Security for the 'Internet of Things'

What happens when your oven is on the Internet? A malicious hacker might be able to set it to broil while you're on vacation, and get it so hot that it could start a fire. Or a prankster might set your alarm to wake you up at 3 a.m. - and what if someone gets access to the wireless security camera over your front door and uses it to gain access to the rest of your home network, and from there to your bank account? Not good. With the 'Internet of Things' you will have many devices to secure, not just a couple of computers and handheld devices. Timothy Lord met Mark Stanislav of Duo Security at BSides Austin 2014, which is where this interview took place.(Here's an alternate link to the video.)

Here's how to secure your "Internet of things"

[ArcadeMan]

Don't buy things that connect to the Internet.

Re:Here's how to secure your "Internet of things"

[zarthrag]

Additionally, they should be on an isolated internal network, wired whenever possible. A server or appliance in your house can manage said "things". Every single vendor who supplies you with 'things" shouldn't force you to use their (likely vulnerable) web portal or service, just supply some drivers/documentation, and part ways.

Re:Here's how to secure your "Internet of things"

This. No thank you, your appliance is the product not me.

Re:Here's how to secure your "Internet of things"

[mlts]

Why should they be on a network at all? My refrigerator does just fine with a basic thermostat, electrical fusing, a device to pour water into a mold, dump it in a bin when frozen, then stop dumping it when the bin fills up, a switch to turn on the light when the door opens and a fan so it runs without the need to be defrosted. The additional gewgaws don't help with core operation.

Same with a stove or a microwave. For safety's sake, it should only be able to be turned on by someone who is physically present.

Sometimes, there is just no real point in adding a device to the IoT, and the fewer devices that have networks, the fewer attack vectors an attacker will have to operate with.

This doesn't mean that isolated networks are bad... for example a vehicle needs the CANBus. However, if one doesn't need to have that functionality in a toaster, why built it in?

If we have to have a network or bus for statuses, why not a read-only bus, essentially like a serial port with the return line cut so the device can send status messages out, but not have them go back. The basic concept of a data diode. This way, one can tell if their fridge is over temperature, but a blackhat can't log on and turn the fridge off and spoil someone's steak stash.

Re:Here's how to secure your "Internet of things"

Same with a stove or a microwave. For safety's sake, it should only be able to be turned on by someone who is physically present.

This isn't being advertised to the responsible people. This is being advertised to both the twitter crowd and the irresponsible crowd (heavy overlap).

Twitter crowd advertisement: Your toaster can send automatic updates to your twitter account so everyone can see the perfection of your toast!

Irresponsible crowd advertisement: Have you ever accidentally left a washcloth on an active stovetop? With these 5 devices, your smoke detector will alert your mobile phone and this other app will let you turn off your stove remotely as you call the fire department! All from the comfort of your favorite nightclub.

Re:Here's how to secure your "Internet of things"

[bob_super]

"I didn't microwave the cat, a hacker did"

Re:Here's how to secure your "Internet of things"

Why should they be on a network at all?

Stove: Can send an alert if left turned on for an extended period (Like, say, you heated some pizza for breakbast, and forgot to turn it off before leaving for waork. You can also tell it to turn off from your phone. Or, tell it to turn on when you leave work, so it's all done preheating for dinner.

Fridge: Can track things like how old your milk is, and text you to bring some home.

Washer/Dryer? Maybe you want to wash your clothes while you are at work, but don't want the damp clothes sitting in the washer molding all day. So, you can 'call' it when you leave work, and have it wash them then, finishing just as you get home. Heck, you might not even need to call it- your phone can use GPS to detect when you leave work, and contact it for you.

Security cameras? It's might be nice to be able to stream your cameras to your phone, see what's going on. Maybe catch Bobby throwing a party when you're out of town.

And, of course, any of these devices can 'call for help' to the vendor/repairman if they break.

Toaster: Um... well... I 'm sorry, I can't see a reason to network your toaster.

Re:Here's how to secure your "Internet of things"

[rhazz]

Fridge: Can track things like how old your milk is, and text you to bring some home.

I realize you're grasping, but why would the fridge need/want to do that? Unless your milk is somehow hooked up to sensors in the fridge that monitor its freshness, you are only getting texts based on some data you input into a system somewhere. In that case you might as well use an app on your phone to track it, and remove the risk of someone hacking your fridge and spoiling your food.

Re:Here's how to secure your "Internet of things"

[Megane]

And what does it matter if you can find out how old your milk is from your cellphone when you're at work, if you're not there at the fridge door to get rid of it?

Your eyes and nose are a plenty good enough way to determine how bad the milk is. To have the fridge do it without sticking a freaking sensor into the milk itself, it would need to know when the milk was put in, and every time it was removed and replaced. Even then, the actual freshness depends on how fresh it was when it first came from the store. Sure, the date on the milk could be on an RFID chip, but if you forget and leave the milk out for a couple of hours, that's going to make the milk spoil a lot sooner than the date on the store, which is really a "sell by" date, anyhow.

Re:Here's how to secure your "Internet of things"

Why should they be on a network at all? My refrigerator does just fine with a basic thermostat, electrical fusing, a device to pour water into a mold, dump it in a bin when frozen, then stop dumping it when the bin fills up, a switch to turn on the light when the door opens and a fan so it runs without the need to be defrosted. The additional gewgaws don't help with core operation.

Same with a stove or a microwave. For safety's sake, it should only be able to be turned on by someone who is physically present.

Sometimes, there is just no real point in adding a device to the IoT, and the fewer devices that have networks, the fewer attack vectors an attacker will have to operate with.

This doesn't mean that isolated networks are bad... for example a vehicle needs the CANBus. However, if one doesn't need to have that functionality in a toaster, why built it in?

