The Nightmare On Connected Home Street

theodp (442580) writes With the battle for the connected home underway, Wired's Mat Honan offered his humorous and scary Friday the 13th take on what life in the connected home of the future might be like. "I wake up at four to some old-timey dubstep spewing from my pillows," Honan begins. "The lights are flashing. My alarm clock is blasting Skrillex or Deadmau5 or something, I don't know. I never listened to dubstep, and in fact the entire genre is on my banned list. You see, my house has a virus again. Technically it's malware. But there's no patch yet, and pretty much everyone's got it. Homes up and down the block are lit up, even at this early hour. Thankfully this one is fairly benign. It sets off the alarm with music I blacklisted decades ago on Pandora. It takes a picture of me as I get out of the shower every morning and uploads it to Facebook. No big deal." Having been the victim of an epic hacking, Honan can't be faulted for worrying.

Uh-oh

[paiute]

Better return that USB Fleshlight

Re:Uh-oh

[dinfinity]

The times of your PC speaker blasting Yankee Doodle at 17:00 are long gone.

TFA is overlooking a very important part of how hacking and viruses work anno 2014 and that is that hackers and virus makers have gone from people just messing around to people making hard cash or disrupting very specific and powerful entities. If anything, the symptoms described would only be part of ransomware or some terrorist attack when directed at average Joes.

Like the devices targeted by most viruses today, these sorts of devices will mainly be infected to track and sell data, to be able to use them for ddossing or cryptomining, and as a vector to extract financial authorization data. I don't think the 'my house has a virus and now I'm hearing Skrillex every day' is going to be very prevalent.

Of course the threat is real and the results when being targeted specifically more dangerous (to the body) than in traditional hacking. In that sense, we do need to be extra concerned with safety when it comes to 'connected homes'.

Re:Uh-oh

[WhatHump]

Ever had a break-in at your home? How did you feel? Violated? Even if nothing of value was taken your sense of security is diminished. This is what an average person will feel when their "connected" home is breached. There are asshats who will do this for a thrill, or to get back at a neighbour for a real or perceived slight.

Re:Uh-oh

[kesuki]

" There are asshats who will do this for a thrill, or to get back at a neighbour for a real or perceived slight."

welcome to the real world. there have been many films documenting how bad people are. have you ever heard of tom green? what about jackass? hell why not watch 'telling lies in America' or maybe 'stand by me' the internet is no more immune to asshats than real life is. or are we all supposed to do nothing wrong? get real, people are not morally pure. the bible to mention one popular source says that no man has ever been good. http://skepticsannotatedbible.com/ec/7.html#20 the bible conflicts itself on the matter, but it is in there.

What a joke..

[bjwest]

The internet of things is nothing but a marketers (and hackers) wet dream. I've said it before, and I'll say it again - there is no reason what so ever for each device to be directly connected to the internet, or have internet access, for that matter. The refrigerator doesn't need access to the internet, neither does the washer and drier, toaster, or even the thermostat. One home router and a single control unit is all that's needed, or both in one unit. Let that control your food, soap and dryer sheet inventory. Each unit can tell the control system when a unit of measure is used, and it can keep track. Access to the internet is limited to that one device and there aren't 20 different ways to hack into my network. Of course, this will never fly. Each manufacturer will want to hold the patents on the standards, so they can charge for what should be a free and open standard. No one will ever play nicely so the general public can benefit rather than the elite corporations.

Fuck them, I'm glad I have the skills and knowledge to do this on my own, without all their patent encumbered, insecure crap. Of course, my washer and drier, refrigerator and oven will remain dumb, as they should.

Re:What a joke..

[Cid+Highwind]

One device to compromise. If malware infects the LAN-of-things gateway, it can tell your pillows to play deadmau5, tell the lights to flash, and tell the security system to upload shower-cam photos to facebook.

