Ask Slashdot: Is My IoT Device Part of a Botnet?

← Back to Stories (view on slashdot.org)

Ask Slashdot: Is My IoT Device Part of a Botnet?

Posted by EditorDavid on Sunday September 25, 2016 @07:34PM from the secret-swarm dept.

As our DVRs, cameras, and routers join the Internet of Things, long-time Slashdot reader galgon wonders if he's already been compromised: There has been a number of stories of IoT devices becoming part of botnets and being used in distributed denial of service attacks. If these devices are seemingly working correctly to the user, how would they ever know the device was compromised? Is there anything the average user can do to detect when they have a misbehaving device on their network?
I'm curious how many Slashdot readers are even using IoT devices -- so leave your best answers in the comments. How would you know if your IoT device is part of a botnet?

51 of 279 comments (clear)

Min score:

Reason:

Sort:

How do you know? by Pikoro · 2016-09-25 19:36 · Score: 4, Insightful

If it's connected to the internet directly, and it has no built in security apart from "admin" "password", it's part of a botnet or soon will be.

--
"Freedom in the USA is not the ability to do what you want. It is the ability to stop others from doing what THEY want"
1. Re:How do you know? by JaredOfEuropa · 2016-09-25 20:27 · Score: 5, Insightful
  
  Especially if that password
  - Is a default password that is the same for every device sold (these days a lot of equipment ships with unique random passwords)
  - Isn't changed by the user during setup
  - Can't be changed by the user. (What the hell, OpenElec?)
  
  --
  If construction was anything like programming, an incorrectly fitted lock would bring down the entire building...
2. Re:How do you know? by hcs_$reboot · 2016-09-25 20:40 · Score: 4, Funny
  
  Just install Norton AV on it, and add McAfee to be sure. Then, even a botnet wouldn't want to anymore run on that device
  
  --
  Slashdot, fix the reply notifications... You won't get away with it...
3. Re:How do you know? by Z00L00K · 2016-09-25 22:30 · Score: 5, Insightful
  
  If it needs to connect to a subscription service outside your home it has the potential to become part of a bot net.
  Can you trust your thermostat to not browse your files?
  
  --
  If builders built buildings the way programmers wrote programs, then the first woodpecker would destroy civilization.
4. Re:How do you know? by zm · 2016-09-25 23:34 · Score: 2
  
  "If it's connected to the internet directly" So, an infinitesimal fraction of them, since almost all would be behind a NAT router.
  IPv6 to the rescue! No NAT and even popular routers out there pass IPv6 without an SPI. (TP-Link Archer C7 would be one).
  Speaking of, recommendations for a good router, anyone?
  
  --
  Sig ?
5. Re:How do you know? by Applehu+Akbar · 2016-09-25 23:41 · Score: 5, Funny
  
  Just install Norton AV on it, and add McAfee to be sure. Then, even a botnet wouldn't want to anymore run on that device
  Yeah, that's it! "Should I have run MacAfee on my FirstAlert online smoke detectors?" you say to yourself as you gaze at the remains of your house.
6. Re:How do you know? by thegarbz · 2016-09-25 23:49 · Score: 2
  
  Openelec's entire file system is read only. Given the difficulty of installing something to the image when you want to, the potential for it to be easily and automatically owned by is very low.
7. Re:How do you know? by Zocalo · 2016-09-26 00:13 · Score: 3
  
  these days a lot of equipment ships with unique random passwords
  True, but more often than not it's derived from the MAC address (probably programmatically on boot with a defaulted config so they don't have to program each device in the factory) which is an absolutely horrible idea for WiFi enabled devices. If a (l)user sees an apparently random string of hex, conveniently also printed onto a sticker on the box so they don't have to remember it, it's a pretty safe bet that they are going to think it's secure and, quite possibly, not something they should change because that sticker looks important. Not a major problem for someone connecting over the Internet (although if they can ID the device make/model, they've got the OID and hugely reduced the brute force effort), but a serious issue if someone happens to be coming in over your WiFi and can connect directly.
  
  ALWAYS change your default password, and the username too, if it'll let you.
  
