Slashdot Mirror

← Back to Stories (view on slashdot.org)

A "Public Health" Approach To Internet of Things Security

Posted by timothy on from the for-heaven's-sake-don't-let-them-network dept.

New submitter StewBeans writes: Guaranteeing your personal privacy in an era when more and more devices are connecting our daily lives to the Internet is becoming increasingly difficult to do. David Bray, CIO of the FCC, emphasizes the exponential growth we are facing by comparing the Internet we know today to a beachball, and the Internet of Everything future to the Sun. Bray says unless you plan to unplug from the Internet completely, every consumer needs to assume some responsibility for the security and overall health of the Internet of Everything. He says this might look similar to public health on the consumer side — the digital equivalent of hand washing — and involve an open, opt-in model for the rapid detection of abnormal trends across global organizations and networks.

48 comments

  1. No. by Anonymous Coward · · Score: 1

    Thanks.

    IoT is a bad idea.

    Don't assign responsability to my grandmother for patching kernels using interfaces made by hardware people.

  2. I love the idea of connected devices BUT... by rtkluttz · · Score: 4, Insightful

    It will be a cold day in hell before I will accept having to authenticate to a 3rd party outside my network to access or access data that my devices generate on someone elses servers or devices. When I am able to open ports in my own firewall and access my devices and data directly without having to ask someone elses permission then internet of things will be a go for me. Until then I'll be a technically savvy luddite.

    --
    Digital is, by definition, imperfect. Analog is the way to go.
    1. Re:I love the idea of connected devices BUT... by UnknownSoldier · · Score: 2

      Exactly.

      I could see News like in this ... in 2030s:

      "An elder starved to death after his refrigerator got hammered by a DoS (Denial of Service) by hackers and was unable to open the fridge."

      or

      "Hackers are wrecking havoc with consumers as they find their refrigerator keeps turning off and are forced to re-buy all their frozen food. Local supermarkets are staying mum for fear of retaliation."

      And there is the potential of all the EF spectrum "pollution" as all these stupid IoT devices are constantly broadcasting: .. in 2070:

      "Scientists have completed a 30 year study and have found WiFi devices raise the risks of disease statistically significant."

      I'm not saying there *is* a problem, just that there -might- be one after we've had long term uses and studies involved.

    2. Re:I love the idea of connected devices BUT... by OldGoatDJ · · Score: 1

      Why do I need the 'Cloud' to handle my data? IoT should come with local network apps that keep my data on my network so I can access it. I contact my network through the apps, check/adjust the appliances, then I am done. No One else need be involved.

    3. Re:I love the idea of connected devices BUT... by Anonymous Coward · · Score: 0

      That's ok, if you use Windows 10, the washing machine will just add you to it's friends list and take care of everything else on it's own.

    4. Re:I love the idea of connected devices BUT... by mlts · · Score: 2

      I can see the future /. complaints as well:

      "I just bought a fridge, and they demand $25 a month to allow the door to be opened after 9:00 PM, and the ice maker to work 24 hours. I am just tired of watching the same ads for 5 minutes before it allows the door to be opened."

      "My doorbell won't stop playing ad jungles unless I pay $10 a month for the ad free experience."

      "Time to reboot all the light switches. Some botnet got installed and is using them for NarfCoin mining."

      "Just had my health insurance premium double when I tossed the remnants of that pizza in the nuker, and the microwave alerted my ins co to my overquota of sodium this year."

      "Just got fired from my job when my phone relayed to my employer that I was at a friend's house who posted a scathing review on one of their products."

    5. Re:I love the idea of connected devices BUT... by alhead · · Score: 1

      It sounds like you've read Ubik by P. K. Dick, or you've seen that episode of Black Mirror about the socioeconomic system based on virtual avatars. I can imagine a lot of those scenarios playing out in the not-too-distant future, but I hope that people will have the freedom to avoid products or services that cause those problems. The worst part will be when alternatives are no longer available or when participation is mandatory.

    6. Re:I love the idea of connected devices BUT... by CanadianMacFan · · Score: 1

      But then how are the manufacturers supposed to make money by mining all the data they collect from people?

    7. Re:I love the idea of connected devices BUT... by Anonymous Coward · · Score: 0

      The only safe IoT is abstinence.