If we have to have a network or bus for statuses, why not a read-only bus, essentially like a serial port with the return line cut so the device can send status messages out, but not have them go back. The basic concept of a data diode. This way, one can tell if their fridge is over temperature, but a blackhat can't log on and turn the fridge off and spoil someone's steak stash.

http://www.youtube.com/watch?v=LRq_SAuQDec -- toaster ;)

Re:Here's how to secure your "Internet of things"

        http://www.youtube.com/watch?v=LRq_SAuQDec -- toaster ;)

Re: Here's how to secure your "Internet of things"

Point is OK but question dumb. If fridge can reliably tell me of spoiled milk at work, I can get fresh milk on way home. Useful (If possible.)

Re:Here's how to secure your "Internet of things"

[ShanghaiBill]

Why should they be on a network at all?

As we increase the proportion of electricity generated from intermittent sources such as wind and solar, we will use spot pricing to even out the demand. When the sun goes behind a cloud, the price of electricity will bump up, and your electric meter needs to be able to communicate with your refrigerator to tell it to shut down the compressor. Once the sun comes back out, the price will drop, and then your refrigerator can use cheaper electricity to "pre-chill", so it can coast again the next time the price bumps up.

My refrigerator does just fine with a basic thermostat, ...

At a greater than needed cost to both your wallet and our environment.

Re:Here's how to secure your "Internet of things"

I bought an ADSL router like that.

Re: Here's how to secure your "Internet of things"

[davidhoude]

People here can't see the implications beyond tweeting toasters, don't mind them. The future is a scary place for those people involved in technology of the past.

Re:Here's how to secure your "Internet of things"

[morphotomy]

Think about it. You leave a pork loin in the oven before you leave for work. The oven refrigerates the meat until it's time to cook it, so its ready when you get home. You get stuck at the office. You send a text to your oven to slow the cook time by an hour.

Re:Here's how to secure your "Internet of things"

At a greater than needed cost to both your wallet and our environment.

BULLSHIT.

The thermostat keeps the temperature where it needs to be. Connecting a
refrigerator to the internet is not going to lower costs or improve
performance.

Re:Here's how to secure your "Internet of things"

[epyT-R]

But it will give bureaucrats the opportunity to set the thermostat to politically correct levels, and give the refrigerator and food vendors the opportunity to overcharge you for value added services, like 'pay us or it stops working'. Don't you want that?

Re:Here's how to secure your "Internet of things"

Uh, huh... if we need that, then the thermostat can be connected to a clock. We do NOT need yet another fscking Internet connected appliance ripe for some script kiddy to screw around with. We also don't need the energy company (likely a for-profit) to be able to cut off a refrigerator's function at their whim. I pay my electric bill, and my stuff works how I want it. Not how some CEO or MBA wants it to run "optimally" for their profits.

If some asswipe lawmaker demands my fridge not cool my food because the utility company says so, then my next fridge will be a propane fridge, and I'll have a small 50 gallon propane cylinder installed outside, which can run the fridge for 6-10 months per refill. If code forbids that, I'll just run the refrigerator off a circuit that gets power from a set of PV panels and 48VDC batteries.

I wonder if the parent is a Nest shill, because nobody in their right mind really wants their fridge logging how old their milk is on Facebook or their freezer tweeting that there is a turkey still inside that has not seen the light of day since Thanksgiving.

Re:Here's how to secure your "Internet of things"

[jecblackpepper]

Another option for your fridge/freezer if it is connected to the internet is that it will be able to monitor electricity prices and price futures and decide to cool to a lower temperature when it's cheaper and switch off when the price goes up. Similarly your air con or heating

Re:Here's how to secure your "Internet of things"

[jecblackpepper]

The point is not that the energy company will be able to cut off your refrigerator's function at a whim, but that you will be able to configure your refrigerator to operate based on the price of electricity to maximise your profit. You could do this off a clock, but as the gpp mentioned, we'll have variable generation based on amount of wind and sunshine that will mean that you can take advantage of flucuating prices as supply and demand vary throughout the day.

Re:Here's how to secure your "Internet of things"

your talking rubbish.you need to move out of your moms basement.

Re:Here's how to secure your "Internet of things"

[plover]

This thread is disappointing. I learned a long time ago that just because I lack imagination, doesn't mean an imaginative use doesn't exist.

For example: your freezer could be used as a cheap energy storage device that could offset the cost of peak electricity during summer air conditioning season. How? By burning cheap night electricity, it could lower the temperature to -40 degrees by 6:00 AM. During the day, it doesn't run at all, it just slowly rises to -5 degrees. Being hooked to the network allows it to know the current electricity pricing schedule.

I've seen prototypes of fridge-based scanners that track food in and out, allowing you go use a remote shopping list to do "replenishment" shopping. If your spouse or child uses the last of the milk without writing it on the list, you still have a current list whenever you're at the store.

My clothes washer and dryer are already on my network. They are located in my basement. The washer allows me to remotely start it an hour before I head home, so I don't have wet clothes sitting in it all day, growing mold and mildew. When a load is dry, I get an alert, even if I am out of earshot; so I can keep the clothes from wrinkling. The dryer will give me a status, but it will not allow me to remotely control it. The machines are also smart-grid ready, so when the electric company begins demand pricing, I'm ready.

There are plenty of good reasons to put more devices on the network, and people will undoubtedly come up with more.

Re:Here's how to secure your "Internet of things"

[lsatenstein]

Why should they be on a network at all? My refrigerator does just fine with a basic thermostat, electrical fusing, a device to pour water into a mold, dump it in a bin when frozen, then stop dumping it when the bin fills up, a switch to turn on the light when the door opens and a fan so it runs without the need to be defrosted. The additional gewgaws don't help with core operation.