  --
  UNIX? They're not even circumcised! Savages!
8. Re:How do you know? by geekmux · 2016-09-26 00:18 · Score: 4, Interesting
  
  Just install Norton AV on it, and add McAfee to be sure. Then, even a botnet wouldn't want to anymore run on that device
  Yeah, that's it! "Should I have run MacAfee on my FirstAlert online smoke detectors?" you say to yourself as you gaze at the remains of your house.
  IoT or not, odd how you made me wonder if the smoke alarm itself has ever been the source of a fire...
  I need coffee. It's too early for this.
9. Re:How do you know? by jeffmeden · 2016-09-26 00:32 · Score: 3, Insightful
  
  Recommendations? Take the C7 and install OpenWRT on it. Super easy to use, reliable, and capable of any firewalling you can dream up (including on IPv6). Plus then you have a nice graph to tell you how much bandwidth is in use and by which device. If you have a botnet participant in your network it will be obvious.
10. Re:How do you know? by jittles · 2016-09-26 00:34 · Score: 3
  
  If it needs to connect to a subscription service outside your home it has the potential to become part of a bot net.
  Can you trust your thermostat to not browse your files?
  Guess that depends on the "required" app permissions, since that side of IoT is the part that is far more blatantly in the obtrusiveness of IoT.
  Well if you have an SMB share, or some other unprotected share, what is to stop your thermostat from mounting it and looking at its contents? Unless you block your thermostat off of the rest of the network. Any device you have that can be controlled by a remote service could be compromised and controlled by anyone.
11. Re:How do you know? by Anonymous Coward · 2016-09-26 00:46 · Score: 2, Informative
  
  If you have an unprotected share and a compromised thermostat you have two problems, not one.
12. Re:How do you know? by Shoten · 2016-09-26 01:10 · Score: 5, Insightful
  
  Openelec's entire file system is read only. Given the difficulty of installing something to the image when you want to, the potential for it to be easily and automatically owned by is very low.
  This is not a real thing...a device whose total storage capacity is read-only. Let's look at why.
  One: if it's all read-only, it can't have a variable password...accounts and passwords need to be hardcoded, because there's no way to store new or changed account information.
  Two: if it's at all configurable, you have the same problem: where do you store the configs?
  Three: guess what else you can't have if your file system is read-only? Software updates.
  Four: let's call a spade a spade here. A more accurate way to make the claim...regardless of how infeasible it would be for any device of significant functionality...is to say this: "Openelec's entire file system is meant to be read only." An innate characteristic of most security flaws is that they permit something that is not intended. It's important to not assume that intended functionality is inevitable and invulnerable. And in this case, that "read only" capability is nothing more than Linux permissions...it's not that the OS invariably is incapable of granting write permissions. In fact, all kinds of things are writing to the file system, I would bet...information about drive mounting, accounts, etc. The file system is not inherently read only.
  Assuming that system behavior when used in its intended fashion is also what happens when someone breaks the rules is the root of most security failures.
  And now, a citation, called "squashfs howto - make changes the read-only filesystem in OpenELEC"
  https://sites.google.com/site/...
  
  --
  
  For your security, this post has been encrypted with ROT-13, twice.
13. Re:How do you know? by tburkhol · 2016-09-26 01:11 · Score: 2
  
  Given the difficulty of installing something to the image when you want to, the potential for it to be easily and automatically owned by is very low.
  Viruses and worms can run just fine from RAM. Discovery may be slow, but once you find a vulnerable system with a read only filesystem, you have it report its IP to a C&C node, then re-infect it whenever you need it.
14. Re:How do you know? by cdrudge · 2016-09-26 01:13 · Score: 2
  
  if the smoke alarm itself has ever been the source of a fire...
  Yes
  At least a few times it looks.
15. Re:How do you know? by Reaperducer · 2016-09-26 02:16 · Score: 2
  
  Hint: IoT devices generally don't power down for months or years. Survival is maintained through propagation.
  
