Slashdot Mirror

← Back to Stories (view on slashdot.org)

Stanford Starts the 'Secure Internet of Things Project'

Posted by Soulskill on from the let's-call-it-"thing-neutrality" dept.

An anonymous reader writes: The internet-of-things is here to stay. Lots of people now have smart lights, smart thermostats, smart appliances, smart fire detectors, and other internet-connect gadgets installed in their houses. The security of those devices has been an obvious and predictable problem since day one. Manufacturers can't be bothered to provide updates to $500 smartphones more than a couple years after they're released; how long do you think they'll be worried about security updates for a $50 thermostat? Security researchers have been vocal about this, and they've found lots of vulnerabilities and exploits before hackers have had a chance to. But the manufacturers have responded in the wrong way.

Instead of developing a more robust approach to device security, they've simply thrown encryption at everything. This makes it temporarily harder for malicious hackers to have their way with the devices, but also shuts out consumers and white-hat researchers from knowing what the devices are doing. Stanford, Berkeley, and the University of Michigan have now started the Secure Internet of Things Project, which aims to promote security and transparency for IoT devices. They hope to unite regulators, researchers, and manufacturers to ensure nascent internet-connected tech is developed in a way that respects customer privacy and choice.

77 comments

  1. My startup is building the Internet of Things by Anonymous Coward · · Score: 0

    It is nice to have Stanford to pitch in to help my startup.

    1. Re:My startup is building the Internet of Things by davester666 · · Score: 1

      Are you kidding. You might crib some code from the project, but I GUARANTEE you will strip out any code "that respects customer privacy and choice".

      Right now, interoperability just means that more companies have direct, unfettered, access to whatever data is generated by the devices you purchased.

      --
      Sleep your way to a whiter smile...date a dentist!
  2. Dumb as a Rock by pubwvj · · Score: 5, Funny

    I prefer a Dumb Home. Our home is built of stone. It has no brains. It is solid state. It stores incoming solar and wood fired heat and then releases it slowly. It never freezes despite our very cold northern mountain winters. It's too much thermal mass to freeze. Dumb wins. The doors are manual. The windows are manual. The security system is operated by a pack of local wolves - they eat predators. We have no thieves.

    1. Re:Dumb as a Rock by Anonymous Coward · · Score: 0, Funny

      Stone houses have the draw back of being very expensive when the government taxes them on the total mass of the house, and when they put it in foreclosure you're stuck out in the cold. obviously when you keep collapsing gold mines to pay the taxes the lawsuits start to roll in. also, stone while easy to clean is prone to the spontaneous combustion of the cloud server when it attempts to duplicate it with dd. and you'd be surprised at how a dumb house can be chattr/chflag to immutable making sure that the cloud server and all attempts to power it on takes a large array of atomic cores to power the servers. this will cause time dilation. so while your nice and toasty warm, it will still cause you to lose a few billion years of existence. just ask the pharaohs about their pyramids to cheat death.

    2. Re:Dumb as a Rock by pubwvj · · Score: 5, Informative

      Your post is just nonsense.

      Our stone house only cost to build $7,000. That is not expensive. It's so low cost that I built it out of pocket money without needing to get a mortgage to build my home. This means I'm not paying interest on that too. Additionally the taxes are lower than a comparable sized stick built house so each year I save on taxes. And the maintenance is almost zero.

      Our house cost less to build, less to maintain, less to heat and cool and is taxed less. It's extremely affordable. Not only that it is simple so most anyone could build their own making it accessible.

      Our house will also last for hundreds to thousands of years instead of the typical 25 to 50 years of stick built houses.

      Dumb rock house wins again.

      You may not like losing but at least make sense with your responses.

    3. Re:Dumb as a Rock by Anonymous Coward · · Score: 0

      Solid state homes, it's the next logical step from solid state drives. Wait, I think entropy just turned around in the whole universe.

    4. Re:Dumb as a Rock by Anonymous Coward · · Score: 0

      His greatest hack was smoking crack.

    5. Re:Dumb as a Rock by pubwvj · · Score: 1, Informative

      Who? I did. It has full plumbing, heating, electric, etc. It is interesting how someone like you says something is not true when you have no facts to base it on.

      By the way, you lose the wager. Pay up.

    6. Re:Dumb as a Rock by Anonymous Coward · · Score: 0

      Says a random internet stranger. Yes.

