Slashdot Mirror

← Back to Stories (view on slashdot.org)

IoT Devices Are Secretly Phoning Home (thenewstack.io)

Posted by BeauHD on from the fear-the-internet dept.

An anonymous reader writes: A popular internet-enabled security camera "secretly and constantly connects into a vast peer-to-peer network run by the Chinese manufacturer of the hardware," according to security blogger Brian Krebs. While the device is not necessarily sharing video from your camera, it is punching through firewalls to connect with other devices. Even if the user discovers it, it's still extremely hard to turn off. Krebs notes that the same behavior has been detected in DVRs and smart plugs -- they're secretly connecting to the same IP address in China, apparently without any mention of this in the product's packaging. One security researcher told Krebs the behavior is an "insanely bad idea," and that it opens an attack vector into home networks.

10 of 196 comments (clear)

  1. it's not a secret by turkeydance · · Score: 3, Insightful

    c'mon, man. they're all doing it. damn you ET.

  2. If don't have the source you don't own the device. by Anonymous Coward · · Score: 4, Insightful

    It's really simple. It's separate from source code quality. If you have proprietary software running free on your device then you don't own the device, whoever set up the software owns it. Windows phones home because it's working for Microsoft. Your IOT devices phone home because they are working for a Chinese company. Your Android phone phones home because it's working for Samsung and your mobile operator. This is not different and it's not complicated.

  3. IoT devices by ickleberry · · Score: 3, Insightful

    These used to be just IP Cameras, they have been around for years, but now they are suddenly being called IoT devices. I wish this I(di)oT fad would die off and people would just call a spade a spade (or even an IP Spade)

  4. Reasons why I don't like the Internet of Things. by Anonymous Coward · · Score: 5, Insightful

    Here's a list of reasons why I don't like the Internet of Things:

    1) Internet of Things devices could watch me while I sleep.

    2) Internet of Things devices could watch me while I pee.

    3) Internet of Things devices could watch me while I make kaka.

    4) Internet of Things devices could watch me while I pleasure myself.

    5) Internet of Things devices could watch me while I wash my body in the shower.

    6) Internet of Things devices could watch me while I relax in the tub.

    7) Internet of Things devices could watch me while I brush my teeth.

    8) Internet of Things devices could watch me while I make passionate love to my wife.

    9) Internet of Things devices could watch me while I brush my hair.

    10) Internet of Things devices could watch me while I read a book.

    11) Internet of Things devices could watch me while I read Slashdot.

    12) Internet of Things devices could watch me while I bake cake.

    13) Internet of Things devices could watch me while I put in my contact lenses.

    14) Internet of Things devices could watch me while I get ready to play golf.

    15) Internet of Things devices could watch me while I do my laundry.

    16) Internet of Things devices could watch me while I think about rugby.

    17) Internet of Things devices could watch me while I tie my shoes.

    18) Internet of Things devices could watch me while I celebrate the 4th of July.

    19) Internet of Things devices could watch me while I water my flowers.

    20) Internet of Things devices could watch me while I eat ham.

    21) Internet of Things devices could watch me while I use my stapler to staple documents.

    22) Internet of Things devices could watch me while I chew bubble gum.

    23) Internet of Things devices could watch me while I check the oil in my car.

    24) Internet of Things devices could watch me while I look for my TV remote.

    25) Internet of Things devices could watch me while I blow my nose.

    26) Internet of Things devices could watch me while I rearrange my stamp collection.

    27) Internet of Things devices could watch me while I listen to the Backstreet Boys.

    28) Internet of Things devices could watch me while I do my calisthenics.

    29) Internet of Things devices could watch me while I search for a paper clip.

    30) Internet of Things devices could send information about me to advertisers.

    31) Internet of Things devices could let advertisers use the data unsuspectingly collected about me while I sleep.

    32) Internet of Things devices could let advertisers use the data unsuspectingly collected about me while I pee.

    33) Internet of Things devices could let advertisers use the data unsuspectingly collected about me while I make kaka.

    34) Internet of Things devices could let advertisers use the data unsuspectingly collected about me while I pleasure myself.

    35) Internet of Things devices could let advertisers use the data unsuspectingly collected about me while I wash my body in the shower.

    36) Internet of Things devices could let advertisers use the data unsuspectingly collected about me while I relax in the tub.

    37) Internet of Things devices could let advertisers use the data unsuspectingly collected about me while I brush my teeth.

    38) Internet of Things devices could let advertisers use the data unsuspectingly collected about me while I make passionate love to my wife.

    39) Internet of Things devices could let advertisers use the data unsuspectingly collected about me while I brush my hair.

    40) Internet of Things devices could let advertisers use the data unsuspectingly collected about me while I read a book.

    41) Internet of Things devices could let advertisers use the data unsuspectingly collected about me while I read Slashdot.