    8. Re:I love the idea of connected devices BUT... by davester666 · · Score: 1

      You cheap freeloader! You didn't pay enough up front for your application/car/phone/device, for the CEO of the manufacturer to keep in hookers and coke for the rest of his life. Clearly, you need to keep paying, at least until the device is no longer able to function. And then you need to buy a new one, immediately.

      --
      Sleep your way to a whiter smile...date a dentist!
    9. Re:I love the idea of connected devices BUT... by Anonymous Coward · · Score: 0

      I did not pay my carbon tax so my car won't start...

    10. Re:I love the idea of connected devices BUT... by locksmithsinscottsda · · Score: 1

      DoS (Denial of Service) is the old way to broke the door of any firewall as we know. But nowadays, many of technology open for everyone at cheap cost. Even many of hackers try to hack the door or anything with a key or something else. US Government has controlled this kind of thing with CIA Special OPs. In the world has lot of professional to control the security with high quality equipment's and they have many technology to secure the home like they will help you http://www.locksmithsinscottsd...

    11. Re:I love the idea of connected devices BUT... by sandeepbabu · · Score: 1

      ya DOS is the oldest version at that time it s a most powerfull service but now i am using locksmith service.it is a best service like DOS

  3. Consumers wont... by Anonymous Coward · · Score: 0

    .... do shit because they vast majority of consumers are stupid tech illiterate fucks.

    Don't think so? Look at what happened to videogames when we allowed "the consumers to decide", the vast a majority of videogamers voted for locked down server back ended games totally corporate controlled because they had to get their fix.

    The idea we should trust people to 'vote with their wallet' is fucking stupid, the vast majority of humanity is at chimp level intelligence and behavior when it comes to technology. Just look at facebook for instance. Facebook is basically signing over your data to the NSA and the powers that be thank you for being so stupid.

    The human mind didn't evolve for these large complex societies so we shouldn't expect human beings to behave in any kind of intelligent or rational way.

    1. Re:Consumers wont... by mlts · · Score: 3, Informative

      When the masses decided on gaming, we went from games like Origin's with new IP every few months, to games that cost ten times as much (if you factor the DLC required) and are the same IP as last year. They decided that waiting a little bit more for a relatively bug-free version of a game isn't worth it, making the game industry with its, "it compiles, ship it!" mantra the de facto standard of today.

      When the masses decided on smartphones, they went from units that had a week of battery life and had a nice slider keyboard (which was quite useful when doing SSH tasks) to error-prone tapping on a touchscreen, and battery life that doesn't last a workday. Yes, newer smartphones are so thin, they only have one side, but so much was sacrificed so that the devices can be thin, as well as run the latest version of real time rendered Chainsaw Crush at 60 FPS. It would be nice to not have as powerful a CPU in return for a phone that can easily fit in a standard pocket.

      When the masses decided on what the Internet looks like, out went newsgroups, mailing lists, Web forums, and IRC. In return, we have Facebook, and Twitter.

    2. Re:Consumers wont... by c4757p · · Score: 1

      Shame about the games and phones, but...

      When the masses decided on what the Internet looks like, out went newsgroups, mailing lists, Web forums, and IRC. In return, we have Facebook, and Twitter.

      These things are at least still around. Not as big as they once were, but depending on your areas of interest some are surprisingly active still. I actually know people who still use newsgroups! In particular on IRC, I find that while the number of active users has fallen, the signal to noise ratio in many places has risen - a big chunk of the people who left were the annoying trolling kids who are now bothering people through all the newer platforms instead.

    3. Re:Consumers wont... by Tom · · Score: 1

      When the masses decided on what the Internet looks like, out went newsgroups, mailing lists, Web forums, and IRC. In return, we have Facebook, and Twitter.

      Which have begun to add in newgroups, mailing lists, forums and chats...

      --
      Assorted stuff I do sometimes: Lemuria.org
    4. Re:Consumers wont... by kilfarsnar · · Score: 1

      When the masses decided on gaming, we went from games like Origin's with new IP every few months, to games that cost ten times as much (if you factor the DLC required) and are the same IP as last year. They decided that waiting a little bit more for a relatively bug-free version of a game isn't worth it, making the game industry with its, "it compiles, ship it!" mantra the de facto standard of today.

