The Internet of Things Is a Surveillance Nightmare

An anonymous reader writes from a DailyDot's Kernel Mag article: Welcome to the Internet of Things, what Schneier calls "the World Size Web," already growing around you as we speak, which creates such a complete picture of our lives that Dr. Richard Tynan of Privacy International calls them "doppelgangers" -- mirror images of ourselves built on constantly updated data. These doppelgangers live in the cloud, where they can easily be interrogated by intelligence agencies. Nicholas Weaver, a security researcher at University of California, Berkeley, points out that "Under the FISA Amendments Act 702 (aka PRISM), the NSA can directly ask Google for any data collected on a valid foreign intelligence target through Google's Nest service, including a Nest Cam." And that's just one, legal way of questioning your digital doppelgangers; we've all heard enough stories about hacked cloud storage to be wary of trusting our entire lives to it. [...] But with the IoT, the potential goes beyond simple espionage, into outright sabotage. Imagine an enemy that can remotely disable the brakes in your car, or (even more subtly) give you food poisoning by hacking your fridge. That's a new kind of power. "The surveillance, the interference, the manipulation the full life cycle is the ultimate nightmare," says Tynan. [...] That makes the IoT vulnerable -- our society vulnerable -- to any criminal with a weekend to spend learning how to hack. "When we talk about vulnerabilities in computers... people are using a lot of rhetoric in the abstract," says Privacy International's Tynan. "What we really mean is, vulnerable to somebody. That somebody you're vulnerable to is the real question." The state of security around IoT, the chip or sensor-equipped devices connected to each other over the Internet, is deeply concerning. Just in the past few months, we have seen several instances of these devices getting hacked. We have also seen things such as Shodan, a search engine for the Internet of Things that can allow someone to browse vulnerable webcams. Many people continue to overlook the significance and potential consequences of their "smart" devices getting compromised. Someone recently asked, "So what if my coffee maker gets hacked? What are criminals going to do? Burn my coffee?" They can do a lot more than burn your coffee. You see these devices are connected to your Wi-Fi network, which gives them the ability to interact with other gadgets connected to the same network. When attackers manage to access one of these devices, it's only a matter of time before they own your entire network.

Too late

The convenience is worth the risk. The dumb-ass majority has spoken.

Re:Too late

[NatasRevol]

Fair point. But did they have any other options?

Are there secure IoTs?

Maybe, just maybe, the developers/manufacturers are at some fault.

Re:Too late

[Penguinisto]

Fair point. But did they have any other options?

Actually, as consumers, they (mostly) do have options - lots of them.

In my case, I avoid the whole IoT thing like it were some virulent form of radioactive space herpes. It's not out of paranoia, but because my rural Satellite ISP has a bandwidth cap during most of any given 24-hour cycle. This means not bothering with the cute little automated/networked thermometers, televisions, refrigerators, etc...

To be honest, I don't see much value in them anyway - at least not at this time; I'm perfectly capable of setting a thermostat (or throwing another log into the wood stove), and keeping a mental inventory of what's in my refrigerator. There are promising technologies/devices out (e.g. the Amazon Echo thingy), but in all honesty, they're nice-to-have things, not need-to-have (and unless you're severely disabled, nearly all of them are not much more than glorified monetization opportunities for whoever sells the thing to you - again, see also the Amazon Echo thingy).

Anyrate, yes the consumer (that is, you and I) have the ultimate power over how much these things influence and potentially control our lives and out stuff.

Now there may be exceptions (say you bought some swanky condo or rented an apartment that has all this stuff in it), but they can be disabled to an extent (or even hijacked by you if you know how and see a use for doing so.) It ultimately depends on you.

Eventually, I can see where you'd have no choice but to buy such things because alternatives would cease to exist... but even there, you can simply, say, assign them to an SSID that you've throttled down to 14.4k or some obscenely low rate, then take the extra step of firewalling the shit out of that network to allow only established/related ports. Or, just hack the thing to taste (after all, phones can be jailbroken fairly quickly, so...)