  --
  -- I'm old enough to have lived through six different meanings of the word "hacker."
16. Re:How do you know? by Reaperducer · 2016-09-26 02:20 · Score: 2
  
  Anyone who thinks this is a password problem either doesn't have many IoT devices in their homes, or was into IoT at the very beginning, and doesn't know how current devices work. I have close to 30 IoT devices in my home and have only had to deal with a password once, and that was for a cloud-based lightbulb that is so old it's no longer made.
  IoT devices for the home these days never expose the user to the password. They generally scan a QR code on the device itself or connect through a wireless connection that requires proximity.
  Moreover, arguing about things like passwords doesn't answer the OP's question. Try to stay on topic.
  
  --
  -- I'm old enough to have lived through six different meanings of the word "hacker."
17. Re:How do you know? by QuietLagoon · 2016-09-26 02:42 · Score: 3, Interesting
  
  Can you trust your thermostat to not browse your files?
  Nowadays, that is an amazingly valid question. Just a few short years ago, if you asked that question, you would have been __________. (fill in the blank)
18. Re:How do you know? by Archangel+Michael · 2016-09-26 02:57 · Score: 2
  
  I always change my username from root to AmyAcker ...
  
  --
  Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.
19. Re:How do you know? by jcdr · 2016-09-26 04:07 · Score: 2
  
  It's possible to remount a file system with new permissions. See the details here:
  https://www.gnu.org/software/l...
  Or to mount it in a other folder with different permissions.
  Or to directly access the partition under /dev/sda1.
  To make a read-only file system work as expected you have to use a hardware way to prevent writing to the memory. For example NOR SPI flash memory usually have a write protection pin. Of course that pin must be protected against unwanted operation that could drive it. In that case you can expect having a clean state after a boot. Secure boot is an other method to give the same kind of clean state after boot.
  You still have issues that can live in the SDRAM as long as the device will run...
20. Re: How do you know? by jcdr · 2016-09-26 04:14 · Score: 4, Informative
  
  OpenELEC FAQ disagree:
  http://wiki.openelec.tv/index....
  What is the SSH login?
  Shortcut: #SSH Login
  Currently the login into OpenELEC has fixed settings.
  Login: root
  Password: openelec
  How do I change the SSH password?
  Shortcut: #SSH Password change
  At the moment it's not possible to change the root password as it's held in a read-only filesystem. However, for the really security conscious advanced user, you can change the password if you build OpenELEC from source. Also you can consider logging in with ssh keys and disabling password logins.
21. Re:How do you know? by Solandri · 2016-09-26 04:14 · Score: 4, Interesting
  
  I've been saying for over a decade now that at least one storage device on the computer should have a physical read-only switch. Some kind of jumper which needs to be moved, or a switch on the motherboard which needs to be physically flipped, before you can write to the device. The main OS could be stored there, while logs, configs, temp files, etc. stored on a different storage device. Security flaws like a buffer overflow would still allow access to some memory, but it'd be impossible to exploit it to modify the system to give you full root access upon reboot.
  
  That's the way things were in the 1970s and early 1980s, when RAM was incredibly expensive so the programming for most embedded systems was stored in ROM, using RAM only for operational data. I've only seen one modern embedded system function this way - you stored the OS on a SD card with the write-protect switch flipped, and used a second SD card for data storage.
22. Re:How do you know? by zm · 2016-09-26 04:15 · Score: 2
  
  We'll wait and see how ISPs handle IPv6 when the time comes. There's no reason to believe it won't make matters worse.
  Except the time has come, and the devices do have public IP's (router has a DHCPv6 /64 address, and doles out addresses in the same /64 range to devices behind it using SLAAC; this is Rogers in Canada)
  