Same with a stove or a microwave. For safety's sake, it should only be able to be turned on by someone who is physically present.

Sometimes, there is just no real point in adding a device to the IoT, and the fewer devices that have networks, the fewer attack vectors an attacker will have to operate with.

This doesn't mean that isolated networks are bad... for example a vehicle needs the CANBus. However, if one doesn't need to have that functionality in a toaster, why built it in?

If we have to have a network or bus for statuses, why not a read-only bus, essentially like a serial port with the return line cut so the device can send status messages out, but not have them go back. The basic concept of a data diode. This way, one can tell if their fridge is over temperature, but a blackhat can't log on and turn the fridge off and spoil someone's steak stash.

There are appliances that I would absolutely like to have under internet access. Here are a few and my justifications.
a) I am a working stiff: In the AM, I put a roast in the oven, I set the turn on time for 20 minutes / lb (50 min/kilo) and I leave for work. Suddenly I have to work late. I want to delay the cooking of the roast.
b) I have a setback thermostat in the house. I would like the heat/air-conditioner to turn on to normal temp 1.5 hrs before I plan to arrive. I am coming home late, and want the system to start 1.5 hrs later.
c) I have a keypad access to the garage. I have a repair man coming for the washer/dryer. When he arrives, I want to see who she/he is, and then change the keypad code once to allow him in.
d) Usually turn on the sprinklers early am, but I know it is going to rain tomorrow. I want the system to skip a watering and therefore I use my cell to tell the sprinkler system to skip the day. Ditto if the gardener is coming to work in the yard or on the flower beds.

Probably you noticed that most of the access is not to control temperature, but to control when a device that is preset to a temperature or action, that it may start or be stopped. And of course, access security. If I have a security system that alarms to me about someone in the house, I want to see if it is my mother-in-law visiting, or a stranger. And I want an event message sent to me if someone goes into the master bedroom.

How about?

We keep the fucking oven off the internet?

Who's dumbass idea was this anyways?

Re:How about?

[epyT-R]

People who like imposing false scarcity to extract wealth, and those who get off on controlling others.

don't connect it

[fluffy-the-dest-6649]

why the hell would you connect your house to the internet or any appliance on the Internet anyway. Getting your appliance to work on your computer or a computer so you can control it via 1 pc for various aspect is fine but connect it to the Internet and no matter how secure it is, someone will find a way in. Best security is to NOT connect it on your Internet. Hell pretty simple concept to understand

Re:don't connect it

[Russ1642]

Having a thermostat that logs temperature and activity online would be fine, so long as the furnace control circuit is physically disconnected from the logging circuits. There should be no way that the furnace could be controlled from the internet. It can't be security in software but a physical limitation of the device itself. There's very little reason for home appliances to be controlled in this manner. Commercial controls, however, are already accessible online and the security is terrible. I know someone who installs these and he showed me how he could login from home and change pretty much everything with an HVAC system. I seriously doubt a hacker would have much trouble taking control but I doubt they could really do much damage to an office building. Maybe they could impact someplace that had a real need for strict temperature control like a greenhouse or refrigerated storage facility.

Re:don't connect it

[jxander]

Because convenience and optimization.

You can lower your energy bill by setting your thermostat to a more relaxed temperature while you're at work (hotter or colder, depending on your climate) and then remotely set it back to a more comfortable temp as you leave the office. You can fire off your dishwasher or laundry at a certain time, when energy is cheaper. If you have kids who leave the house after you, you might want to make sure they locked up, or check how many times they hit snooze after you left. The list goes on.

Of course, there's the security to consider, as you and TFS point out ... but to ask why someone would want this ability is intentionally naive.

Re:don't connect it

[postbigbang]

No one points out a secondary auth, which adds quite a bit of layering-- that admittedly might be able to be hacked through-- to prevent unauthorized settings changes.

If only Unbreakable Linux were.....

Re:don't connect it

[kwiecmmm]

Then you get a programmable thermostat that does not connect to the internet and you set it to go cooler at certain hours of the day and you setup a bunch of different modes (normal weekday, weekend, vacation, ...).

Turn on your dishwasher and laundry as you go to work or go to bed.

Tell your kids lock the door.

All of this stuff can be done without an internet connection and should be done without an internet connection. But as soon as someone can hack all of a specific oven, heater, dryer or other appliance people are going to realize they don't want these things connected to the internet. Especially because huge sections of commercial companies don't worry about securing internet devices at the moment, and I doubt they are going to change that anytime soon. It may be naive to ask why someone would want this ability, but when you look at the most popular passwords used and other security indicators like that, it may be more important to ask should people have this ability?

Re:don't connect it

[jeffmflanagan]

>You can lower your energy bill by setting your thermostat to a more relaxed temperature while you're at work (hotter or colder, depending on your climate)

We already have this with smart thermostats. No Internet connection needed.


>and then remotely set it back to a more comfortable temp as you leave the office.

This is only useful for people with work schedules that vary. I think most of us leave work within 30 minutes of the same time every day.

Re:don't connect it

why the hell would you connect your house to the internet or any appliance on the Internet anyway.

Right now the thing I see most commonly is home security systems, so you can keep a paranoid eye on your security cameras. There's some company or another running TV ads for a system which will allow you to lock your doors, shut off power outlets, etc.

Even though air-gapping is the safest way to go, the simple truth is that eventually houses will become "smarter" and as they do, people will network them.

The solution is the same as to the problem of connecting your printer to the internet- don't do it directly. I see a lot of people in articles about ipv6 talking about how it'll be so awesome because all your shit can have a public IP address. But you don't WANT all your shit to be directly publicly accessible. All the shit in your house which connects to the internet needs to go through some type of intermediary device which can act as a firewall, none of it should be connecting DIRECTLY to the internet... that's just plain stupid.