Re:Too late

[Lumpy]

"Are there secure IoTs?"

yep all of mine are. because I made them.

I dont use stupid "cloud" crap for my IOT devices they talk to the server in my home, and the ones in the vacation home talk over an encrypted VPN to my home.

it's the consumer crap designed to spy on you that are the problem, not IOT.

Re:Too late

[plover]

The real problem with the IoT is that everyone and their brother is trying to be the One True Provider of All Home Automation, and they want to do it in the cloud so they can charge you for integrating with everyone else's clouds. Nest has the whole Nest-Certified thing, running in the cloud. Samsung has the Samsung Smart Home, running your washers, dryers, and air conditioners in their cloud. AssureLink will happily run your garage door openers in their cloud. Honeywell has their thermostat system, in their cloud. Rheem has their EcoNet for running hot water heaters, in their cloud. LG has a cloud service for their TVs. Schlage has a cloud for running door locks. D-Link has a cloud for viewing their security cameras. Fitbit cloud-enables your health data. Philips' cloud runs your Hue lights. And so on.

Cloud solves some thorny problems. It enables easier configuration of the home user's environment by removing most of the barriers, which is critical to commercial success. Ordinary people don't know they need to poke a hole in their firewalls, and they also know they don't want to know all those technical details. But they still want to remotely access their IoThings from their iPhones. Having the IoThings phone home to the cloud means there's a central point to discover and communicate with them, making the consumer's installation woes less painful - ease of use is critical to driving sales. And the cloud can back up those configurations, allowing you to replace your old device 1.0 with new device 2.0, all without pain.

Clouds can also improve end user security - from a certain kind of threat. If your home device is connecting to the cloud and never listening for input on its own, its attack surface is much smaller than if it has opened a port on your firewall. And when your home device needs a security patch, the cloud can push it. Obviously, that means your home devices place their trust in the cloud to be secure, which is the point of TFA.

But the main problem cloud solves is that clouds provide an ongoing "service" for which the device provider can charge $9.99/month. And it's all about the continual extraction of money from the consumers. Why sell an overpriced sprinkler system only once when you can have that wealthy sprinkler system owner send your cloud service a check every single month? That's really why everyone wants to be the company that sells you the One True System, so they are the ones you're willing to pay on a monthly basis.

What I want (and have) is a server in my house that handles the home automation communications and executes rules without requiring a cloud. Unfortunately, most of the commercial hubs come needlessly saddled with clouds. There is no technical reason for an Iris hub or a Wink hub to connect to a cloud, yet they do. Amazon Echo runs everything to the cloud, including your voice. Better systems make the cloud optional.

There are also better choices on the horizon. OpenHAB is making great progress on providing an open source Java package that can handle a wide variety of home automation devices; GUI control is getting there, but setup and configuration is still a complex problem that's out of reach of the average homeowner.

Re:One population's security nightmare...

[tnk1]

is every Three Letter Agency's wet dream.

Maybe not. Yes, the ability to spy on people might be useful for them, however, they're frequently charged with the protection of US citizens as well.

If IoT is vulnerable, it is not just vulnerable to the NSA or FBI, it is vulnerable to Russia, Iran, North Korea, China, and anyone else who wants to try a hand at it. That's not a situation that would have everyone at the FBI (for instance) uncorking a bottle of champagne.

Burning coffee machines?

[Zumbs]

Someone recently asked, "So what if my coffee maker gets hacked? What are criminals going to do? Burn my coffee?" They can do a lot more than burn your coffee.

Depending on how well the safeguards are on your coffee machine, the criminals could try to keep the water heating elements running after all the water has been transferred to the pot. Aside from the energy bill, this could have other interesting side effects ranging from a destroyed coffee machine to a burning coffee machine that could set your home on fire. Yes, yes, this is probably a wee bit too close to scare-mongering, but it does underline the need for safety by design.

Re:Burning coffee machines?