    7. Re:Dumb as a Rock by AmiMoJo · · Score: 0

      To be fair, that's not something most people could do. Presumably you have the relevant certifications for installing electrical wiring and plumbing, hooking up to the networks etc. Not everywhere has a cheap supply of stone, or even allows stone buildings to be built.

      I'm not suggesting what you did wasn't great, it is, but it's just not a very useful comparison for most people.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    8. Re:Dumb as a Rock by swb · · Score: 0

      It's interesting how you only say "I did it" without explaining how you did it.

      Most cost estimating uses ~$100/sq ft for residential properties, which would make your stone house 70 sq. ft.

      Provide some facts -- finished square feet, internal materials and features, cost of land, etc, otherwise I have to remain skeptical.

    9. Re:Dumb as a Rock by pubwvj · · Score: 1

      I have no certifications nor do I need them. It is something that most people could do. How to do plumbing, electric, etc is all on the internet and in books. Most people are intelligent enough to follow the step-by-step instructions and do it. They may or may not have the creativity to come up with the plan to start with but once they have the plan they could do it. I extensively documented how we built our house. There are lots of other articles and books out there about how to build your own house.

      If you don't have a cheap supply of stone, something that grows abundantly in Vermont and NH, then look to your local resources. Rammed earth is another cheap solution that can be very long lasting.

      The problem is motivation. People have been told they can't do things, that they're not capable, that they need experts with certification and they've come to believe it. The reality is most people could build an inexpensive long lasting low maintenance home. The housing crisis is a myth.

    10. Re:Dumb as a Rock by pubwvj · · Score: 1

      See:

      http://sugarmtnfarm.com/cottag...

      That starting page will take you onward to many more pages that extensively document how we did it. It took two months to prep and build the shell to the closed in point. Then winter hit - we have a short construction season here in the north.

      This does not include the land - I already owned that - the discussion was the cost of building the house. I was not gifted the materials. The $7,000 is the materials. Our family of five (2 adults, 2 teens, one small child) supplied all the labor while also schooling and farming. Check out the page above for pictures and the blow by blow account.

      Since then we have built our own USDA/State Meat Processing Facility e.g., a butcher shop which we're just about to open for business to process livestock from our farm. That was built along the same methods as our house but with improvements in methods - we learn. See:

      http://sugarmtnfarm.com/butche...

      for details of how that has been constructed and the process of going through the regulatory hoops. It's been a journey.

    11. Re:Dumb as a Rock by pubwvj · · Score: 1

      Actually, I have explained it and documented it extensively. See:

      http://sugarmtnfarm.com/cottag...

      and then for another similar project read about how we're almost done building our own on-farm USDA/State inspected Meat Processing facility - a _much_ larger project at:

      http://sugarmtnfarm.com/butche...

      Largely of the cost of building a house is labor. Supply your own labor and you dramatically cut the cost.

      Another big part of the cost is architects, engineers and other consultants. Be your own or use available plans on the web or in books (there are many) and you get rid of that cost.

      The "cost estimating of $100/sq-ft" is vastly out of line with reality.

      While most people might not have the creativity, knowledge and experience to design and engineer the structure the actual construction cost is fairly low. Most people could do it. The problem is experts, who have a massive conflict of interest, have been telling people that people are not able, not qualified to do things. This has created an economy where people hire out for things rather than doing things themselves. That's good for stimulating the economy, but expensive.

    12. Re:Dumb as a Rock by AmiMoJo · · Score: 1

      I have no certifications nor do I need them. It is something that most people could do. How to do plumbing, electric, etc is all on the internet and in books. Most people are intelligent enough to follow the step-by-step instructions and do it. They may or may not have the creativity to come up with the plan to start with but once they have the plan they could do it. I extensively documented how we built our house. There are lots of other articles and books out there about how to build your own house.

      I've seen a fair bit of amateur wiring, and I can assure you that most people are not capable of safely wiring up a house. In any case, without certification the electricity company won't let you connect to the grid, so you are reliant on what you can produce.

      So, nice work, but not very practical.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    13. Re:Dumb as a Rock by drinkypoo · · Score: 1

      I've seen a fair bit of amateur wiring, and I can assure you that most people are not capable of safely wiring up a house.

      Isn't this slashdot? Don't we assume that regulars here arw capable of learning this?

      In any case, without certification the electricity company won't let you connect to the grid, so you are reliant on what you can produce.

      Not only is that not a big problem any more, but all a contractor has to do is sign his name to a piece of paper and you're allowed to connect to the grid. And all he has to do before he does that is look over some of what you've done and see that you know what you're doing.