      Maybe. I think the masses eat what they're fed. The above came about because game publishers wanted a revenue stream. It's like software licensing today. It's all subscriptions because software has outstripped its usefulness (Microsoft Office was a finished product 10 years ago) and companies are rent seeking to keep the money rolling in.

      --
      "What the American public doesn't know is what makes them the American public." -Ray Zalinsky (Tommy Boy)
  4. So what you're saying is... by Anonymous Coward · · Score: 0

    every consumer needs to assume some responsibility for the security and overall health of the Internet of Everything

    ...we're doomed.

  5. Public Health? by Anonymous Coward · · Score: 1

    It strikes me that this is a bit unrealistic. The largest number of devices out there are designed for consumer use to consumer standards, which I think will mean massive security holes in the interests of quick to market and lowest prices. And the people that these are marketed to will not have even the smallest chance of keeping their devices cheap or noticing that anything is out of the ordinary until it is way to late. If you want a comparison to public health, think about the likelihood of an illiterate peasant in the 14th century having the slightest chance of escaping the black death other than by sheer luck, the chances of the village priest (who might be able to read) was not any better.

  6. WTF? by Giant+Electronic+Bra · · Score: 1

    This is gibberish. lol.

    --
    "Malo periculosam, libertatem quam quietam servitutem." -- Jefferson
  7. unplug from the internet by turkeydance · · Score: 2

    with this One Weird Trick

    1. Re:unplug from the internet by alhead · · Score: 1

      Targeted advertisement marketing firms HATE THIS.

  8. Rely on everyone else? by Anonymous Coward · · Score: 0

    He says this might look similar to public health on the consumer side — the digital equivalent of hand washing

    I'm pretty good about handwashing and personal hygiene. And it protects a lot of others.

    But I live in a world of pigs, and I can't wash after everything I touch, so I ended up with (almost recovered now) ass-vomiting many times a day for the last few days.

    Transfer that over to the IoT, and it won't be my practices that screw me over, it will be someone else that screws me over.

    Like driving, it doesn't matter how safe a driver you are, if you drive on the same road with a bunch of dimwits texting on their phones barreling down the highway at you.

  9. Personal privacy and the Internet of Things .. by nickweller · · Score: 1

    "Guaranteeing your personal privacy in an era when more and more devices are connecting our daily lives to the Internet is becoming increasingly difficult to do"

    Waffle, how about designing 'computers' that can't be compromised by opening a malicious attachment or clicking on a malicious URL. ref

  10. Really?! by Anonymous Coward · · Score: 0

    " every consumer needs to assume some responsibility for the security and overall health of the Internet of Everything." Consumers are trying to take some responsibility but when the consumer's own government does everything in their power to weaken encryption and other secure forms of communication over the internet what are consumers supposed to do. The government should be taking an active role in defining regulations and laws that help consumers remain "safe" on the internet, that includes the FCC. But that just isn't happening. So I say, reject the internet of things. Just don't buy into it.

    1. Re:Really?! by Anonymous Coward · · Score: 0

      The problem is far deeper than just adding stronger encryption.

      And rejecting the internet of things may not be easy to do a few years from now, when it becomes difficult to buy things that do not have connectivity built-in that cannot be disabled. After, look at Windows10 today...

  11. My responsbility? by Anonymous Coward · · Score: 0

    Then your shit aint being bought nor coming in to my home!

  12. Actually you can by oh_my_080980980 · · Score: 1

    it just means Facebook is fucked because it can't track your movements anymore and the NSA is fucked because your data is encrypted. Seriously, the technology does exists to protect your digital information but that would mean people couldn't spy on you and make money off you so easily.

  13. Does not match TFA by s.petry · · Score: 1

    I agree with you, but it misses the crud (my opinion) which is TFA. TFA claims that we are all responsible for being good citizens and policing the internet because IoT and such. Which is crud because it lacks a sense of reality. Bad guys do exist, and people do bad things, regardless of how the rest of society is living.

    If what TFA said was true, simply agreeing to give banks the ability to build vaults would have stopped all robberies. Countries that have outlawed guns for citizens would be completely free of gun crimes. And those are two really simple examples, human nature extends well beyond this.

    The answer is for anything on the Internet to be protected, and if it can't be protected it should not be on the Internet.