[i.r.id10t]

The wife asked me why I wear my gun when I'm just hanging around the house. I looked her dead in the eye and said, "the motherfucking decepticons". She laughed, I laughed, the toaster laughed, I shot the toaster, it was a good time.

It's mostly just about rebranding stuff

[Sax+Russell+5449D29A]

I think the whole IoT marketing movement is about rebranding existing technologies. Remotely accessible cameras and wearable technology have been around for a very long time practically unchanged, but now they're suddenly categorized under an ambiguous umbrella term. Most of the IoT tech have been security nightmares since day 1 so we shouldn't suddenly worry about them now, we should have worried about them for over a decade. Googling for weakly protected webcams, for example, has been around since the early 2000's and it's been a "new phenomenon" every five years or so.

If there are devices in my home or car that I find intrusive, they can't be secured properly or they somehow threaten my privacy, I'll get rid of them. This of course becomes a bit problematic once we start running out of alternative manufacturers, but I don't think that'll be a problem for a long time to come. Our cars will most likely be the first that we have least choices with as laws have started to mandate certain wireless technologies to be implemented in them.

The very least steps everyone should take to secure networked devices of any kind is to set up a proper firewall at home and whitelist addresses they can connect to. Or even bar them behind a VPN. Wouldn't be something every average Jane and Joe can do, but that's another story.

Therac moment

[Okian+Warrior]

Software in medical devices was considered inconsequential for a couple of decades, and then the Therac device came out and killed several patients.

At the time, the FDA took a close look at software and decided that we need regulations to keep the software more safe.

I look at the programming in cars right now and note that we haven't had our "Therac" moment. Car manufacturers keep closed source and there's no regulations about how the code should be designed for safety. (Safety for the car, yes. Safety for the software, none.)

It'll probably take a couple of hackers making cars floor the accelerator randomly in a city for government to wake up and impose common-sense regulation.

We'll get it straightened out once a couple of people get killed.

Re:Therac moment

[plover]

Except the THERAC problem was almost the opposite of unregulated quality control. Because getting new software tested and certified was so very expensive, they decided to reuse their existing certified software in a new model of machine, thus avoiding the cost of the review process. The new device was slightly different, though, and more susceptible to the latent bug that caused the fatally high doses of radiation. (As I recall, it was an error handler in the patient name field that caused it to misinterpret the dose the technician selected.)

The regulatory process was partially at fault for making regulations so burdensome the company would rather play a game to get around them. I'm not saying we shouldn't have rigorous testing for safety critical applications, but that certification testing needs to incorporate the whole application plus its intended environment, not just testing the different bits from the last time it was certified.

Re:Therac moment

[UnderCoverPenguin]

I develop software for electronic controls in several industries, including automotive, so I am very familiar with the MISRA C Guidelines. They define a "safe subset" of C. The intention of the guidelines is really to make sure that certain, problematic features of C are being used correctly and only when needed. The idea being that when those problematic features are used, code reviews be performed to make sure the use is needed, correct and documented.

The problems come in when the guidelines meet reality.

Reviewing code for MISRA exceptions often distracts from reviewing code for other problems.

In some organizations, management demands strict and complete compliance with the guidelines. This results in more code and more complex code, thus significantly increasing the amount of code to be reviewed - as well as increasing opportunities for bugs.

In other organizations, blanket waivers are in place, requiring only that developers cite the relevant waivers when they use problematic features. This tends to make code reviews too lax.

So, why do electronic control systems still use C? Because cheap, low resource microprocessors are still the rule for these mass produced devices. As an example, most of the devices I am working on - now and in the recent past - use a micro with 16 kilobytes of RAM and 256 kilobytes of ROM (Read Only Memory; what we use to hold the running application). and it runs at 40 MHz - about 50 times slower than a low end PC

We have looked at alternatives. Not yet found one that fits our needs, though Rust looks close. (We know Rust's compiler is based on LVMM, so there might be back-ends for some of the (higher end) micros we use, but the ones we have found are all pre-Alpha quality.)

Re:No shit.