Re:don't connect it

[Miamicanes]

> why the hell would you connect your house to the internet or any appliance on the Internet anyway.

So you can check up on your cats during the day while you're at work, and reassure yourself that the house hasn't gotten broken into in a way that somehow managed to avoid setting off the alarm. And dispense treats for them from the Magic Invisible Food God if you start to feel guilty about leaving them home alone all day. And drive the Roomba-platform-mounted webcam around to their favorite hiding spot (still working on *that* one).

There's also the fact that more traditional means of remote home control (via phone) rarely work well with VoIP and voicemail. My alarm, for example, DOES have a telephone interface module... but it depends upon having an answering machine pick up the call so it can eavesdrop and listen for the triggering code. If the call rings until it goes to voicemail, the alarm never gets a chance to listen in and grab the call away from the answering machine. If the alarm answers the phone, and it was somebody calling, all it can do is play back a ~5-second .wav file apologizing and hang up on them. Did I mention yet that the way Android phones implement keyboard DMTF (playing a short pre-generated sample, as opposed to generating the tones on the fly in realtime), coupled with the way most VoIP codecs and mobile phone networks mangle DMTF, causes roughly 1 or 2 digits per dozen or so to fail to get recognized?

As a practical matter, thanks to VoIP, voicemail, and mobile phones, you almost *have* to implement your controls via IP rather than dial-in unless you want to pay AT&T $35/month for a landline phone that you almost never actually use.

That said, most internet-interfaced home automation controls are HORRIFICALLY insecure. If their interface consists of a Wiznet serial-to-IP module, and actually depends upon Wiznet's own password-based security, you should probably just assume it's been pwn3d several times over. ESPECIALLY if whatever's connected to the serial port end of the Wiznet module was designed to be physically connected to a real RS-232 serial port inside a locked cabinet, and all they did was strap the Wiznet module onto it. A security-free serial port isn't a great idea, but if it's inside a locked cabinet inside your house, it's pretty low on the list of concerns unless you have servants spending time unsupervised inside your home. That same security-free serial port strapped onto a Wiznet module with 8-character password (and with no rate-limit or lockout policy) can literally be bruteforced via UDP in a matter of days if the password is purely alphanumeric.

ARM-based modules aren't a whole lot better, because manufacturers try to shave 17c from the manufacturing costs and cram everything into a few megs of flash. Of course, the first thing that gets cut when the compiled code is a little too big is the security. To manufacturers, security isn't a quantifiable selling point compared to features, and strong security raises tech support costs anyway by making the device more likely to NOT work for some non-obvious reason.

IMHO, the only secure way to connect embedded hardware with minimal security to the internet is through a gateway appliance that shields them from direct contact with the internet, and acts as a proxy server/firewall/application level gateway. Preferably, running over a different physical network, and at the very least (if wire-sharing is inevitable), segregating the insecure devices into a different IP range that can communicate ONLY with that gateway.

Note that if 100mbit ethernet is fast enough, you can actually wire two electrically-independent 10/100 ethernet jacks with a single cat5e cable (use green & orange for one, blue & brown for the other). If you pull two cat5e cables from every room to the wiring closet, you can use one for gigabit ethernet (possibly using a pair of layer VLAN-capable switches that support layer 2 IGMP snooping to isolate the "TV multicast network" from the "hom

Re:don't connect it

[jxander]

True, there are other options aplenty... but we're living in a time when email is too slow for a lot of people and thoughts don't break the 140 character limit. A time when the convenience of one-click purchases trumps the obvious security issue therein.

Everything is getting more online, more interconnected, more convenient ... it makes more sense to embrace the change and work to make it smooth and safe, instead of fighting back against it.

Re:don't connect it

... it makes more sense to embrace the change and work to make it smooth and safe, instead of fighting back against it.

Embrace the change ?

Fight against it ?

You have to be one of the most idiotic sons of bitches I have ever seen
on this website.

It is a shame your parents were allowed to breed.

Re:don't connect it

[davidhoude]

I agree mostly, but just wanted to note that having a unique publicly routable IP address does necessarily mean the device is open to the internet.

Re: don't connect it

[biojayc]

You shouldn't have to manually set it back when you leave work. It should know when you leave work and set it on its own, whether because you told it when or it inferred over time.

Re:don't connect it

[epyT-R]

The internet of things is not there to serve you. It is there to serve you to the customer: marketers and nosy government officials.

Re:don't connect it

[epyT-R]

Wow, condescend much? It does NOT make sense to embrace something just because it's popular. Are you one of these post modern 'educated' 35yo adolescents? You know, the kind who think in blocks of 140 characters or less?

Smooth and safe? What does that mean? Safe for whom? None of these user-hostile technologies are designed to keep the user safe. They're designed to keep the user locked into 'service plans.'

If our ancestors worked to make life 'smooth and safe' we'd still be bowing and paying tax to the king.

Re:don't connect it

[BitZtream]

then remotely set it back to a more comfortable temp as you leave the office.

I promise you that if you do that, your electric bill will always be higher than mine.

Changing your thermostat on a daily basis is a stupid fucking idea that wastes massive amounts of energy. I've you're going to be gone for a week? Sure. While you're at work for the day? No, thats extremely wasteful.

Re:don't connect it

[kwiecmmm]

True, there are other options aplenty... but we're living in a time when email is too slow for a lot of people and thoughts don't break the 140 character limit. A time when the convenience of one-click purchases trumps the obvious security issue therein.

Everything is getting more online, more interconnected, more convenient ... it makes more sense to embrace the change and work to make it smooth and safe, instead of fighting back against it.

