Slashdot Mirror

← Back to Stories (view on slashdot.org)

A "Public Health" Approach To Internet of Things Security

Posted by timothy on from the for-heaven's-sake-don't-let-them-network dept.

New submitter StewBeans writes: Guaranteeing your personal privacy in an era when more and more devices are connecting our daily lives to the Internet is becoming increasingly difficult to do. David Bray, CIO of the FCC, emphasizes the exponential growth we are facing by comparing the Internet we know today to a beachball, and the Internet of Everything future to the Sun. Bray says unless you plan to unplug from the Internet completely, every consumer needs to assume some responsibility for the security and overall health of the Internet of Everything. He says this might look similar to public health on the consumer side — the digital equivalent of hand washing — and involve an open, opt-in model for the rapid detection of abnormal trends across global organizations and networks.

34 of 48 comments (clear)

  1. No. by Anonymous Coward · · Score: 1

    Thanks.

    IoT is a bad idea.

    Don't assign responsability to my grandmother for patching kernels using interfaces made by hardware people.

  2. I love the idea of connected devices BUT... by rtkluttz · · Score: 4, Insightful

    It will be a cold day in hell before I will accept having to authenticate to a 3rd party outside my network to access or access data that my devices generate on someone elses servers or devices. When I am able to open ports in my own firewall and access my devices and data directly without having to ask someone elses permission then internet of things will be a go for me. Until then I'll be a technically savvy luddite.

    --
    Digital is, by definition, imperfect. Analog is the way to go.
    1. Re:I love the idea of connected devices BUT... by UnknownSoldier · · Score: 2

      Exactly.

      I could see News like in this ... in 2030s:

      "An elder starved to death after his refrigerator got hammered by a DoS (Denial of Service) by hackers and was unable to open the fridge."

      or

      "Hackers are wrecking havoc with consumers as they find their refrigerator keeps turning off and are forced to re-buy all their frozen food. Local supermarkets are staying mum for fear of retaliation."

      And there is the potential of all the EF spectrum "pollution" as all these stupid IoT devices are constantly broadcasting: .. in 2070:

      "Scientists have completed a 30 year study and have found WiFi devices raise the risks of disease statistically significant."

      I'm not saying there *is* a problem, just that there -might- be one after we've had long term uses and studies involved.

    2. Re:I love the idea of connected devices BUT... by OldGoatDJ · · Score: 1

      Why do I need the 'Cloud' to handle my data? IoT should come with local network apps that keep my data on my network so I can access it. I contact my network through the apps, check/adjust the appliances, then I am done. No One else need be involved.

    3. Re:I love the idea of connected devices BUT... by mlts · · Score: 2

      I can see the future /. complaints as well:

      "I just bought a fridge, and they demand $25 a month to allow the door to be opened after 9:00 PM, and the ice maker to work 24 hours. I am just tired of watching the same ads for 5 minutes before it allows the door to be opened."

      "My doorbell won't stop playing ad jungles unless I pay $10 a month for the ad free experience."

      "Time to reboot all the light switches. Some botnet got installed and is using them for NarfCoin mining."

      "Just had my health insurance premium double when I tossed the remnants of that pizza in the nuker, and the microwave alerted my ins co to my overquota of sodium this year."

      "Just got fired from my job when my phone relayed to my employer that I was at a friend's house who posted a scathing review on one of their products."

    4. Re:I love the idea of connected devices BUT... by alhead · · Score: 1

      It sounds like you've read Ubik by P. K. Dick, or you've seen that episode of Black Mirror about the socioeconomic system based on virtual avatars. I can imagine a lot of those scenarios playing out in the not-too-distant future, but I hope that people will have the freedom to avoid products or services that cause those problems. The worst part will be when alternatives are no longer available or when participation is mandatory.

    5. Re:I love the idea of connected devices BUT... by CanadianMacFan · · Score: 1

      But then how are the manufacturers supposed to make money by mining all the data they collect from people?

    6. Re:I love the idea of connected devices BUT... by davester666 · · Score: 1

      You cheap freeloader! You didn't pay enough up front for your application/car/phone/device, for the CEO of the manufacturer to keep in hookers and coke for the rest of his life. Clearly, you need to keep paying, at least until the device is no longer able to function. And then you need to buy a new one, immediately.