[gstoddart]

You know, until people act on it, or there are privacy laws in place, or the rest of the populace is outraged ... this is apparently quite far from "obvious".

Say this to most people, and you'll get an eye-roll and a tick-box in the crazy column.

Misunderstood headline!

[asylumx]

I read "Surveillance Nightmare" and though -- well that's good, I don't want things to be easy for surveillance. Boy was I wrong when I realized they meant it's a nightmare *because* of all the surveillance it makes possible!

Re: Misunderstood headline!

[Type44Q]

Indeed. This is a Privacy Nightmare and a surveillance wet dream but I don't suppose expecting intelligently-written summaries is very realistic...

BGS style computing

[I4ko]

Yet when I really think about it, I find that I have no good reasons to keep my computers connected to the internet. I went to BSG style networking at home. One network for local machines, going through a router that applies firewall riles in between, then another computer connected to the edge router, yet that computer isn't quite connected to the internet. I then run a virtual machine with an immutable hard disk and browser and make PPPoE connection from that VM to the router to gain internet routing. For every web page there is a separate instance of the VM (my underpowered server can run about 8 of these in parallel) and after I'm done with the page, the machine is shut down and new one created. I'm looking for more ways to automate it, and bring almost seamless experience, between the host and guest, but still the main idea is separation. I would rather return to usenet and irc, and other services from the 90s as the internet for me is medium for communication, not a medium for consumption. Why waste my time alone in my house facebooking on netflixing when I can go out to a bar or a cinema with a date?

Re:Privacy is a lot cause

[Penguinisto]

Short of completely abandoning modern society and living off the grid there is no way to maintain what was previously known as privacy.

Sure there is - you just have to work at it.

The cost to secure IoT devices and retroactively secure the internet age is so massively prohibitive it beyond the wildest of dreams for any realist..

Umm, really?

1) buy a cheap wifi router, give it a unique SSID
2) tie all your IoT crap to that new SSID
3) rig the router to QoS down to something ungodly tiny (2400 baud ought to do it), or just don't connect it to the Internet at all after the initial install/update for the device. Be certain that if it is connected, you block all incoming ports at the firewall.
4) (for the truly paranoid) If it has a camera, a bottle of cheap black nail polish is like $3 or so. If it has a microphone, clip if off or cover it with epoxy.

So far, we've spent less than $50, and most of that was for the new router - if you have an older router, just press that into service and it'll all cost you less than a couple of hours plus the price of a large latte... *shrug*.

Re:Simple Solution

[silas_moeckel]

I have a LOT of IoT devices oddly they can not connect to the internet. Frankly when you have devices and standards that need to last decades you're never going to cost effectivly put enough crypto on them. So build upon that assumption, break into my zwave network you can turn on lights or unlock a door or turn on the heat. You're not going to disable the security system merely some extra motion sensors. Break into my IoT wifi and you still can not get anywhere.

At the end of the day the implementations that require the cloud to work are broken by design. I need my fridge to talk to my HA controler it should be the only thing that needs to talk to the world and be updated/replaced on a regular basis, no different that a wifi AP (frankly mosts homes it could easily live on the wifi ap). I need open standards not apple homekit lock in. Because at the end of the day nobody wants a maytag oven thats not compatible with their frigidaire freezer or samsung microwave but we also can not expect maytag to provide updates to new protocol 10,0 to a 20 year old oven. We can expect to get a HA controler than supports everything and keeps it reasonably secure within the confines of the protocol.

Re:Privacy is a lot cause

[Sir_Eptishous]

Your suggestions are great for the current time frame.
The question is, what happens when these IoT devices won't function correctly without a constant phone home.
Updates, patches, etc.

Just look at what they did with gaming.

Re:Simple Solution

[Actually,+I+do+RTFA]

If you want to know your milk is about to expire in your fridge, or turn your dryer on to fluff your clothes from your phone, then know the risks.

But the risk is only because these stupid things are connected to the Internet. There's no reason they cannot use Bluetooth or similar. Connect to your cellphone when it is in range.