    --

    -The wise argue that there are few absolutes, the fool argues that there are no probabilities.

    1. Re:Does not match TFA by idontgno · · Score: 1

      The answer is for anything on the Internet to be protected, and if it can't be protected it should not be on the Internet.

      That's fine and good in principle. The public health equivalent would be that "anything in public is vaccinated, and if it's not vaccinated it should not be out in public."

      Until you get the anti-vaxx blowback, the hysterical screaming, authorities caving in.. and then the next sweeping pandemic.

      The internet is becoming the next public forum, and inevitably public hygiene debates will begin to apply to it.

      Frankly, I miss the old internet the way that ranchers missed the unfenced range back in the mid-late 19th Century, before the coming of all the farmers and farm towns. The lack of "civilization" wasn't so bad when it was so sparse, and everyone had to know what they were doing to just get by. And yet, we still had the occasional pandemic.

      --
      Welcome to the Panopticon. Used to be a prison, now it's your home.
    2. Re:Does not match TFA by Hognoxious · · Score: 1

      The bad guys are one thing, but in reality they aren't that much of a risk because they're pretty rare. The inconsiderate, careless, drunk, incompetent and downright stupid are more dangerous simply by sheer weight of numbers.

      --
      Confucius say, "Find worm in apple - bad. Find half a worm - worse."
  14. Better Priorities by JimSadler · · Score: 1

    Instead of all the hand wringing about future issues why not do things that really can be done right now to make life better. For example if our government announced a policy of economic punishment for any nation failing to arrest foreign hackers and turn them over to US courts we could eliminate boat loads of E-crimes against American citizens. Why should we tolerate Russia allowing pools of hackers dedicated to stealing American bank accounts or credit cards? Or how about a severe penalty for anyone not using a certain phone suffix for any call relating to sales so that we could totally shut down telemarketing. If we force the owners into bankruptcy for allowing just one call without that suffix we will kill off that industry which is 100% crooked. We won't even hear the phone ring as such companies would be electronically blocked before getting to our homes or cell phones. Of even greater importance we know that allowing coal to be used kills tens of thousands of Americans each year so how do we prioritize wrong doings when we allow the coal industry to murder hearts and lungs and poison our land and rivers? With all of these wrongs deliberately allowed to exist just how excited can I get over future issues with the net of things?

    1. Re:Better Priorities by Anonymous Coward · · Score: 0

      Why? Because we'd cut ourselves off from China and we don't want to do that right now. Wait until their economic crisis expands into a political one and then we can dictate terms.

  15. Yeah right by Mantrid42 · · Score: 0

    Good fucking luck.

    How much longer do we have to put up with this Internet of Things nonsense until it goes away?

    1. Re:Yeah right by CanadianMacFan · · Score: 1

      Until they find a worse term for it.

    2. Re:Yeah right by Anonymous Coward · · Score: 1

      How much longer do we have to put up with this Internet of Things nonsense until it goes away?

      It's not going to go away, nor should it. The only question is whether we're going to do it RIGHT, and every screeching whiner like you decreases the chance of that.

  16. every consumer needs to assume some responsibility by tlambert · · Score: 1

    "every consumer needs to assume some responsibility"

    Really? When *I* go online, yes, I have to assume some responsibility.

    I hold the "things" up to the same standard: when the "things" go online, *they* have to assume some responsibility. It's not my f***ing fault if my fridge wants to surf the web, it's the fridge's fault.

  17. New Product Category by Anonymous Coward · · Score: 0

    IoT creates a new market for the anti-virus and other security providers, namely the market of "IoT router" anti-virus, intrusion detection, network segmentation, isolation and management "solutions."

  18. not hard to understand by Anonymous Coward · · Score: 0

    " and involve an open, opt-in model for the rapid detection of abnormal trends across global organizations and networks."

    We need access to EVERYTHING EVERYWHERE. Poor guys must feel left out of the Three Letter Agency club, the premier members get all the fun stuff.

  19. Secure devices, securely accessed by ka9dgx · · Score: 1

    When they start making devices based on Genode, and can generate a Private/Public key pair for authentication by pushing a button, and share the public pair via a local web page... I'll be interested.

    As long as these things are running some version of Linux, Windows or that ilk, they won't be secure, no matter how many updates and patches you apply vigorously.