(But then, computer viruses that just annoy the user with sounds and flashing text are deader than dial-up. Connected home malware would probably wait silently for bad weather, then lock you out and demand 0.25 bitcoin to let you back inside, or steal your amazon credentials when the refrigerator orders more milk, or turn on everyone's air conditioner at the same instant to DDoS the power grid.)

Re:What a joke..

[Iamthecheese]

The refrigerator doesn't need access to the internet

Unless I want it to look up recipes. Or be able to auto-order things I'm low on. Or text me in the store to let me know I'm low on milk. Or complain that there's a dangerous form of mold growing. Or give me food usage statistics.

there is no reason what so ever for each device to be directly connected to the internet,

I've seen this argument over and over again and it's still just as short-sighted as when it was said the first time.

There's no good reason and off the top of my head three bad reasons to restrict architecture to a single reporting system:

• Standards problems. A home automation system needs to be as future proof as possible and it's all too likely that manufacturers of such systems will do everything possible to not work well together.
• future needs.Where a new set of data from a self-hosting fridge is inherent to the appliance I have to rely on two different systems to support it with the architecture you propose.
• virus resistance. A large and diverse ecosystem of appliances won't be nearly as vulnerable as a few standardized systems

The 'Internet of Things' is the next NoSQL, RoR.

Amen, brother! Amen, amen, AMEN!

I've had to see through so many meetings now where some hipster dickweeds keep going on about the 'Internet of Things'. It is all so very tedious. It's just like three or four years ago, when they wouldn't shut the hell up about NoSQL. They said it would 'change the world' and we'd have to get rid of all of our real DB systems. MongoDB! Cassandra! Redis! They couldn't go 10 minutes without dropping one of those names, even when we were talking about rugby during lunch. And then they were proven wrong. Those technologies faltered and withered.

And it's just like four years before that, when these same hipsters had stiff, raging hard-ons for Ruby on Rails. It would 'change the world', they told us. We'd have to get rid of all of our web apps written in Java, PHP and Perl. Ruby! Ruby on Rails! DHH! Zed Shaw! Mongrel! The name dropping was maybe even worse than it would be for NoSQL. I couldn't go an entire work day without hearing some hipster verbally ooze lustful and quasi-erotic feelings for Zed Shaw. And then they were proven wrong. Those technologies faltered and withered.

The 'Internet of Things' is following the same pattern, and the outcome will be the same. The hipsters get excited about something stupid, the hipsters won't shut up about it, reality sets in, and their obsession becomes irrelevant when there's none of their hype surrounding it.

It doesn't matter if we want a "connected home"

[bluegutang]

It doesn't matter if we WANT a "connected home". We are going to have it, like it or not. In a couple decades, it will be impossible to buy an appliance that isn't "connected'. Connectivity will cost less than whatever the marketing companies will pay to track our habits, and all devices will include connectivity by default. We likely won't even be able to buy unconnected devices, because economies of scale will not exist to make them affordable.

Re:It doesn't matter if we want a "connected home"

[ArcadeMan]

To anyone currently building or planning to build a house: have a faraday cage built-in into the walls, floors and roof. That includes the windows. It's going to be a pain in the short term to not have wi-fi in your house, but in a decade or two you'll be glad you did.

Re:It doesn't matter if we want a "connected home"

[pla]

It doesn't matter if we WANT a "connected home". We are going to have it, like it or not. In a couple decades, it will be impossible to buy an appliance that isn't "connected'.

You could say that today about things like printers and TVs - They always seem to want you to plug in a network and tell them how to get to the outside world. But! We have one option that will always work - Don't plug it in. And if it uses wireless, well, you should already use MAC whitelisting on your router (yes, I know, not "real" security, but as with so many other things, it keeps the "honest" casual-thieves away).