      Not long after I moved into this rental I live in now, I corrected a neutral fault to ground, probably created by a prior resident. So yeah, people can screw up badly. But they can also fix things, and get it right. I put in a branch 220 circuit in my last house, and I did it correctly down to wire gauges.

      --
      "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
    14. Re:Dumb as a Rock by pubwvj · · Score: 1

      And there lies the error in your assumptions. You assume that because you have seen X that most are X. That is not statistically or scientifically valid. In fact, it is irrational.

      You are also wrong about your statement about connecting to the electric company. This further demonstrates your lack of knowledge. You're talking through your hat. We are utility connected.

      Reality check: The state inspectors saw my work and were delighted with it. They said they wished everyone did such a good job, including professionals.

      It's practical. Read code. Read manuals. Read books. Teach yourself. No experts needed. Just a willingless to learn and do.

      It would be really nice if people like you stopped trying to convince other people that they are incompetent. Far better to encourage people to learn and do. People are a lot more capable than you appear to think.

    15. Re:Dumb as a Rock by swb · · Score: 1

      Interesting. How big is it? I didn't see any size estimates (nor did I spider the web site, either) but it looks pretty small -- 20 ft or less on the long side, maybe 10-15 on the short side, call it 300 sq ft. That's extremely small -- the standard size for a two car garage is 400 sq ft.

      While it's impressive that you were able to produce an entire house for $7k, had you said "yeah, we build a stone house for $7k and it's only 300 square feet" it would have seemed more realistic.

      It almost seems like you leave how small it is out of the "entire house for $7k" claim on purpose to make the brag seem more amazing.

    16. Re:Dumb as a Rock by AmiMoJo · · Score: 1

      And there lies the error in your assumptions. You assume that because you have seen X that most are X. That is not statistically or scientifically valid. In fact, it is irrational.

      You are also wrong about your statement about connecting to the electric company. This further demonstrates your lack of knowledge. You're talking through your hat. We are utility connected.

      *facepalm*

      So I'm wrong for speaking from experience, but you are right because you speak from experience. I can tell you with absolute certainty that in my entire country you can't hook anything up to the grid without it having been inspected and signed off by a qualified electrician, and they generally won't even consider DIY installations for liability reasons.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    17. Re:Dumb as a Rock by pubwvj · · Score: 1

      No, you're wrong from applying your experience over someone else's experience and saying that your experience rules. You're failing to accept the possibility that there are other ways that don't fit your world view.

      I hope your face gets better after that face palm.

    18. Re:Dumb as a Rock by Mark+of+the+North · · Score: 1

      If anyone is wondering how pubwvj achieved a $7k build, it's all about size. The house is really a cottage, and a very small one at 252 square feet. That's probably the most important factor in keeping the cost low. They also used some fairly uncommon building techniques, including a ferrocement roof. I believe pubwvj is an engineer, meaning he likes to solve problems, of which there would be many in this sort of construction. He may have been able to get around any code issues with an engineer's stamp. Then again, it may be that a 252 square-foot structure isn't required to meet code. Looking over the construction diary, I don't think I would be worried about the safety of the building, it seems sound. The cost is about what I would expect for an owner-built structure of that size, even a more conventional structure. And I wouldn't abandon the idea of such a small home out-of-hand either. Looking around our home, which is about 1500 square feet plus a basement, the vast majority of the space is used for storing stuff we don't use (mostly equipment for former hobbies of mine). If we got rid of our junk, we could probably be quite comfortable in a 250 square-foot cabin/cottage, assuming it was well designed.

    19. Re: Dumb as a Rock by MikeSyposs · · Score: 1

      Your back and forth rant so far reads as: ...and I'll huff and I'll puff and I'll blow your house in ... ... not by the hair on my chinny, chin, chin

    20. Re:Dumb as a Rock by pubwvj · · Score: 1

      Read the article and you'll find all the details.

      How big is a house was not the question. The issue at question is smart vs dumb houses, longevity, long term costs, ability of people to build their own. Some people choose to live in very large houses. Some choose small houses. That is an irrelevant variable. The question is can you affordably build a long term house. Most people can if they want. Do they need the Smart House fancy technology? No. That drives up the cost and isn't going to be supported long term - that was the concern of the original article.

      Dumb Rock is my choice.
      How big you build it is your choice.

