Ask Slashdot: Is My IoT Device Part of a Botnet?

As our DVRs, cameras, and routers join the Internet of Things, long-time Slashdot reader galgon wonders if he's already been compromised: There has been a number of stories of IoT devices becoming part of botnets and being used in distributed denial of service attacks. If these devices are seemingly working correctly to the user, how would they ever know the device was compromised? Is there anything the average user can do to detect when they have a misbehaving device on their network?
I'm curious how many Slashdot readers are even using IoT devices -- so leave your best answers in the comments. How would you know if your IoT device is part of a botnet?

Finally a counter example

[Enter+the+Shoggoth]

Is this the long sought after counter-example to Betteridge's Law where the response to a question mark is always "yes" ?

Re:How do you know?

[JaredOfEuropa]

Especially if that password
- Is a default password that is the same for every device sold (these days a lot of equipment ships with unique random passwords)
- Isn't changed by the user during setup
- Can't be changed by the user. (What the hell, OpenElec?)

Re:Am A Noob Too

[clickety6]

Thanks for the info. I've printed it out for my grandmother...

Re:Am A Noob Too

[cfalcon]

> Keep routers and access points separate...
> low power atom device to run something like pfsense
> cheap managed switch
> wireless ap as a dumb bridge
> Create separate VLANs

Once you're done making this server room you describe, you'll be in the .0000001% of people qualified to run an IoT device, many of which are BORN malicious and sending pictures of your bedroom/front lawn/children to a central server in China, a decent number of which are fundamentally insecure with no possible way to change passwords or a default password they forgot (or "forgot") to strip out that you can't fix, and at least some of which will fail to work on a VLAN that can only see the outside internet (for some goddamned reason, they want to ping a router or something).

The short version is this: If you want your IoT devices to not be part of a botnet, DO NOT BUY ANY. Once you buy those components, you have to set them up. Then configure them. Then maintain them. And almost no one will jump through any of those hoops.

Re:The "average" consumer? Of course not.

[jandersen]

The "average" user has no idea and that's why they put IOT shit on their unsecured network in the first place, duh.

The average user has no idea that there is something like "IoT" and that it is in any way different from the rest of "the internet". All they know is that it is "smart" to have an app on your phone that can turn on the heating and tell you the fridge is empty, and a TV that seems to understand what you want to watch, or a smart meter that tells you (and the utility company) how much gas and electricity you use up to the last minute. They won't know or care about the security implications until it goes badly wrong.

Re:Am A Noob Too

[MMC+Monster]

Dude, I'm not a network technician but I've been putting computers together since the late 80s and have been running Linux OSs as my desktop OS for over a decade now...

And I couldn't set up the network you described without some serious googling.

How are we supposed to expect normal people to do it? Do routers come with VLAN set up out of the box, jailed so that it doesn't send data out of your network? Somehow I doubt it.

Normal people are screwed, until routers are set up to manage IoT networks by default.

And let's be real: Normal people aren't going to buy a separate access point if their router has Wifi built in.

Re:How do you know?

[Z00L00K]

If it needs to connect to a subscription service outside your home it has the potential to become part of a bot net.

Can you trust your thermostat to not browse your files?

Re:How do you know?

[Applehu+Akbar]

Just install Norton AV on it, and add McAfee to be sure. Then, even a botnet wouldn't want to anymore run on that device

Yeah, that's it! "Should I have run MacAfee on my FirstAlert online smoke detectors?" you say to yourself as you gaze at the remains of your house.

Re:How do you know?

[Shoten]

Openelec's entire file system is read only. Given the difficulty of installing something to the image when you want to, the potential for it to be easily and automatically owned by is very low.

This is not a real thing...a device whose total storage capacity is read-only. Let's look at why.

One: if it's all read-only, it can't have a variable password...accounts and passwords need to be hardcoded, because there's no way to store new or changed account information.

Two: if it's at all configurable, you have the same problem: where do you store the configs?

Three: guess what else you can't have if your file system is read-only? Software updates.

Four: let's call a spade a spade here. A more accurate way to make the claim...regardless of how infeasible it would be for any device of significant functionality...is to say this: "Openelec's entire file system is meant to be read only." An innate characteristic of most security flaws is that they permit something that is not intended. It's important to not assume that intended functionality is inevitable and invulnerable. And in this case, that "read only" capability is nothing more than Linux permissions...it's not that the OS invariably is incapable of granting write permissions. In fact, all kinds of things are writing to the file system, I would bet...information about drive mounting, accounts, etc. The file system is not inherently read only.

Assuming that system behavior when used in its intended fashion is also what happens when someone breaks the rules is the root of most security failures.

And now, a citation, called "squashfs howto - make changes the read-only filesystem in OpenELEC"

https://sites.google.com/site/...