  --
  Sig ?
23. Re:How do you know? by StayFrosty · 2016-09-26 04:35 · Score: 2
  
  Obviously there is no guarantee--there never is in these days of NSA-intercepted shipments, government-sponsored code changes, etc... There are plenty of steps you can take to minimize the risk of this happening though.
  1. Use either Open Source software as your firewall platform (pfSense, m0n0wall, your own creation with pf or iptables, etc...), a firewall appliance based on open-source software that update frequently when vulnerabilities are disclosed (Mikrotik, Ubiquiti, etc...) or use enterprise-grade (even if it's used) hardware (Palo Alto, Cisco ASA, Fortinet, etc...) as long as you have access to software updates. Home and SOHO products aren't going to give you the kind of fine-grained controls you need to do this right. You minimally need VLAN support so you can have multiple WLANs to segregate your IoT devices.
  2. Follow the vendor/developers best practices when configuring the above firewall. Don't expose any firewall management services to the internet or your IoT network. If your firewall supports any consumer-oriented crap like upnp, TURN IT OFF! Obviously, don't expose any real computers to the IoT network.
  3. Subscribe to your vendors/developers mailing list. This way you can stay on top of any vulnerabilities as they are discovered, as workarounds are discovered, and as patches are released. Pretty much all the major vendors in item #1 have been on the front page of Slashdot within the last 2 years for some sort of vulnerability. It happens. Know about it when it does.
  4. Patch your shit. Update your firewall often. Read the release notes so you know what you are fixing, then apply the patch.
  
  --
  "Frequently wrong, never in doubt."
24. Re:How do you know? by sootman · 2016-09-26 05:18 · Score: 2
  
  If the software was written by a programmer who thought "We should have a built-in test system... maybe set an actual fire every 6 months and make sure we can detect it..." That's how testing works, right?
  
  --
  Dear Slashdot: next time you want to mess with the site, add a rich-text editor for comments.
The "average" consumer? Of course not. by Anonymous Coward · 2016-09-25 19:40 · Score: 4, Insightful

The "average" user has no idea and that's why they put IOT shit on their unsecured network in the first place, duh.
Easy or free, pick one by Anonymous Coward · 2016-09-25 19:45 · Score: 3, Interesting

There are free tools you can use to monitor a network, but they might not be so easy for the average user. Just googling around, I found this solution that's designed to answer such questions, but note it costs money. I've never seen it in action. One would hope that you get something user-friendly at such a price.
The other guy who said that if you can log in with "admin" as the userid and "password" as the password, or some other default login, that's spot-on. Botnet creators will probe for that, so at the very lease change the userid and password before actually going live... or just do what I do and not have any IoT stuff.
1. Re:Easy or free, pick one by skids · 2016-09-26 03:52 · Score: 2
  
  Basically the only way to detect intrusions on these systems is to have A) a characterization of their nominal protocol behavior including bandwidth usage patterns, connection/disconnection behaviors and other such information in addition to the basic port/service stuff. B) Have a list of the cloud servers they normally contact under standard operation, and C) Have regular automatically installed updates for A) and B) as the owner of the device screws with firmware and/or CDN contracts or the CDN itself makes changes and D) have some sort of alerting system that tells you when the nominal behavior pattern has been broken, but does not generate so many false alarms that you start to ignore said alerts and E) Have a device inline, sniffing, or on a mirror port capturing all traffic on the segment.
  The big problem is C) because it requires a steady supply of manpower. Which is why companies pay more for the subscriptions on most NGFWs these days than they do for the hardware.
  
  --
  Someone had to do it.
Control and management by ledow · 2016-09-25 19:54 · Score: 2

Though it doesn't seem to apply to home networks, how can you be an IT professional of any kind and NOT know what's coming into or going out of your network?
If nothing else, precisely because of things like this where your CCTV NVR or your thermostat could be hacked and doing whatever it likes. In fact, DDoS of someone else is the LEAST of your worries if someone is able to coax your devices into running arbitrary code on your local network.
Sorry, but this kind of thing needs management and there isn't a home router on this planet that does things like send you an email when a "new" device connects, or alerts you to unusual activity from your local network devices.
1. Re:Control and management by Zocalo · 2016-09-25 20:28 · Score: 4, Informative
  
  Pretty much this, and given how bad many IoT devices are, even if you do change the passwords, etc., it's safer to just assume that they already have been compromised, or that they will be. Since we're talking retrospectively here, set up some connection logging on your outbound router. See if there's anything in the logs that's not what you were expecting, bearing in mind that they'll almost certainly be phoning home to "check for updates" and "backup your data to the cloud" (AKA "monetize your data"). Done. A better approach would have been to be more proactive (because the typical SoHo router vendor sure as hell won't be); as a minimum lock down anything you don't need, put all the IoT type devices on a dedicated network away from the stuff that matters, and configure the router to send an alert when anything anomalous happens. Bonus points for things like implementing BCP38 locally so even when you are compromised at least tried to minimise the damage, enabling syslog and actually monitoring the output, and other basic security principles.
  