    21. Re: Dumb as a Rock by pubwvj · · Score: 1

      That will be interesting. I live in the stone house. I doubt he can blow it down. :)

    22. Re:Dumb as a Rock by swb · · Score: 1

      252 square feet is smaller than a lot of New York City apartments. A king size bed alone is 42 square feet.

      I do agree that a lot of the "smart house" technology isn't very sustainable, and realtors I've talked to tend to say that it actually makes houses hard to sell.

      I suspect, though, that some flavor of smart technology will become more normal at least with regards to electricity. I think improvements in battery capacity, reductions in net metering value and so on will get more people running from mixed power sources, whether it's grid, generators, solar, wind, etc, and an electrical system that understands its power source, available power, charge status, etc will become not unreasonable.

    23. Re:Dumb as a Rock by swb · · Score: 1

      I think you would probably make a lot of sacrifices for 252 square feet. That's a square 15 feet on a side, smaller than a standard 2 car garage. My dad lived in a 40 foot motorhome (8 ft x 40 ft) and that's 320 square feet and it felt small when I stayed in it; plus, most everything was motorhome-sized (stove, toilet/bath, etc) and a lot of built-ins & storage efficiencies.

      This guy says he has a wife and 3 kids -- I think it might take some religious type orientation to live in a cold climate with 5 people in 250 sq ft of space.

      The most bare necessities like a toilet, sink, tub, bed, stove, fridge, table, chairs add up pretty quickly. I didn't dig around enough in his web site to see if there were inside pictures, but I'd be curious to see how its arranged.

      My biggest beef is just that the poster was disingenuous -- "I built a stone house for $7k". What he built is smaller than most garages and approaches a large shed in actual size. I'm also skeptical $7k can actually cover building, furnishing and decorating even that small space completely. Maybe if he moved in existing appliances. Maybe if he built all his own case goods. Maybe if the finish materials are like prison-basic (just coating the slab with a gloss topcoat instead of tile or carpet), white paint on the walls, etc

  3. Think business, not technology by captaindomon · · Score: 4, Insightful

    Companies that make these devices are driven by business interests, not technology concerns. Which is what their shareholders expect and require. So the question isn't "Can someone hack this?" the question is "Given 0.001% of these get hacked, and our recourse is to return the $50 in a refund which is our highest liability exposure due to terms & conditions, that equates to five cents cost per unit. So if we are selling 10 million of these per year, we should not spend more than $500,000 on security engineering. That pays the full run rate for two full-time engineers. Hire them and see what they can do". We sometimes forget the economics side of things in technology arguments...

    --
    Just because I can hook a shark from a boat, I do no offer to wrestle it in the water.
    1. Re: Think business, not technology by Anonymous Coward · · Score: 0

      Well, I consider that sort of thing just one more flaw that needs correcting. As in hold businesses accountable for stupid decisions which expose people to harm.

      The technology may be broken, but the law is too.

      Yeah, I know, blah blah socialism blah blah job creators blah blah innovation etc. Tired of excuses.

    2. Re:Think business, not technology by neminem · · Score: 3, Insightful

      Then somebody hacks into a thermostat, uses it to burn somebody's house down for luls. The couple whose house was burned down tries to sue, loses due to the contract that says their only recourse is a refund of the 50$ even though WTF, it makes all the news everywhere, and the device is forever known as "that device that burned some guy's house down and they gave him a whopping 50 bucks". They're now out 50 bucks in direct cost, and a jillion dollars in lost sales.

      We sometimes forget the economics side of things, but companies *often* forget the social side of things (i.e. if you treat people like crap, they'll tell their friends, who will tell their friends, and eventually you'll be "that company that treats people like crap". Unless, of course, you're a monopoly, or if all your competition is equally terrible, in which case do what you like.)

    3. Re:Think business, not technology by AmiMoJo · · Score: 1

      As a real engineer let me explain how it works. Both of you are a bit off.

      Even if you hire security engineers, they will be overridden by the need to add marketable features and reduce support costs. If it's too hard to set up, if it can't do what the competitor's product can do, security is irrelevant and will be at best an afterthought.

      In practice, they won't hire security engineers with that $500k, some manager will spend $5k on PR making them out to be the victims if they are hacked, and the rest will be his bonus for that quarter. It works too - look at Apple. Crap security leads to many people's private photos being posted to 8chan, they claim to be the victims of "sophisticated and targeted hacking" (reality is they didn't rate limit login attempts or use captchas) and the exodus of users from iCloud doesn't happen.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    4. Re:Think business, not technology by drinkypoo · · Score: 1

      Then somebody hacks into a thermostat, uses it to burn somebody's house down for luls.