TLDNR you passed the 140 character limit. :-P

I embrace change when it makes sense to do that. I will embrace a driver-less car, as it comes out (probably in the next 10 years). But many things that are new and the "wave of the future", end up dying out within a few years, because they don't solve real problems or they cause more issues than they end up solving. I haven't heard one thing here that would be so much more convenient by controlling it through the internet, that I absolutely need and am willing to risk the device being hacked to get it.

iOS vs Android in the car

[noh8rz10]

I thought a lot about this when there were dueling announcements with iOS and Android in the car. The two approaches are completely different. The android approach is to be a central hub that all components can plug into, as well as you can download apps. iOS is the exact opposite, a gated system that only has access to the screen and input buttons. Android wants to be the car's brain, and iOS wants to be the car's entertainment console.

The concern, what happens when a hacker exploits one of android's (many) security weaknesses? they have the keys to the kingdom. Can they kill the engine while you're on the freeway? in contrast, what if a hacker pwns your iOS? maybe they change the apple maps to drive you into a lake?

The stakes just seem a lot higher when you start letting others into your car's electronics system. These also apply to other things, like the oven in the summary.

Re:iOS vs Android in the car

[ThatsDrDangerToYou]

.. but what if somebody commandeers my iOS-based entertainment system and programs it to ALL Bieber? That would, of course, be catastrophic!

Dear Internets of Things,
You suck.

Re:iOS vs Android in the car

I thought a lot about this when there were dueling announcements with iOS and Android in the car. The two approaches are completely different. The android approach is to be a central hub that all components can plug into, as well as you can download apps. iOS is the exact opposite, a gated system that only has access to the screen and input buttons. Android wants to be the car's brain, and iOS wants to be the car's entertainment console.

The concern, what happens when a hacker exploits one of android's (many) security weaknesses? they have the keys to the kingdom. Can they kill the engine while you're on the freeway? in contrast, what if a hacker pwns your iOS? maybe they change the apple maps to drive you into a lake?

The stakes just seem a lot higher when you start letting others into your car's electronics system. These also apply to other things, like the oven in the summary.

Yeah, iOS which have had the drive-by root take-over vulnerabilities innocently called jailbreaks..

Re:iOS vs Android in the car

[Sloppy]

If someone changing a map can "drive you into a lake" then YOU have already been hacked, and it doesn't matter how [in]secure your car is. You (not one of your computers) have been owned. You don't exist anymore, because your body (which had previously been a person) has become an unconscious fully-trusting map-executing machine.

That's cause for concern, but I wouldn't worry about their computers' security problems.

Re:iOS vs Android in the car

[noh8rz10]

yes yes, a bit of an exaggeration on my part. the point being, if somebody owns your iOS in the car, they can get at your phone stuff but not the can bus or other car stuff.

Internet of Things....

[subtlearray1272]

If you have to explain what the "Internet of Things" is every time you reference it, maybe we should consider using a more self-explanatory term? Just saying.

This is why I don't have home automation yet

[TheCarp]

I looked at X10, nice and all....but.... you mean anybody could buy some X-10 equipment and trivially fuck with me? I heard about the student who did up his whole dorm room with x-10 stuff and my first thought was....in a dorm? Thats asking for pranks.

So far, I have yet to hear any definite evidence that any of the off the shelf stuff is any good in this way. People just don't think about security until after they get bit, for the most part.

Whenever I have seen anyone look at any home automation equipment with an eye towards security, its always failed to hold muster, often failed to even try.

You wouldn't install a lock on your house that allowed anyone who bought a similar device to use it to enter your house, would you? So why give anyone who wants to poke around access to devices inside?

Unless there is some process for negotiating keys and authorizing each new device onto the automation system....then its just not secure. It may not even be secure then, but without that, you can be sure of it.

Re:This is why I don't have home automation yet

[TheCarp]

> Well, did you buy your door locks from the local hardware store?

No. I mean, the locks have been there quite a while, I can't actually recall them being changed. I THINK they were changed when my parents and grandparents swapped units in the house, but I was pretty young then. Based on the way they are all done, I assume it was actually done by a locksmith.

> They only make a few different keys. Buy enough of the locks, and quite literally, someone has the keys to enter your house, and many others.

I knew that actually, but there are some issues; not the least of which is multiple manufacturers, and the cost of buying so many locks could easily cost a thousand dollars or more before you are done. Then you have to physically try each key until you get a hit.

I have never heard of anyone doing this, but I think its likely because nobody bothers attacking locks when there are easier ways to break into houses. OTOH locks can be trivially upgraded. A home automation system gets hard as the pieces have to talk to eachother.

If my locks get compromised and abused, that sucks, but I can get new locks. If my home automation system is.... that isn't a quick fix for a few hundred bucks.

No Problem

[Capt.Albatross]

We can just secure our things the same way that the things currently on the internet - power plants, dams, oil refineries - are secured.

Re:No Problem

class HighlyExplosiveReactorControlSystem_UserAccessPortal {
        bool AuthenticateUser() {
                return true;
        }
        void __declspec(noreturn) ExplodeViolently() { ...
        } ...
}

Also, avoid shitty appliances

[jandrese]

If your oven catches fire because it was turned on too long, you have a defective oven.

Re:Also, avoid shitty appliances

[CanHasDIY]

If your oven catches fire because it was turned on too long, you have a defective oven.

I think the general idea, at least in terms of this discussion, is that someone who can remotely access your stove via exploits can also probably bypass any safety mechanism that would prevent the stove from overheating.

Unlike the 1980's era Lady Kenmore I had when I first bought my house, that was happy to catch fire without the need for external stimuli.