  --
  UNIX? They're not even circumcised! Savages!
2. Re:Control and management by Xtifr · 2016-09-25 20:36 · Score: 2
  
  how can you be an IT professional of any kind [...]
  I'm not. I'm a software developer.
3. Re:Control and management by Zocalo · 2016-09-26 01:21 · Score: 2
  
  In the specific context of whether the IoT devices under discussion have been rooted or not, abnormal traffic actually does tend to stick out a bit. Legit traffic will generally be restricted to your internal network, plus a selection drawn from the vendor (and possibly a few "partners"), a cloud service operator or two, and a small pool of ISPs/MNOs that are are used to access the device remotely, depending on the device type and usage patterns - a finite set of IP ranges that will come up continually. Botnet activity is going to consist of periods of extra high activity to either one fixed address that probably isn't in that pool (e.g. a DDoS of Brian Kreb's website) or periods of extra high activity to lots of IP addresses not in that pool (e.g. co-opted to send spam). You can also draw a pretty firm conclusion that you've been hacked from things like time of day when activity occurs (why is it streaming data all night?), protocols being used (why is my DVR sending lots of email?), and so on.
  
  Not something that a typical user is likely to be able to do, of course, but if you've got a basic grasp of networking fundamentals and can put that together with your knowledge of how you are using the device, then getting a yes/no on whether a device has been compromised from logs isn't that hard to do, even without some baseline data of what's "normal".
  
  --
  UNIX? They're not even circumcised! Savages!
Re:Am A Noob Too by Bert64 · 2016-09-25 20:03 · Score: 4, Interesting

Keep routers and access points separate, there's no need for them to be the same device...
Get a low power atom device to run something like pfsense, a cheap managed switch (the hp 1800 series are good and quiet), use any wireless ap as a dumb bridge so it doesnt need any routing capabilities.
Create separate VLANs for guests and other untrusted devices, you can connect to devices here via the firewall but don't allow any outbound connections from the network containing these devices.
Buy new wifi as/when (eg 802.11ac), add multiple access points to cover different areas if necessary (even in a small house, wifi doesn't travel well through floors) and link them together via ethernet. Use ethernet whenever possible, wifi is only for portable devices.
You can also setup a VPN so you can connect to your stuff from outside, having authenticated using both a certificate and a user/pass. Far less chance of compromise than some unknown black box device from china.

--
http://spamdecoy.net - free throwaway anonymous email - avoid spam!
Finally a counter example by Enter+the+Shoggoth · 2016-09-25 20:04 · Score: 5, Insightful

Is this the long sought after counter-example to Betteridge's Law where the response to a question mark is always "yes" ?

--
Andy Warhol got it right / Everybody gets the limelight
Andy Warhol got it wrong / Fifteen minutes is too long.
1. Re:Finally a counter example by AmiMoJo · 2016-09-25 22:53 · Score: 2
  
  Probably not... When you consider that, for example, pretty much every TV sold now has smart features and yet the vast majority of TVs are not part of a botnet as far as we know. Ditto cars, many have some kind of connectivity now but are not infected.
  The main reason for this is that it just doesn't make economic sense to target IoT devices. With Windows you have hundreds of millions of targets and easy access via malvertising and trojans. With an IoT device it's probably behind a firewall and only connects to a small number of hosts, so you would have to MITM it or hack the manufacturer's servers. And all it gets you is a low end device that might only to turned on for a few hours or minutes a day.
  Sure, it's really funny when people hack vehicles remotely or make someone's smart bulb strobe, but it's not very profitable.
  
