a*hole could reset the thermostat higher (causing mold to grow everywhere) or lower (costing me money on wasted A/C). Pretty unlikely, I admit. But while I used my house as an example, it would still be a problem for people with nanny cams and such. A little real security and privacy built in would be really helpful.

I've always thought that internet connected devices should come with a randomized, unique password. If that was the case, most people would at least change it from the default to something they could remember. And if they didn't, they'd likely have a pretty secure password to start with. Certainly better than "admin" and "password". But that's me. I'm security conscious. I suspect, as usual, convenience/user friendliness would trump security.
__________________
"Good judgment comes from experience. Experience comes from bad judgement." - Will Rogers, or maybe Sam Clemens
DW and I - FIREd at 50 (7/06), living off assets
harley is offline   Reply With Quote
Old 06-08-2016, 09:05 AM   #18
Thinks s/he gets paid by the post
ExFlyBoy5's Avatar
 
Join Date: May 2013
Posts: 1,977
Quote:
Originally Posted by harley View Post
No, but an annoying a*hole could reset the thermostat higher (causing mold to grow everywhere) or lower (costing me money on wasted A/C). Pretty unlikely, I admit.
I am not sure about your model, but mine has alerts where if a temperature limit is reached (mine is set at 83 and 55) then it will email and/or text you. Of course, if they hack into I suppose they could change the email and text notifications. Nonetheless, it could alleviate *a little* of the worry.
__________________
Founder and Head Lounger @ The Life of Leisure Institute
Retired in 2014 at the Ripe Age of 40.
ExFlyBoy5 is offline   Reply With Quote
Old 06-08-2016, 09:22 AM   #19
Full time employment: Posting here.
Jack_Pine's Avatar
 
Join Date: Apr 2013
Posts: 834
I have cameras in my snowbird houses, thermostats that can be monitored/adjusted, garage doors that can be opened closed remotely and temperature monitors.

I love this stuff and the more the better. I figure what privacy I do have left is what it is and well worth the trade off. Can't wait for more functionality.
__________________
The Constitution. It's not just a good idea...it's the law.
Jack_Pine is offline   Reply With Quote
Old 06-08-2016, 10:44 AM   #20
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
Lsbcal's Avatar
 
Join Date: May 2006
Location: west coast, hi there!
Posts: 5,676
Quote:
Originally Posted by audreyh1 View Post
Yeah - we've been avoiding this.
Same here. I'm not letting any East European dudes take over my refrigerator -- could ruin the 4th of July BBQ.
__________________

__________________
Lsbcal is offline   Reply With Quote
Reply

Tags
iot security


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
The Internet of Things RonBoyd Other topics 24 11-07-2014 11:13 AM
Poll:"internet" or "Internet" TromboneAl Other topics 31 03-22-2014 03:23 PM
Internet Security PSA Midpack Other topics 16 01-24-2012 07:27 AM
Financial security on the internet GTM Other topics 3 06-10-2006 08:19 PM
Things own you; you don't own things - know what is want and a need dex Young Dreamers 21 10-26-2005 01:40 PM

 

 
All times are GMT -6. The time now is 07:51 PM.
 
Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2017, vBulletin Solutions, Inc.