      --
      Sleep your way to a whiter smile...date a dentist!
    7. Re:I love the idea of connected devices BUT... by locksmithsinscottsda · · Score: 1

      DoS (Denial of Service) is the old way to broke the door of any firewall as we know. But nowadays, many of technology open for everyone at cheap cost. Even many of hackers try to hack the door or anything with a key or something else. US Government has controlled this kind of thing with CIA Special OPs. In the world has lot of professional to control the security with high quality equipment's and they have many technology to secure the home like they will help you http://www.locksmithsinscottsd...

    8. Re:I love the idea of connected devices BUT... by sandeepbabu · · Score: 1

      ya DOS is the oldest version at that time it s a most powerfull service but now i am using locksmith service.it is a best service like DOS

  3. Public Health? by Anonymous Coward · · Score: 1

    It strikes me that this is a bit unrealistic. The largest number of devices out there are designed for consumer use to consumer standards, which I think will mean massive security holes in the interests of quick to market and lowest prices. And the people that these are marketed to will not have even the smallest chance of keeping their devices cheap or noticing that anything is out of the ordinary until it is way to late. If you want a comparison to public health, think about the likelihood of an illiterate peasant in the 14th century having the slightest chance of escaping the black death other than by sheer luck, the chances of the village priest (who might be able to read) was not any better.

  4. WTF? by Giant+Electronic+Bra · · Score: 1

    This is gibberish. lol.

    --
    "Malo periculosam, libertatem quam quietam servitutem." -- Jefferson
  5. unplug from the internet by turkeydance · · Score: 2

    with this One Weird Trick

    1. Re:unplug from the internet by alhead · · Score: 1

      Targeted advertisement marketing firms HATE THIS.

  6. Personal privacy and the Internet of Things .. by nickweller · · Score: 1

    "Guaranteeing your personal privacy in an era when more and more devices are connecting our daily lives to the Internet is becoming increasingly difficult to do"

    Waffle, how about designing 'computers' that can't be compromised by opening a malicious attachment or clicking on a malicious URL. ref

  7. Actually you can by oh_my_080980980 · · Score: 1

    it just means Facebook is fucked because it can't track your movements anymore and the NSA is fucked because your data is encrypted. Seriously, the technology does exists to protect your digital information but that would mean people couldn't spy on you and make money off you so easily.

  8. Does not match TFA by s.petry · · Score: 1

    I agree with you, but it misses the crud (my opinion) which is TFA. TFA claims that we are all responsible for being good citizens and policing the internet because IoT and such. Which is crud because it lacks a sense of reality. Bad guys do exist, and people do bad things, regardless of how the rest of society is living.

    If what TFA said was true, simply agreeing to give banks the ability to build vaults would have stopped all robberies. Countries that have outlawed guns for citizens would be completely free of gun crimes. And those are two really simple examples, human nature extends well beyond this.

    The answer is for anything on the Internet to be protected, and if it can't be protected it should not be on the Internet.

    --

    -The wise argue that there are few absolutes, the fool argues that there are no probabilities.

    1. Re:Does not match TFA by idontgno · · Score: 1

      The answer is for anything on the Internet to be protected, and if it can't be protected it should not be on the Internet.

      That's fine and good in principle. The public health equivalent would be that "anything in public is vaccinated, and if it's not vaccinated it should not be out in public."

      Until you get the anti-vaxx blowback, the hysterical screaming, authorities caving in.. and then the next sweeping pandemic.

      The internet is becoming the next public forum, and inevitably public hygiene debates will begin to apply to it.

      Frankly, I miss the old internet the way that ranchers missed the unfenced range back in the mid-late 19th Century, before the coming of all the farmers and farm towns. The lack of "civilization" wasn't so bad when it was so sparse, and everyone had to know what they were doing to just get by. And yet, we still had the occasional pandemic.

      --
      Welcome to the Panopticon. Used to be a prison, now it's your home.
    2. Re:Does not match TFA by Hognoxious · · Score: 1

      The bad guys are one thing, but in reality they aren't that much of a risk because they're pretty rare. The inconsiderate, careless, drunk, incompetent and downright stupid are more dangerous simply by sheer weight of numbers.