      How do you propose it will even do this? The thermostat just asks the heater for heat, the heater typically has an overheat switch and will shut itself off if somehow it approaches starting a fire.

      --
      "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
  4. How about IoT devices use a LAN? by mlts · · Score: 2

    TFA was "meh" at best, but why not design a secure architecture where the $50 device communicates to some type of secure hub (or hubs if one wants redundancy), and the hub is what communicates on the Internet. This way, only one device has to be hardened against attack via the Net. Yes, it doesn't stop attacks done at the LAN level... but any security is better than none, and it would help lock out all intruders except those close by in physical proximity.

    This can be done a number of ways, by the central hub being a Wi-Fi AP, or just part of a BT PAN pairing.

    To boot, if devices need to communicate with a remote site, there are many ways to communicate via secured link.

    A hub topology is the proper way to do IoT. Letting every device go out via 3G or whatnot is only asking for compromise.

    Realistically, if the device is "smart", it should just get passed up. If we don't pass up on these devices, we will be seeing fridges demands one sit through a 30 second ad before it unlocks the door, or the oven to allowing Slurm brand turkeys to be baked in it.

    1. Re:How about IoT devices use a LAN? by kesuki · · Score: 1

      would you kill me if i told you every single password to every single account of every single computing account? on every platform ever imagined, with up to 2048 bit password legths in an automatically compressed (only used space of passwords not 2048 bit for every single password) format in rot 13 encryption?

      --
      https://www.gnu.org/philosophy/free-sw.html
    2. Re:How about IoT devices use a LAN? by kesuki · · Score: 1

      note: i'm not claiming i can do this, i only have 25 GB blurays to store it on so it probably cuts off. but really i mean why the hell do we need 100 years of chat logs for every single marine made in any starcraft game ever played.

      --
      https://www.gnu.org/philosophy/free-sw.html
    3. Re:How about IoT devices use a LAN? by kesuki · · Score: 1

      and why do they all have houses families kids and favorite movies and favorite books, and high paying jobs in wet lush paradise cities where they only fade away when the hard drive fill up.

      --
      https://www.gnu.org/philosophy/free-sw.html
    4. Re: How about IoT devices use a LAN? by hackwrench · · Score: 1

      The link didn't take me directly to the video and the transcript didn't turn up. I'm on mobile if that's why it didn't work right. Any help?

    5. Re: How about IoT devices use a LAN? by hackwrench · · Score: 1

      This was supposed to be on the Cory Doctorow article. Slashdot keeps coming up with new reasons to hate it.

    6. Re:How about IoT devices use a LAN? by Anonymous Coward · · Score: 0

      This will be the primary value of proof of work blockchains soon.

      It's the perfect third party, as it works around/solves (depends on your POV) the Byzantine generals problem.

    7. Re:How about IoT devices use a LAN? by Anonymous Coward · · Score: 0

      How about don't buy into the whole Internet of Things BS in the first place! I am not ever going to buy any so called "smart appliances". I don't need them, or even want them. Why would anyone want every appliance and device in their home to spy on them? To be sending what should be private information on them to who knows where? Appliances and devices that can be taken over by hackers? How about if hackers shut down all of your "smart" appliances and devices and demand a ransom payment for them to work again? It could easily happen! It is happening right now with people's computers (look up/Google ransomware).

      In fact, if it gets to the point that all you can buy are appliances that require an internet connection to work, smart people will be making and marketing devices that fool these so called "smart appliances" into thinking that they have an internet connection when in reality they do not.

  5. Here's my way... by Anonymous Coward · · Score: 1

    How to secure 'Internet of Things' things: Firewall them oRf from having access to the Internet.

  6. There is no IoT by AK+Marc · · Score: 2

    Everyone I've seen selling IoT things have been selling "non-Internet connected network of things that we call IoT because that sounds cooler". The IoT is when the devices are connected to the Internet. Not when they are connected to a proprietary private network owned, controlled and managed by a single company, and "Internet" access is through a paywalled proxy. My home power meter is "IoT" and there is no way to access it from the Internet, directly or indirectly. Though the reports the power company pulls through their closed and private network are shared time-delayed in emails and paper reports sent out.

    Similar are the mobile-phone network IoT car-based devices, a number of which will "IoT" when back at base, through secure WiFi to a private server, with no data in the loop *ever* traveling over the Internet (unless the customer buying the solution goes out of their way to send things over a WAN, that's still not Internet connectivity, just using the Internet for a private WAN).