  --
  const int one = 65536; (Silvermoon, Texture.cs)
  SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
Limit their bandwidth? by wildstoo · 2016-09-25 20:17 · Score: 3, Insightful

Probably beyond the abilities of Joe Average, but you could use your router/firewall/whatever to limit the bandwidth of IoT devices on your network.
Most IoT devices seem to use very little bandwidth by design - they just send and receive simple status updates and commands - and they would be of much less value to a botnet operator if they were limited to, say, 5kbps.
Not used here by ctrl-alt-canc · 2016-09-25 20:30 · Score: 2

I don't use IoT, and I will never will. No need to share with external world room temperatures, door status or garden humidity. Electromechanical devices are enough for this, they are much cheaper, and are free from the risk of being tampered from an indian hacker.
I still have to understand why people need to control everything from their smartphone, when there are simpler solutions that require much less of your precious free time to be implemented and used.
1. Re:Not used here by Bob+the+Super+Hamste · 2016-09-26 01:22 · Score: 2
  
  As one of the old guys here, although my UID would indicate that I am younger than I am, I don't want a smart TV. What I really want it is big monitor with lots of hookups, a fast response time, and good color reproduction. I don't care if it has Netflix built in, my computer, my roku, my tablet, my phone all will play it just fine and likely the apps there will be kept more up to date than the prebundled shit on the "smart" TV.
  
  --
  Time to offend someone
Re:Am A Noob Too by clickety6 · 2016-09-25 20:34 · Score: 5, Funny

Thanks for the info. I've printed it out for my grandmother...

--
----------------------------------- My Other Sig Is Hilarious -----------------------------------
Re:Am A Noob Too by cfalcon · 2016-09-25 20:39 · Score: 5, Insightful

> Keep routers and access points separate...
> low power atom device to run something like pfsense
> cheap managed switch
> wireless ap as a dumb bridge
> Create separate VLANs
Once you're done making this server room you describe, you'll be in the .0000001% of people qualified to run an IoT device, many of which are BORN malicious and sending pictures of your bedroom/front lawn/children to a central server in China, a decent number of which are fundamentally insecure with no possible way to change passwords or a default password they forgot (or "forgot") to strip out that you can't fix, and at least some of which will fail to work on a VLAN that can only see the outside internet (for some goddamned reason, they want to ping a router or something).
The short version is this: If you want your IoT devices to not be part of a botnet, DO NOT BUY ANY. Once you buy those components, you have to set them up. Then configure them. Then maintain them. And almost no one will jump through any of those hoops.
Re:The "average" consumer? Of course not. by jandersen · 2016-09-25 20:46 · Score: 5, Insightful

The "average" user has no idea and that's why they put IOT shit on their unsecured network in the first place, duh.
The average user has no idea that there is something like "IoT" and that it is in any way different from the rest of "the internet". All they know is that it is "smart" to have an app on your phone that can turn on the heating and tell you the fridge is empty, and a TV that seems to understand what you want to watch, or a smart meter that tells you (and the utility company) how much gas and electricity you use up to the last minute. They won't know or care about the security implications until it goes badly wrong.
Errrrm, analyse your traffic? ... Maybe? by Qbertino · 2016-09-25 21:50 · Score: 3, Informative

Do you really want to know?
Then analyse your LAN traffic. Wireshark and Co. are you friends.
You're welcome. Captain Obvious was glad to help.

--
We suffer more in our imagination than in reality. - Seneca
1. Re: Errrrm, analyse your traffic? ... Maybe? by ageoffri · 2016-09-26 03:02 · Score: 2
  
  Spend even $100 on a good router like an EdgeRouter Lite. Set the outbound firewall to record all activity for a day or even hours. Look through the logs, research and block what you. Repeat the process on occasion and you'll reduce your risk by quite a bit, though there will always be some residual risk.
  
  --
  -- Slashdot, making the Left look conservative since 1997.
Re:log files by nukenerd · 2016-09-25 21:59 · Score: 4, Insightful

If a person is intelligent enough to perceive the need for a device, obtain the device and install the device
They will perceive the "need" when a salesman or ad persuades them that they need it. They do not even need to be aware that the device will be part of the IoT, only that they "need" a toaster or whatever.
They will obtain the device by pulling out their wallet. (Soon it will become impossible to obtain anything else.)
They will install it by plugging it in (have you never installed a toaster before?).
I don't know where you think intelligence comes into it.
Re:Am A Noob Too by MMC+Monster · 2016-09-25 22:09 · Score: 5, Insightful

Dude, I'm not a network technician but I've been putting computers together since the late 80s and have been running Linux OSs as my desktop OS for over a decade now...
And I couldn't set up the network you described without some serious googling.
How are we supposed to expect normal people to do it? Do routers come with VLAN set up out of the box, jailed so that it doesn't send data out of your network? Somehow I doubt it.
Normal people are screwed, until routers are set up to manage IoT networks by default.
And let's be real: Normal people aren't going to buy a separate access point if their router has Wifi built in.