Re:Also, avoid shitty appliances

[jeffmflanagan]

>I think the general idea, at least in terms of this discussion, is that someone who can remotely access your stove via exploits can also probably bypass any safety mechanism that would prevent the stove from overheating.

That weird assumption would seem to make the discussion pointless. There would be no reason to connect the safety functionality to the remote start functionality. If you build an over that poorly, you'd be sued out of existence the first time the shoddy design was exploited.

Re:Also, avoid shitty appliances

The stove should not be physically capable of "overheating".

Re:Also, avoid shitty appliances

[plover]

The stove should not be physically capable of "overheating".

My aluminum tea kettle sits on one of the burners when not in use. If that burner were turned on and left on, it would eventually evaporate the remaining water, melt, and likely catch fire. I also know some guys who hide dirty dishes in the oven in case of "unexpected company". A plastic dish heated to 450 would easily ignite a fire.

The stove won't overheat, but stoves don't exist in isolation.

Re:Also, avoid shitty appliances

[CanHasDIY]

>I think the general idea, at least in terms of this discussion, is that someone who can remotely access your stove via exploits can also probably bypass any safety mechanism that would prevent the stove from overheating.

That weird assumption would seem to make the discussion pointless. There would be no reason to connect the safety functionality to the remote start functionality. If you build an over that poorly, you'd be sued out of existence the first time the shoddy design was exploited.

And yet, we've seen evidence that automotive manufacturers have done just that - connected critical systema to non-critical ones, in a way so that compromise of one system equates to compromise of both - accessing the seat heaters through a CANbus tap also gives access to the brake and steering systems. I'd link to the recent demonstration of this particular hack, but A) pretty sure we all know about it by now, and B) inserting html is a bitch-and-a-half on this damn tablet.

Anyway, while I may agree with the concept of total product liability, it unfortunately does not reflect reality.

Re:Also, avoid shitty appliances

[werewolf1031]

Unlike the 1980's era Lady Kenmore I had when I first bought my house, that was happy to catch fire without the need for external stimuli.

Sure it wasn't the cook?

/ducks

Re:Also, avoid shitty appliances

[noh8rz10]

aluminum melts at 1,200 F. I don't think it would get that hot sitting on your stove.

Re:Also, avoid shitty appliances

[BitZtream]

The handle isn't aluminium, not unless you love burning massive scares into your hands when you pick it up.

Re:Also, avoid shitty appliances

[plover]

I've melted a cheap aluminum egg poacher on an electric coil stove, so yes, they can get that hot. They normally are limited by the thermal mass of the water in the pot, which keeps them safely at the boiling temperature of water. Once the water is all gone, nothing stops the temperature from rising. That's why you see warnings on coffee pots and other appliances that say "DANGER - never run without water."

Internet of things security

Or we can simply not connect our refrigerator, toaster, thermostat, etc to the internet. Sometimes, 'because we can do it' is no reason to do it, and I really don't need to provide 3rd parties with even more data points in tracking my life.

Re: Dear Roblimo

Quit yer bitchin'. No one gives a shit about your clickbait. Stories post when they arrive and have sufficient interest. No one gets exclusive time at the top of the queue. Douchebag.

Why would my oven need to be online?

I don't want my toaster or oven to be online. I just don't see a need for it. What's the point?

I think the point is probably something along the lines of: executive-level manager in the microwave division of GE reads the term "Internet of Things" in Buzzword Quarterly and a new requirement is born.

Sort of like how touch screen phones started becoming popular and all of a sudden everything has to have a touch screen or at least a touch-inspired interface, even when it really makes absolutely zero sense. I'm looking at you, Windows 8, the automotive industry, GNOME 3.

Anyway, if my toaster is going to be online, it's going to run NetBSD, damn it!

Re:Why would my oven need to be online?

[Russ1642]

Your toaster needs to be online so it knows the time. It needs to know when its warranty expires so it can break down right on schedule.

LaunchKey

Most IoT don't have input fields for security credentials. Authentication can be handled by services like LaunchKey, but it's going to up to these individual vendors to keep themselves secure which isn't something they're all going to successfully do. So I would think to minimize damages when you're attacked you would want each item you have connected to your network to be handling security as its own unit and not completely trusting of everything connected. It's kind of like having a different password for every site so when a couple of the sites you use get hacked and your passwords leaked you're not completely owned.

At the very least, make it read-only

[AdamHaun]

Maybe checking the status of an oven (or oven timer?) over the net is useful, but there's no reason to allow the network to turn it on. Separate device control from device status at the hardware level, and you at least keep people's houses from burning down.

Re:At the very least, make it read-only

Use-case: Christmas dinner

Put turkey in oven.
Go to pub.
Have 10 beers.
Turn on oven _remotely_.
Have 10 more beers.
Try to go home.
Voilla turkey.

Re:At the very least, make it read-only

It's a fair point, but even making your oven's state read-only is a problem. Wanting to know if I'm on holiday so you can break in? Just keep an eye on my oven state for a while so you know when it's a good time.

Good security needs to be built into the "Internet of Things". The Thing System (http://thethingsystem.com/) seems to have a reasonable robust model, but I think it has to be down to the network level. I used to work for company that built a home automation system (no, not the one you are thinking of - a proper home automation system used in upmarket homes). The wireless version of it was great, but not invisible to someone passing by with a reasonable detector. Looking at the spec one day I asked what would stop someone doing a DOS attack on say, the garage door? Or the alarm system?

"Why would someone do that?" You know, I didn't have a response. I had no idea what to say.

Re:At the very least, make it read-only

[epyT-R]

Use case without useless/dangerous/expensive internet connectivity

put turkey in oven
set delay timer to 4 hours
go to pub
have 20 beers
try to go home
voila turkey is your 3pm wake up call.