Of course, with your TV, that will break functionality you may want, such as direct access to YouTube. With printers, I've never understood why they need to know how to get out of your LAN, they just need a valid local address; no gateway, no DNS required. And with your refrigerator, toaster, microwave oven? Sorry, but automatic restocking, a live video feed of the color of my toast, and remotely starting dinner don't really count as "killer apps" (except insofar as the last one will eventually lead to houses burning down as a result).

The real problem comes with more expensive things like cars, where the cost of giving it its own cell connection falls far short of the marketing value of selling out your driving habits; in that case, though, you can disable it, they just make it somewhat difficult (in the case of my most recent car, I needed to pull out the entire center console to get at and unplug the TMU). But overall, the way to keep your devices offline? Pull the plug, simple as that.

Re:It doesn't matter if we want a "connected home"

[fisted]

What makes you believe you couldn't run a wireless network inside a faraday cage?

Re:It doesn't matter if we want a "connected home"

[dissy]

With printers, I've never understood why they need to know how to get out of your LAN, they just need a valid local address; no gateway, no DNS required.

Most printer vendors these days offer a feature to print from the internet, and they figure (correctly I suspect) it's easier to have the printer connect out and poll than to explain how to port forward something through a home router to the average customer.

HP for example assigns the printer an email address on one of their domains, and the printer just polls the mailbox.

I suppose under the asumption one wants such a feature, this is the better way to go about it...

Re:This is what happens

[ArcadeMan]

I just tried to apply for a job where they required 6 years of experience in Swift.

Re:Wat

[ArcadeMan]

When you're out of milk, is your Google Glass half-full or half-empty?

Re:You do know

[ArcadeMan]

Of course you would. Your name isn't Dave.

Not Mat again

Mat Honan is no stranger to this kind of stuff and I'm really tired of hearing what he has to say. The thing that soured me was when he stuck his phone in his back pocket, sat on it in a taxicab, and the screen cracked...and promptly whined to someone else at Wired and had them write a whole article about phone glass to justify that it wasn't his fault that he plopped his ass down on his phone and busted the screen. This guy seems to blunder constantly and then blames all of the things that happened on someone else.

Re: Just run it on OpenBSD, for crying out loud.

[dotancohen]

It doesn't really matter what the operating system is if the security bug is inside the software you need to run.

I think that was the point. Other than BIND, what runs on OpenBSD?

Networking 101

[bananaquackmoo]

These days there really should be a basic computer networking class that everyone has to take. If there were then people would know how to fix these problems themselves. Lockdown your LAN and make sure you keep your wireless device software up to date with super strong passwords, if you really need to have wireless.

Re:Just run it on OpenBSD, for crying out loud.

[KingOfBLASH]

While OpenBSD is certainly more secure than most operating systems, running it is not a cure all.

Just look at Heartbleed. The bug affected still affected OpenBSD.

And if you didn't patch your system, you'd still have issues to this day.

The fact of the matter is good security is hard, and requires a lot of work. Using OpenBSD may get you closer to your end goal, but you still will have to do some leg work yourself

Re:This is what happens

[ColdWetDog]

There's nothing unreasonable about that. Yes, Swift was just publically announced a few days ago. But you need to show that you have experience with it if you want to get the job that uses it. The best way of checking if somebody has experience is to see how long they've been using the technology. It doesn't matter if it was released tomorrow, today, yesteday, last month, or decades ago. If you're good enough for the job, then you'll already have 6 years of experience with Swift. If you don't have the experience, then you just aren't good enough. Is that really so hard to understand?

Now I know what our HR manager is doing at her desk. Hi Sandy!

Re: Just run it on OpenBSD, for crying out loud.

[loufoque]

Most software on embedded devices is just Linux open-source software repurposed with a shitty UI on top.

Re:This is what happens

[ArcadeMan]

I'm sorry, the link doesn't work anymore.

Re:How's this then?

[istartedi]

His is by Ray Bradbury. You were saying? Everybody else on this thread so far, except for the top-level poster, TURN IN YOUR GEEK CARD.