    42) Internet of Things devices could let advertisers use the data unsuspectingly collected about me while I bake cake.

    43) Internet of Things devices could let advertisers use the data unsuspectingly coll

  5. Insanely bad idea? by gstoddart · · Score: 4, Insightful

    the behavior is an "insanely bad idea," and that it opens an attack vector into home networks

    I'm sorry, but based on what we've been seeing, so far the entire Internet of Things is an insanely bad idea ... shoddy security by incompetent idiots who want more analytics data and ad revenue, and don't give a crap about your security.

    Fuck that, I want my toaster connected to the internet why again?

    That this is happening should no longer come as a surprise to anybody who has paid even the smallest amount of attention to how much of a mess the IoT is.

    --
    Lost at C:>. Found at C.
    1. Re:Insanely bad idea? by WaffleMonster · · Score: 1, Insightful

      Fuck that, I want my toaster connected to the internet why again?

      You don't.
      No one does.
      And the fact that you think IoT = toaster connected to the internet shows how little you understand of the concept.

      So what exactly is the point of IoT in consumer space? I've been trying to figure it out for a while and honestly have no idea.

      Or maybe you are just picking a useless edge case to try and make an anti-IoT point.

      Trade rags seem unable to communicate a coherent value proposition other than data collection and ads. Always fridges, light bulbs, thermostats and similarly useless crap.

      I go to browse the "connected home" section at my local electronics store and all I see are overpriced worthless gadgets not so dissimilar in value to an Internet connected toaster.

      So what exactly is the point? What don't I understand?

      In non consumer contexts "IoT" is fundamentally equivalent to 20+ year old "sensor network" meme that brought us SLAAC in IPv6.

    2. Re:Insanely bad idea? by thegarbz · · Score: 2, Insightful

      So what exactly is the point of IoT in consumer space?

      For most products it's the same as it is in the commercial space. The only difference is that assets under monitor and control are physical things you own rather than a mix of customer connected monitoring devices ala "sensor network".

      Ultimately "sensor network" is it. Data aggregation of your life and monitoring of your things is the goal of IoT. (Though admittedly many corporations believe that "them monitoring you" is what it's all about and that is just fucking with an otherwise good concept).
      Examples from my house:
      - Trends from the temperature in my apartment show I had the heater turned on a good hour before I got home from work. But in the week the heater was off I realised I spent that hour leeching heat from the neighbours anyway and while it normally took an hour to get the apartment up to temperature on a week day at 4pm I could do it in 15min.
      - Trends from my water meter shows a leaking pipe under ground costing me money I would likely have not noticed before something actually got damaged.
      - Trends from my power meter showed my fridge was set to the wrong temperature after a power outage. I could see that due to the duty cycle changing.
      - Video monitoring of my old house showed that it wasn't the cat stealing food at night, it was a possum.

      If none of this sounds like a new concept, it isn't. IoT is nothing more than the sensor networks discussed 20 years ago... around about the same time as we were discussion the damn internet connected toaster.

      In the commercial space it is far more important but ultimately the same. Microsoft + ThyssenKrupp have a great presentation they like to show of how they used some IoT hardware and Azure's management platform to pro-actively predict failures of elevators. All the additional data they've gathered means they not only predict failures, but can accurately schedule maintenance for hours where the elevator are shown to be used the least.

      IoT is a shitty name for something otherwise quite good and useful.
      IoT is a great concept that unfortunately some companies are shitting on by collecting and selling your data to 3rd parties.

  6. Re: No need to phone home. by guruevi · · Score: 3, Insightful

    You're describing Bonjour/mDNS and yes it works within LANs but not if you want to connect from outside your network. People want convenience, punching a hole in your firewall is a "lot of work" and sometimes impossible depending on your configuration.

    And yes, anyone with the information could possibly have your camera talking to them but most people don't care or refuse to understand the issue. Whether it's China or the NSA, as long as people have "bread and circuses" they'll be fine.

    --
    Custom electronics and digital signage for your business: www.evcircuits.com
  7. Start to fix this ... by Alain+Williams · · Score: 1, Insightful

    with legislation: (a) that this must be documented (what, where to, ...) and (b) how to switch it off. However that will not happen: (1) most of the legislators do not understand the problem; (2) those that do realise that this would stop $OurCountry products from doing this at the behest of GCHQ/NSA/... So it shall be ignored.

    There might be some movement when some government high ups are, through one of these, exposed: in bed with a hooker; snorting white powder; accepting money\Wcampaign-contributions from a known crook; ... although I suspect that it will be easier to sue/bribe the media than fix the problem.

  8. Re: Not new by nehumanuscrede · · Score: 4, Insightful

    Easy for the typical /. reader perhaps, not so much for your everyday consumer. Go ask random folks what a Vlan is and you'll understand pretty quickly.

    The typical user isn't even aware of the possibility of this sort of thing.