    The level of control around IoT at the moment prevents any IoT from working over the Internet. The IoT is when every device in your house is connected (probably IPv6, with a /56 for your personal items), and you can reach your own stuff from anywhere. When the "lock your door remotely" is app-based and locked into your Samsung phone, and Samsung home server, and lock from a short approved list that pays Samsung (sorry, the last IoT home demo I saw was one of Samsungs), that's not IoT, that's a Samsung home automation solution.

    --
    Learn to love Alaska
  7. IoT is unsecurable by sinij · · Score: 2

    You can't secure IoT, there is not enough value in each individual device to implement robust security. To make things worse - consumers don't understand security and don't put any pressure on demand side. The only way I can see the whole mess could be secured is with establishing secure perimeters and access control border devices.

    For example, your house has ACME smart thermostat, ACME smart fridge, and ACME remote baby monitor device all connected to the Internet. Since ACME is competing/pressured based on price-point to keep their ShopMart contracts going, they have not spent any time securing their devices. It is 2025 and they are still stuck using badly-broken TLS 1.4! Fortunately for the consumer, home routers market stepped up and developed sophisticated access controls, reputation services, pattern-based communication analysis, and anomaly detection techniques. This way when a script kiddie attempts to exploit your thermostat, the router detects attempt and blocks the access to the IoT device.

    1. Re:IoT is unsecurable by mlts · · Score: 1

      Some IoT devices will wind up with their own cellular antenna. This will wind up being used as a nice entry point for attackers who will be able to jump through the device to a private network, or just use it for distributed Dogecoin mining.

    2. Re:IoT is unsecurable by PopeRatzo · · Score: 1

      Don't forget, ACME smart appliances all require you to agree to letting ACME access your address book, location, browsing history and other personal information. But their website says "We take your privacy seriously".

      --
      You are welcome on my lawn.
    3. Re:IoT is unsecurable by sinij · · Score: 1

      Yes, exactly. Your privacy is more serious than the horse-meat crisis.

    4. Re:IoT is unsecurable by sinij · · Score: 1

      I am going to get rich by offering Faraday cage wallpaper!

    5. Re:IoT is unsecurable by AmiMoJo · · Score: 1

      You can create a secure base OS that runs on low cost ARM, for example, and then have a limited, sandboxed application layer. Think browser plugins - they can do a lot, have network access etc. but are executed on a virtual machine (Javascript) and with heavy sandboxing, with masses of security protections in place.

      The problem with emebedded system is that you often can't remotely update the OS, or if you can manufacturer's won't bother. You can limit the damage from exploits to things like information leaks (heartbleed style bugs) or DOS, but those are bad enough.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    6. Re:IoT is unsecurable by Anonymous Coward · · Score: 0

      I can build you devices based on 8-bit AVRs which will be highly secure. I am not sure I get the time to ever do this, because the people controlling me and the funding are first rate idiots.

      Also, if you are stupid enough to want to administer it via your iPhone or Android, then the Surveillance Thing comes into play. Government effectively does not allow secure general purpose computing devices.But if I can build a single-purpose AVR-based admin device I am quite sure the thing can be made 100% secure.

      The problem will be more than Jane McFatperson cannot enter the 32 Oktets of the symmetric cipher which I require. It must all be McConvenience these days. At least McSurveillance and their shills claim.

    7. Re:IoT is unsecurable by Anonymous Coward · · Score: 0

      What you are looking for are Rust, Swift, Sappeur, Vala.

      JavaScript lives in the Typeless Insecurity Hell. And it needs a Potentially Insecure Ginormous JIT optimizer. It really is a massive clusterfuck as compared to a Pascal Compiler which will generate quite efficient code without any optimizations. Cui Bono ? Guess yourself.

  8. Smart Products... by ememisya · · Score: 2

    We all have certain expectancies from products. Like owning what we paid for, and having the reasonable assumption that a random fishing hacker can't hack your gas oven and blow up your house. This all comes down to educated programmers. A programmer who isn't abiding by the ever evolving security standards and practices will leave your product looking like swiss cheese. Real life example being, an educated programmer will avoid SSLv3 in the first place even though it's the latest standard, and uneducated programmer will just go, version 3 is bigger than version 2, so it must be better. I personally prefer the not-so-smart toaster at my house, because one I don't have the time to reverse engineer yet another code base to analyze vulnerabilities, and the other reason being, it makes toast, I'm okay with sacrificing the ability to request a toast via my smart phone.

