Slashdot Mirror

← Back to Stories (view on slashdot.org)

Security for the 'Internet of Things' (Video)

Posted by Roblimo on from the my-kitchen-sink-has-been-hacked-and-is-spewing-hot-water-all-over-the-place dept.

What happens when your oven is on the Internet? A malicious hacker might be able to set it to broil while you're on vacation, and get it so hot that it could start a fire. Or a prankster might set your alarm to wake you up at 3 a.m. - and what if someone gets access to the wireless security camera over your front door and uses it to gain access to the rest of your home network, and from there to your bank account? Not good. With the 'Internet of Things' you will have many devices to secure, not just a couple of computers and handheld devices. Timothy Lord met Mark Stanislav of Duo Security at BSides Austin 2014, which is where this interview took place.(Here's an alternate link to the video.)

4 of 106 comments (clear)

  1. Here's how to secure your "Internet of things" by ArcadeMan · · Score: 5, Informative

    Don't buy things that connect to the Internet.

    --
    Get free satoshi (Bitcoin) and Dogecoins
    1. Re:Here's how to secure your "Internet of things" by mlts · · Score: 4, Insightful

      Why should they be on a network at all? My refrigerator does just fine with a basic thermostat, electrical fusing, a device to pour water into a mold, dump it in a bin when frozen, then stop dumping it when the bin fills up, a switch to turn on the light when the door opens and a fan so it runs without the need to be defrosted. The additional gewgaws don't help with core operation.

      Same with a stove or a microwave. For safety's sake, it should only be able to be turned on by someone who is physically present.

      Sometimes, there is just no real point in adding a device to the IoT, and the fewer devices that have networks, the fewer attack vectors an attacker will have to operate with.

      This doesn't mean that isolated networks are bad... for example a vehicle needs the CANBus. However, if one doesn't need to have that functionality in a toaster, why built it in?

      If we have to have a network or bus for statuses, why not a read-only bus, essentially like a serial port with the return line cut so the device can send status messages out, but not have them go back. The basic concept of a data diode. This way, one can tell if their fridge is over temperature, but a blackhat can't log on and turn the fridge off and spoil someone's steak stash.

  2. don't connect it by fluffy-the-dest-6649 · · Score: 4, Insightful

    why the hell would you connect your house to the internet or any appliance on the Internet anyway. Getting your appliance to work on your computer or a computer so you can control it via 1 pc for various aspect is fine but connect it to the Internet and no matter how secure it is, someone will find a way in. Best security is to NOT connect it on your Internet. Hell pretty simple concept to understand

  3. iOS vs Android in the car by noh8rz10 · · Score: 4, Interesting

    I thought a lot about this when there were dueling announcements with iOS and Android in the car. The two approaches are completely different. The android approach is to be a central hub that all components can plug into, as well as you can download apps. iOS is the exact opposite, a gated system that only has access to the screen and input buttons. Android wants to be the car's brain, and iOS wants to be the car's entertainment console.

    The concern, what happens when a hacker exploits one of android's (many) security weaknesses? they have the keys to the kingdom. Can they kill the engine while you're on the freeway? in contrast, what if a hacker pwns your iOS? maybe they change the apple maps to drive you into a lake?

    The stakes just seem a lot higher when you start letting others into your car's electronics system. These also apply to other things, like the oven in the summary.