--
Help! I'm a slashdot refugee.
Re:Am A Noob Too by vtcodger · 2016-09-25 22:11 · Score: 3, Insightful

"Think a non-network engineer can do or wants to do any of that stuff?"
Hell, I don't think most folks who could do that stuff have any desire to actually do it for their household gear ... and then deal with the inevitable breakdowns ... especially if some clownshow in Redmond or Shanghai is perpetually sending out broken automatic "firmware" updates to enhance security or "user experience".

--
You can't see ANYTHING from a car, You've got to get out of the goddamned contraption and walk...Edward Abbey
Find the device's online trail by beda · 2016-09-25 22:55 · Score: 4, Informative

Infected devices usually try to spread the infection further and their scanning attempts on the Internet are often observed. There is for instance a dedicated website for IoT devices attacking Telnet ports or some more generic ones, such as the Internet Storm Center. If the IP address of your device is on the list, it is very likely that you have a problem.
Is my IOT device part of a botnet? by philipmather · 2016-09-25 23:07 · Score: 3, Funny

Depends, have you plugged it in yet?
No need to turn it on, someone else will do that for you.

--
Regards, Phil
Excellent question with no answer! by Kludge · 2016-09-26 01:51 · Score: 4, Informative

I have often wondered the answer to this question myself: how can I tell if a machine on my network is compromised?
So I set up a Linux box as my primary router, and monitored all the traffic going through the box, and holy crap, there is a lot of stuff.
Every time you hit a facebook web page, the javascript in there directs your browser to hit literally dozens of other web sites, and this is true of EVERY device in your house: your wife's laptop, your son's smartphone, your dog's water bowl. When you watch a video on Netflix video, the video player hits a dozen different servers at once, and those connections come and go constantly, old ones are closed, new ones opened to different servers throughout the world with all kinds of different names. And, of course a modern computer or smartphone uses all kinds of services: time services, location services, software updates, on and on and on.
It would be very difficult for a person to notice a low level bot doing something amiss. I have all the data, and I don't know how to do it.
The real worry by Not-a-Neg · 2016-09-26 02:40 · Score: 2

I am more concerned about a cheap IoT device shipping with spyware from China pre-installed than I am about someone hacking into my network.

--
-==- Buy a Mac and leave me alone!
Re:Am A Noob Too by anegg · 2016-09-26 05:05 · Score: 2

Well, I had good intentions. I'm a network engineer, and I planned out my multi-segmented network so that my home IT (servers/computers) stuff was separated from my home infrastructure (security devices, smoke detectors, etc) and that the latter were walled off from the Internet. And I *plan* to make it all work correctly someday. But in the meantime... All I have implemented so far is separate SSIDs for kids and adults so that the kids are blocked from 24-hour/day Internet time wasting, and some firewall block rules to keep my home security infrastructure from being able to communicate to the Internet, mostly triggered by the Nest Protect's incessant need to upload its motion detection data to the mothership.
In the meantime, I generally avoid buying things for the home network that aren't "self-contained" (i.e., I don't buy the things that need to communicate with the "cloud" in order to work. This is for practical reasons (I don't want my stuff to stop working just because a vendor goes out of business, or simply stops supporting an old product line, or my Internet connection is on the fritz) as well as privacy reasons (I don't need to have any more data on my habits and choices being uploaded to the cloud than is already there from my using Amazon, credit cards, Hulu Plus, Redox, and the library).
I *hope* more vendors get off of the "connect it to the cloud" bandwagon and that IoT devices are mostly self-contained, but don't see much chance of it happening unless either there is a huge blowup with legal liability that causes companies to go that way, or legislation requires/encourages it. Too many folks want to be able to view the inside of their home from their smartphone while on vacation, without realizing that what works for them can very well be subverted to working for others...