  9. Internet of Stupid Things by PopeRatzo · · Score: 1

    I'll be interested in the Internet of Things as soon as I can get an IPv6 address for my balls.

    --
    You are welcome on my lawn.
    1. Re:Internet of Stupid Things by Areyoukiddingme · · Score: 1

      I'll be interested in the Internet of Things as soon as I can get an IPv6 address for my balls.

      Then rejoice! Hurricane Electric will give you your own /48 for free. Just set up a box to accept and route it and you can assign an IP to every single sperm in your beloved balls.

    2. Re:Internet of Stupid Things by PopeRatzo · · Score: 1

      Then rejoice! Hurricane Electric [tunnelbroker.net] will give you your own /48 for free. Just set up a box to accept and route it and you can assign an IP to every single sperm in your beloved balls.

      Do they also make a router that looks like Scarlett Johansson? I may find this "internet of things" acceptable after all.

      --
      You are welcome on my lawn.
  10. Naming by R3d+M3rcury · · Score: 1

    This actually sounds like a good thing--namely a Secure Internet of Things. But I think that might be a large undertaking. Perhaps they should start smaller with an Internet of Secure Things.

  11. The internet-of-things is here to stay. by Alomex · · Score: 3, Interesting

    The internet-of-things is here to stay.

    To the contrary, in my experience most things that have a catchy name before they are implemented go nowhere. Multicasting, Named Data Networking, Internet of Things, OLP, Web Ontology, Neural Networks, etc. The project is more focused in sounding trending than in finding reasons why things want to access the internet (presumably so that your toaster can watch youtube videos while you are away?)

    Successful projects usually start from the other end. People first create a small iteration of the thing that proves the concept, it starts to catch up (fancy name might be created here but this is entirely optional) and one day you turn around and its taken over the world.

    1. Re:The internet-of-things is here to stay. by tompaulco · · Score: 1

      The internet-of-things is here to stay.

      To the contrary, in my experience most things that have a catchy name before they are implemented go nowhere. Multicasting, Named Data Networking, Internet of Things, OLP, Web Ontology, Neural Networks, etc. The project is more focused in sounding trending than in finding reasons why things want to access the internet (presumably so that your toaster can watch youtube videos while you are away?)

      Successful projects usually start from the other end. People first create a small iteration of the thing that proves the concept, it starts to catch up (fancy name might be created here but this is entirely optional) and one day you turn around and its taken over the world.

      On the other hand, if IoT does take off, then about 3 to 5 years after that I'm going to start a new company and sell products with the exciting label of "Not Internet Connected!", and I'll make billions.

      --
      If you are not allowed to question your government then the government has answered your question.
    2. Re:The internet-of-things is here to stay. by Anonymous Coward · · Score: 0

      No. The great push for IoT will be goverment mandated things.

      Like in Sweden, it is mandatory for everyone to give hourly reports of your electricity consumptions. The meters are installed by your electricity company. There is no going back to dumb.

  12. Color ma a skeptic, but... by WalrusSlayer · · Score: 3, Interesting

    ...from my experience with embedded engineers, the past cluster-f*cks implemented by that category of engineer (think SCADA), and the more-of-the-same coming down the pike (think "we'll just invent our own security rather than using proven solutions"), it's doomed from the start. These are guys that optimize down to the last 1/8 of a bit of RAM, the last 10Hz of processing speed, the last milliwatt of power. Given that mindset, they don't have a clue that security is a top line concern for anything that communicates with the outside world. The necessary solutions are just way outside their sense of scale.

    There is also this intrinsic mistrust of anybody else's code, which is polar opposite to the instincts required to do proper security. Of course, if you see the crap code they get force-fed from the chip vendors, and anything else that has to run in 16K of code space, it's not hard to see where the bunker mentality comes from.

    But I've peeked into that world, and I don't see it changing. That's going to be a Very Bad Thing(tm).

  13. Yeah, I bet I can do better on my own. by Anonymous Coward · · Score: 0

    I'll call it the Secure Homegrown Internet of Things! What do you all think?

  14. I've always wondered by Ol+Olsoc · · Score: 1
    Comcast has those creepy surveillance sysems where Mom at work can breathe a sigh of relief when she spys on her children when they get home from school. What is Comcast and mom's liability when say, one of her underage daughters decides to prance around the house naked?