Re:At the very least, make it read-only

[silas_moeckel]

Because you might want to have an oven that doubles as a fridge. Put dinner in keep cold all day and start when you leave work.

Re:At the very least, make it read-only

[nmr_andrew]

That's fair enough, I can see that being useful, especially for those who have jobs that semi-routinely don't hold to any sort of fixed hours.

There can be a happy medium between access and security. I don't think anyone is really arguing the security of checking the status of a device - it's pretty easy to implement that read-only. I can quickly come up with the thought that the network connection could also allow you to activate a function or program but not make changes to it - that would require physical access to the device's control panel.

In your example, you could connect when leaving work and activate the "turn off refrigeration and heat up my dinner at 350 degrees for an hour, then keep warm" function. Maybe at the same time tell your thermostat to change from its "away" to "at home" setting. Someone could break in and do the same, but while you could pay a bit more on your heating bill (because it ran at the higher "home" setting all day) they couldn't make it a LOT more by turning the heat up to 95 degrees.

Re:At the very least, make it read-only

[silas_moeckel]

Sane limits and limits outside of software are important. Take the same oven, if it's gas it should have some sort of interlock that turns off the gas if burner did not light. That is not something that should ever be controlled by software or remotely. So sure software could turn on the gas and not set off the spark but the gas would shut off in short order. I probably need a few more cases to take care off like repeatedly trying to light it etc etc. But you get the point the safety bit has to respond in a sane and safe manner, be as simple as possible, and be immune from software control/tampering.

It's actually fairly hard to setup protocols that are consumer friendly and secure. Look at WPS it's supposed to do this generally works sorta. Bluetooth pairing should need a button to activate and a code. Code turned into 0000 or 1234 because making something unique is problematic on cheap consumer bits. Sure maybe this stuff will all have a touchscreen but I doubt it as that is still a major expense.

Look at a boiler, your thermostats never actually turn it on. It maintains an internal temp and the thermostats start a circulation pump to push hot water through radiators, cooling it down and thus cooling down the boiler so it kicks on. So you smart thermostat can call for all the heat it wants, it will never exceed that internal temp. Great but it's inefficient it needs more data like it's 70f outside, the alarm is set to away, all the family cell phones are out of range, the car is out of range, whats the expected forecast etc etc. That little controller needs to last decades without replacement or upgrades. So making it a lot smarter is futile. It needs to be just smart enough to say talk an external well defined will work for decades protocol, that's secure and not require rewiring everything. A shim controller just enough to get to the cloud or a local one for the DIY set can get the logic integrate various sensors. It can also gather historical data to make better decisions.

Bandwagon

Hi, my name is Mark Stanislev, and I'm jumping on the latest trendy bandwagon, IoT. Blah blah blah Duo Security blah blah blah...

Much ado about nothing

[Zero__Kelvin]

There is absolutely no reason not to have your oven networked, so long as it is properly designed. Hardware can't do what it can't do. You simply do what toaster and oven manufacturer's already do, which is to make sure that it passes UL Standards, and that no matter what the software tells the hardware to do, the hardware simply is incapable of complying with dangerous requests.

The hacker might burn your dinner, but he isn't going to "start a fire and burn your house down". Period.

I'm actually pretty surprised at the lack of vision being exibited right now in this thread. Why would I want my oven to be online? Seriously? If you can't think of advantages to having appliances capable of communicating over the internet, and being controlled by same, then you aren't thinking. As far as people "hacking in", it's called a VPN. Yes, they aren't inpenetrable, but that is besides the point. Nobody is going to try to hack your VPN so that they can burn your chicken or turn your lights down too low. If they have that capability, there are far more juicy targets.

In other words: I don't have to run faster than the Tiger; I just have to runn faster than you!

Re:Much ado about nothing

[noh8rz10]

Why would I want my oven to be online? Seriously? If you can't think of advantages to having appliances capable of communicating over the internet, and being controlled by same, then you aren't thinking.

Enlighten us please.

Re:Much ado about nothing

[epyT-R]

Yeah well, with consumer appliances and electronics designed and built in china, that is a bad assumption. Really, the answer is keep it simple stupid. If it's not needed, don't have it.

This crowd's been around the block enough times to know that liberty, privacy and control over one's domain are more important than trendy 'convenience.' Always connected appliances allow too many detrimental temptations for vendors and governments.

Re:Much ado about nothing

[Zero__Kelvin]

I'm assuming you don't use a word processor. Pencil and paper is so much simpler.

"This crowd's been around the block enough times to know ..."

Evidently you didn't compare SlashIDs with me :-)

Re:Much ado about nothing

[BitZtream]

There is absolutely no reason not to have your oven networked,

Please show me your unexplainable software. Go ahead, the world will wait while you present this solution that evidently you and you alone were able to figure out that solves all software exploits and engineering flaws.

Re:Much ado about nothing

[Zero__Kelvin]

Ah, yes .. the old "quote a tiny portion of a complete explanation, and then present it as if it was everything written" approach.

I especially like how you follow it with a complete non-sequitir! The way "Please show me your unexplainable software." couldn't possibly relate to the assertion: "There is absolutely no reason not to have your oven networked" is truly astounding!.

Don't worry. I'm sure nobody but me will notice that you ignored every part of my OP where I specifically address why it doesn't matter if it is perfect.

We don't put it directly on the internet

[Bender+Unit+22]

That is so 1990's.
We install a VPN router to connect to the home network through that? So the only thing we need to secure are the VPN?
Everything else is insanity and who wants to spend all their free time checking up on all their appliances to see if they are secure with the latest patches? Most of them probably won't be and the hardware will outlive the software updates.
Will there be security updates for your heatpump in 10 or even 5 years? I doubt it. But it is damn to be able to turn on the heat or cold from the office.