  20. wrong approach by Tom · · Score: 1

    What we need more is a base model of distrust.

    The primary design error in networking was to trust other devices. If we had designed networking from the start under the assumption of malicious intruders, we would have things like "to do anything, you need a token that proves you're allowed to do it". It would be in the protocols.

    On embedded devices, I want a networking stack that will cryptographically check all incoming packets, and at the lowest level discard them if they don't carry a valid token. Nothing gets even processed unless you are authorized to interact with the device.

    --
    Assorted stuff I do sometimes: Lemuria.org
  21. Re:every consumer needs to assume some responsibil by BVis · · Score: 1

    No, it's your fault for bringing a device into your house that has the potential to be compromised and spread misery to others without knowing enough about how to maintain its security through patches and other available upgrades. If you can't determine if that device is secure enough, don't buy it. If the manufacturers see that security is important to their customers (in other words, bad security is starting to cost them money, which is the most important thing, forget that 'quality' or 'security' shit) they will clean up their act.

    Of course, this is free-market fantasy. Idiots will keep buying the shiny without any understanding of the implications. But I disagree that you're totally not at fault or not responsible for keeping your shit up-to-date with patches etc. If you turn off Windows Update, and you get infected with malware, guess what? You're partially at fault for disabling the manufacturer's provided security.

    --
    Never underestimate the power of stupid people in large groups.
  22. Re:every consumer needs to assume some responsibil by tlambert · · Score: 1

    So basically I'm responsible, because I didn't write the firmware, and instead it was written by an idiot? Like someone who runs Windows, and is therefore able to turn off Windows Update because it exists in the first place, and could be the very channel which, by means of DNS cache poisoning and/or router compromise and/or BGP poisoning, was the means to infect the thing in the first place?

    How about we hold the idiot who thought giving the fridge a routable address via NAT off the local network in the first place, so that they could market specific brands of milk via coupons sent to me when I'm running low on milk, was a good idea, responsible instead?

  23. Re:every consumer needs to assume some responsibil by BVis · · Score: 1

    You are responsible for what you can do. Of course you're not responsible for the firmware, but you have a responsibility to update it if it needs it. Balance the benefits WU gives you versus the risk in shutting it off for the average mouth breather; you can't save everyone but the chance of a compromise through WU is much lower than the risk of running an un-patched Windows machine. Leaving WU in its default state is the responsible thing to do, and that's the kind of responsibility I'm talking about. I don't expect the average consumer to be able to find and patch zero-days, but I DO expect them to know enough to not click on "punch the monkey" ads on the web, to know enough to install an anti-malware program, to know enough not to open attachments from people you don't know, to not run pirated software downloaded from some site in Elbonia, and to generally not be a fucking idiot. This is a perfectly reasonable set of expectations. The people who cause issues for others are the ones who don't do all that, who click on every banner ad in sight like a crack-addicted monkey hitting a lever, who send money to Nigerian princes, and are generally stupid enough to make people wonder how they tie their shoes. These are also the people who buy the shiny without knowing anything about how it works.

    And how about not buying the fucking fridge if that's the way you feel about it? Nobody's got a gun to your head (that I know about, anyway)

    --
    Never underestimate the power of stupid people in large groups.
  24. Responsibility? by Agripa · · Score: 1

    Bray says unless you plan to unplug from the Internet completely, every consumer needs to assume some responsibility for the security and overall health of the Internet of Everything.

    This is not going to be reasonable or even possible when devices are using obfuscated or poorly documented protocols which is becoming more prevalent. The best that the consumer will be able to do is isolate every device from every other (with a VLAN switch or equivalent) and block all incoming connections.

    For example with Windows 10 or Windows 7 and later with various updates, how is the consumer to know via traffic inspection what is normal expected traffic and what is not? Even if you shut off all of the privacy destroying features, Windows still generates traffic. How do you distinguish this traffic from other malicious traffic?

  25. Thanks for the useful article by DOCTOR+LOVE10 · · Score: 1

    Thanks for the useful article. Despite the fact that there are many new blogs and many other internet projects launched every day I believe that the blog created now may be promoted and made popular. In order to become an expert in the niche and attract people you need to learn and grow constantly. People want to read bloggers who are developing to grow with them. http://www.cutelovestories.net...