    I had a friend back in Junior high who used to do just that - it's not uncommon. So is Mom and Comcast now disseminating kiddie pr0n?

    Fun History fact. Winston Churchill used to run around the house naked.

    --
    The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
  15. The safest strategy by argStyopa · · Score: 3, Interesting

    The safest strategy for connecting everything in your home to the internet is....don't.

    Why the fuck do you need to connect your front door lock, your coffeemaker, and your refrigerator to the internet?
    Forget to lock your door? GO BACK AND LOCK IT. People have been doing it for 1000 years and the world continues to spin.
    Don't want to get up in the morning to turn on your coffeemaker? Either a) get up and stop being a pussy or b) get one of the umpteen programmable ones, or c) just plug your damn coffeemaker into a christmas-light timer set to power up before you wake up.
    Want your refrigerator to tell you when you're almost out of milk or better still, to automagically order restocks of food? LOOK INSIDE IT. Decide what you need to buy. THEN GO TO THE STORE. You'll meet actual humans there, and interact with them. I suspect there's more actual human value to that than to the supposed minutes you'll save (so you can what, play more video games? Do some more work emails?) not doing those things.

    --
    -Styopa
    1. Re:The safest strategy by Anonymous Coward · · Score: 0

      What if you want the washer or dryer to text you when the laundry is done? Especially in apartment complexes which may share them.

    2. Re:The safest strategy by Anonymous Coward · · Score: 0

      Our college had a feature like that. It was neat in theory, but in reality no one used it because we knew how long the washer and dryer took (because they tell you how many minutes they'll take).

    3. Re:The safest strategy by Anonymous Coward · · Score: 0

      And when people forgot and left their cloths there, what happened when a washer or dryer was needed by someone else?

    4. Re:The safest strategy by Anonymous Coward · · Score: 0

      Just because things have "worked" in the past doesnt mean they shouldn't be improved. I'm sure someone's gotten late waiting for their coffee, gotten fired because they did something stupid because they didn't have their coffee and so on. I'm sure someone's gotten robbed because they had to do something important, forgot to lock the house and decided to gamble on nothing happening. I'm sure someone's forgotten to buy groceries and been incapable of restocking, meaning they went hungry that night.

      things have worked but progress is about making things work better. If humans didn't believe that on some fundamental level, we would still be hunter-gathering in caves.

  16. How About the InTRAnet of Things? by um.yup. · · Score: 0

    The debate that keeps raging is an all-or-nothing debate. To be completely wide open and give the entire Internet your fridge or live in a stone home without even a PC?

    Why not just leave things interconnected within the home without any way (physical or remote) to access out from the outside? Or if a user wants updates, include an Ethernet cable that can be easily unplugged when not updating and plugged in when updating.

    This is security + convenience at its best. :-)

    With this design the only way that the system can be cracked is if someone was in the home, I which case the homeowner would have a lot more to worry about than a cyber cracker.

    This is simple, people. Stupid simple.

    1. Re:How About the InTRAnet of Things? by tehcyder · · Score: 1
      The only vaguely plausible justificaitons I've heard for attaching your stuff to the internet is so that you can (for instance) interrogate your fridge while you're at work so you know what to buy when you go shopping on the way home, or turn off your central heating while you're five thousand miles away on holiday.

      It all seems like utter bollocks to me anyway, but a home intranet seems even more pointless unless you live in Buckingham Palace or something. (How hard is it for a normal person to walk downstairs to the kitchen to turn on a coffee machine?)

      --
      To have a right to do a thing is not at all the same as to be right in doing it
  17. Alternate realities by WaffleMonster · · Score: 2

    Internet connected toasters was supposed to be a joke highlighting the futility of perusing technological solutions to problems that don't exist.

    Now we have assistant professors at Stanford acting like politicians who quote the Onion to defend their policy positions.

  18. Fools! by Anonymous Coward · · Score: 0

    Stanford are fools for even suggesting that IoT can be secured. Moreover i think it is highly immoral for a university to propose such a profoundly stupid thing.
    I bet you tho they get a heap of funding for this.

  19. Not Smart by Anonymous Coward · · Score: 0

    It's not smart to have SMART devices that are under the control of other people or companies or government.

    Unless you have 100% control over them 100% of the time, then you should unplug them and throw them away.

  20. Go home, IoT - you're drunk by userw014 · · Score: 1

    Secure Internet of Things is going to be like Safe Drunk Driving.