      --
      Confucius say, "Find worm in apple - bad. Find half a worm - worse."
  9. Better Priorities by JimSadler · · Score: 1

    Instead of all the hand wringing about future issues why not do things that really can be done right now to make life better. For example if our government announced a policy of economic punishment for any nation failing to arrest foreign hackers and turn them over to US courts we could eliminate boat loads of E-crimes against American citizens. Why should we tolerate Russia allowing pools of hackers dedicated to stealing American bank accounts or credit cards? Or how about a severe penalty for anyone not using a certain phone suffix for any call relating to sales so that we could totally shut down telemarketing. If we force the owners into bankruptcy for allowing just one call without that suffix we will kill off that industry which is 100% crooked. We won't even hear the phone ring as such companies would be electronically blocked before getting to our homes or cell phones. Of even greater importance we know that allowing coal to be used kills tens of thousands of Americans each year so how do we prioritize wrong doings when we allow the coal industry to murder hearts and lungs and poison our land and rivers? With all of these wrongs deliberately allowed to exist just how excited can I get over future issues with the net of things?

  10. every consumer needs to assume some responsibility by tlambert · · Score: 1

    "every consumer needs to assume some responsibility"

    Really? When *I* go online, yes, I have to assume some responsibility.

    I hold the "things" up to the same standard: when the "things" go online, *they* have to assume some responsibility. It's not my f***ing fault if my fridge wants to surf the web, it's the fridge's fault.

  11. Re:Consumers wont... by mlts · · Score: 3, Informative

    When the masses decided on gaming, we went from games like Origin's with new IP every few months, to games that cost ten times as much (if you factor the DLC required) and are the same IP as last year. They decided that waiting a little bit more for a relatively bug-free version of a game isn't worth it, making the game industry with its, "it compiles, ship it!" mantra the de facto standard of today.

    When the masses decided on smartphones, they went from units that had a week of battery life and had a nice slider keyboard (which was quite useful when doing SSH tasks) to error-prone tapping on a touchscreen, and battery life that doesn't last a workday. Yes, newer smartphones are so thin, they only have one side, but so much was sacrificed so that the devices can be thin, as well as run the latest version of real time rendered Chainsaw Crush at 60 FPS. It would be nice to not have as powerful a CPU in return for a phone that can easily fit in a standard pocket.

    When the masses decided on what the Internet looks like, out went newsgroups, mailing lists, Web forums, and IRC. In return, we have Facebook, and Twitter.

  12. Re:Yeah right by CanadianMacFan · · Score: 1

    Until they find a worse term for it.

  13. Re:Yeah right by Anonymous Coward · · Score: 1

    How much longer do we have to put up with this Internet of Things nonsense until it goes away?

    It's not going to go away, nor should it. The only question is whether we're going to do it RIGHT, and every screeching whiner like you decreases the chance of that.

  14. Secure devices, securely accessed by ka9dgx · · Score: 1

    When they start making devices based on Genode, and can generate a Private/Public key pair for authentication by pushing a button, and share the public pair via a local web page... I'll be interested.

    As long as these things are running some version of Linux, Windows or that ilk, they won't be secure, no matter how many updates and patches you apply vigorously.

  15. Re:Consumers wont... by c4757p · · Score: 1

    Shame about the games and phones, but...

    When the masses decided on what the Internet looks like, out went newsgroups, mailing lists, Web forums, and IRC. In return, we have Facebook, and Twitter.

    These things are at least still around. Not as big as they once were, but depending on your areas of interest some are surprisingly active still. I actually know people who still use newsgroups! In particular on IRC, I find that while the number of active users has fallen, the signal to noise ratio in many places has risen - a big chunk of the people who left were the annoying trolling kids who are now bothering people through all the newer platforms instead.

  16. wrong approach by Tom · · Score: 1

    What we need more is a base model of distrust.

    The primary design error in networking was to trust other devices. If we had designed networking from the start under the assumption of malicious intruders, we would have things like "to do anything, you need a token that proves you're allowed to do it". It would be in the protocols.

    On embedded devices, I want a networking stack that will cryptographically check all incoming packets, and at the lowest level discard them if they don't carry a valid token. Nothing gets even processed unless you are authorized to interact with the device.

    --
    Assorted stuff I do sometimes: Lemuria.org
  17. Re:Consumers wont... by Tom · · Score: 1

    When the masses decided on what the Internet looks like, out went newsgroups, mailing lists, Web forums, and IRC. In return, we have Facebook, and Twitter.

    Which have begun to add in newgroups, mailing lists, forums and chats...