Re:We don't put it directly on the internet

[blue9steel]

I can see it now. You update the firmware in your fridge because it kept ordering milk too early and end up bricking the whole thing when there is a bug with the new version. Turns out the manufacturer doesn't make that model anymore and installing a replacement chip is more expensive than just buying another fridge. Yes, that sounds like fun.

Re:We don't put it directly on the internet

[jeffmflanagan]

Sounds like paranoia to me.

Re:We don't put it directly on the internet

"...10 or even 5 years"?

Fuck, most companies stop bugfixing the moment a new product hits the shelves.

The trend follows risk. No-one would network a device that carries excessive liability for damage or death. Networking microwaves and ovens is one such case.
Now if you lose a fridge-worth of food because someone hacked your fridge controls then the lawsuit might not be so bad.

They'll do it if the risk profile is lower than the perceived value to the consumer minus the cost of maintaining the feature adjusted for offsets by just...not...maintaining the software (which is what most companies would like to do).

Re:We don't put it directly on the internet

[pepty]

That's why you need to root your fridge. Plus then you can have cooler apps on it.

Re:We don't put it directly on the internet

[epyT-R]

Needless complexity can cause that in people, yes.

Or maybe...

[argStyopa]

...connecting some things to the internet is simply a dumb idea?

Why would I want my OVEN connected to the internet.
One has to be there to put the ingredients, etc in, no?
And if it's going to cook food while I'm not there...will it then eat it for me too?

Seriously, the technophilia is just stupid sometimes.

Re:Or maybe...

[DarkOx]

I forget what brand it was a few homes ago. I did have another heading on timer, you could preset the temperature and have a come on in a particular time you specified. This man for instance you can put casserole in the oven and head off to the movies. You knew about you get home you knew the thing in 45 minutes to bake, you could arrange for to be just about ready when you walk in the door.

And I was just with a simple timer was quite nice. Of course there was always the risk that you might be delayed, which of course meant your dinner might burn. I haven't seen this feature in a while probably because they were safety problems. I suppose IP enabled device could sort of solve that: goingto be late Pletcher iPhone cancel the oven or just the schedule.

So not totally stupid but in general I agree, often as that might be convenient probably not worth the cost and risk

Re:Or maybe...

[nmr_andrew]

Of course there was always the risk that you might be delayed, which of course meant your dinner might burn. I haven't seen this feature in a while...

Any relatively higher end oven has this feature. Mine does - I can set the oven to turn on at the time and temperature I want and then turn off after a set period of time as well. If you're delayed by a lot, maybe it will be cold again when you get home. There is an issue I suppose of putting something that really shouldn't sit at room temperature all day in there first thing in the morning, although someone above alluded to some really fancy ovens that have built in refrigerators as well. That's above my pay grade. There's also a related "Sabbath mode" on most of these appliances.

Why is this a thing?

Why would anyone ever need the ability to turn an oven on remotely? It's not like you can put a turkey in remotely.

securing is easy but requires internet giants to g

[pii9088]

securing is easy but requires internet giants to give up control to users. we must know why, what, when, and where the data flows, and users must be in control, to be able to selectively allow or not such connections.

Toast

[mspohr]

This has been a problem for many years as this old cartoon shows:
https://dl.dropboxusercontent....

For pete's sake ...

[cascadingstylesheet]

Why would my oven be connected to the Internet?

You know, there are plenty of "normal" computers that aren't connected to the Internet for this very reason: they are just too dangerous/important to get hacked. I would think you'd want the same for your oven, a massive heat-generating device.

Why?

[koan]

Would I be stupid enough hot put my oven online?

owner's responsibility

if my neighbor's oven is online, gets hacked, and the resulting fire burns down my home, then that neighbor is at least 50% responsible.

even easier

[swschrad]

do not plug the RJ45 cables in. log into the wireless router, and block them.

which reminds me, we have a PDF scanner that uses early XP at work, I have to tell the sysadmins about that unused POS.

Re:even easier

[epyT-R]

Soon it'll all be done over the cell net. You won't have a choice. No connectivity after a time? No 'service' from 'your' appliance.

Re:even easier

[jawtheshark]

How is that going to work in a house that has abysmal cell reception? I build a new house and due to the higher grade isolation (I think, it's a guess. May be the floor heating too, that's a lot of water), cell reception is extremely bad. Outside, it's fine. Of course, I didn't know this and my alarm system is GSM based. They had to install the system under the roof, because it the basement it simply wouldn't work.

sure ok

what if a big ass meteor hits while on vacation?

Internet

We can just secure our things the same way that the things currently on the internet www.haura-babyshop.com

Re: Here's how to secure your "Internet of things

Stop buying more than you consume. It's that easy. That way milk will rarely go stale.
If you can't plan enough, buy UHT milk in small 2 dl cartons. They last like a year. Good for coffee too.

A fridge doesn't need networking. Period.

Washing machines have timers nowadays. Set it to start at arrival - 1h.

Dishwashers, same thing.

If common sense is not used for IOT we will must end up with an NSA wet dream.

Let's end 'internet of things'

Can we call the 'internet of things' something different? Maybe 'the internet'? "The internet of things" is starting to sound kind of gay, like using the word 'flavors' to describe different versions of linux/unix did all of those years ago.

I know this has been asked, but...

Seriously, why does an oven, a toaster, or any other household appliance need to be connected to a network? And yes, that is rhetoric. I'm convinced that many, many things do not need to be computerized, let alone networked. Call me a luddite, but I think we're getting computer-crazy these days. Not to mention Web-crazy.