    --
    Assorted stuff I do sometimes: Lemuria.org
  18. Re:every consumer needs to assume some responsibil by BVis · · Score: 1

    No, it's your fault for bringing a device into your house that has the potential to be compromised and spread misery to others without knowing enough about how to maintain its security through patches and other available upgrades. If you can't determine if that device is secure enough, don't buy it. If the manufacturers see that security is important to their customers (in other words, bad security is starting to cost them money, which is the most important thing, forget that 'quality' or 'security' shit) they will clean up their act.

    Of course, this is free-market fantasy. Idiots will keep buying the shiny without any understanding of the implications. But I disagree that you're totally not at fault or not responsible for keeping your shit up-to-date with patches etc. If you turn off Windows Update, and you get infected with malware, guess what? You're partially at fault for disabling the manufacturer's provided security.

    --
    Never underestimate the power of stupid people in large groups.
  19. Re:Consumers wont... by kilfarsnar · · Score: 1

    When the masses decided on gaming, we went from games like Origin's with new IP every few months, to games that cost ten times as much (if you factor the DLC required) and are the same IP as last year. They decided that waiting a little bit more for a relatively bug-free version of a game isn't worth it, making the game industry with its, "it compiles, ship it!" mantra the de facto standard of today.

    Maybe. I think the masses eat what they're fed. The above came about because game publishers wanted a revenue stream. It's like software licensing today. It's all subscriptions because software has outstripped its usefulness (Microsoft Office was a finished product 10 years ago) and companies are rent seeking to keep the money rolling in.

    --
    "What the American public doesn't know is what makes them the American public." -Ray Zalinsky (Tommy Boy)
  20. Re:every consumer needs to assume some responsibil by tlambert · · Score: 1

    So basically I'm responsible, because I didn't write the firmware, and instead it was written by an idiot? Like someone who runs Windows, and is therefore able to turn off Windows Update because it exists in the first place, and could be the very channel which, by means of DNS cache poisoning and/or router compromise and/or BGP poisoning, was the means to infect the thing in the first place?

    How about we hold the idiot who thought giving the fridge a routable address via NAT off the local network in the first place, so that they could market specific brands of milk via coupons sent to me when I'm running low on milk, was a good idea, responsible instead?

  21. Re:every consumer needs to assume some responsibil by BVis · · Score: 1

    You are responsible for what you can do. Of course you're not responsible for the firmware, but you have a responsibility to update it if it needs it. Balance the benefits WU gives you versus the risk in shutting it off for the average mouth breather; you can't save everyone but the chance of a compromise through WU is much lower than the risk of running an un-patched Windows machine. Leaving WU in its default state is the responsible thing to do, and that's the kind of responsibility I'm talking about. I don't expect the average consumer to be able to find and patch zero-days, but I DO expect them to know enough to not click on "punch the monkey" ads on the web, to know enough to install an anti-malware program, to know enough not to open attachments from people you don't know, to not run pirated software downloaded from some site in Elbonia, and to generally not be a fucking idiot. This is a perfectly reasonable set of expectations. The people who cause issues for others are the ones who don't do all that, who click on every banner ad in sight like a crack-addicted monkey hitting a lever, who send money to Nigerian princes, and are generally stupid enough to make people wonder how they tie their shoes. These are also the people who buy the shiny without knowing anything about how it works.

    And how about not buying the fucking fridge if that's the way you feel about it? Nobody's got a gun to your head (that I know about, anyway)

    --
    Never underestimate the power of stupid people in large groups.
  22. Responsibility? by Agripa · · Score: 1

    Bray says unless you plan to unplug from the Internet completely, every consumer needs to assume some responsibility for the security and overall health of the Internet of Everything.

    This is not going to be reasonable or even possible when devices are using obfuscated or poorly documented protocols which is becoming more prevalent. The best that the consumer will be able to do is isolate every device from every other (with a VLAN switch or equivalent) and block all incoming connections.

    For example with Windows 10 or Windows 7 and later with various updates, how is the consumer to know via traffic inspection what is normal expected traffic and what is not? Even if you shut off all of the privacy destroying features, Windows still generates traffic. How do you distinguish this traffic from other malicious traffic?

  23. Thanks for the useful article by DOCTOR+LOVE10 · · Score: 1

    Thanks for the useful article. Despite the fact that there are many new blogs and many other internet projects launched every day I believe that the blog created now may be promoted and made popular. In order to become an expert in the niche and attract people you need to learn and grow constantly. People want to read bloggers who are developing to grow with them. http://www.cutelovestories.net...