Slashdot Mirror

← Back to Stories (view on slashdot.org)

If It Uses Electricity, It Will Connect To the Internet: F-Secure's CRO (theregister.co.uk)

Posted by msmash on from the words-of-wisdom dept.

New submitter evolutionary writes: According to F-Secure's Chief Research Officer "IoT is unavoidable. If it uses electricity, it will become a computer. If it uses electricity, it will be online. In future, you will only buy IoT appliances, whether you like it or not, whether you know it or not." F-Secure's new product to help mitigate data leakage, "Sense", is a IoT Firewall, combining a traditional firewall with a cloud service and uses concepts including behaviour-based blocking and device reputation to figure out whether you have insecure devices.

21 of 308 comments (clear)

  1. I don't think so. by captaindomon · · Score: 4, Interesting

    I get his point - more things will be connected to the internet. But more things will also not be. The internet is a utility now, it's not just new and shiny. Sure, there will be coffee machines that are connected to the internet you can buy, but there will be a ton of people that don't want them and want a normal coffee machine. If you don't believe me, look at pets.com and the bubble burst. Seemed at the time that everything would be purchased through a web site. Sure, Amazon has some pet food sales. But people aren't ever going to stop buying dog food locally.

    --
    Just because I can hook a shark from a boat, I do no offer to wrestle it in the water.
    1. Re:I don't think so. by UnknowingFool · · Score: 3

      Let's take his own example: An Internet connected toaster. Why the **** would my toaster need to be connected? His point is that the toaster company would add Internet to my toaster regardless if I want it so they can collect analytics. I use my toaster twice a year. Even if I leave it connected, the data they collect will be of little use. If they really want to connect everything, I'll just leave things unplugged. Or not connect them to my home network. Or get another model that doesn't have a connection.

      --
      Well, there's spam egg sausage and spam, that's not got much spam in it.
    2. Re:I don't think so. by Jason+Levine · · Score: 4, Informative

      We use our toaster often, but unplug it when we're not using it. If our toaster was Internet-connected, would we need to wait for it to boot up before we could make some toast? Because if that's the case, I'll do what you do and buy a non-Internet-connected toaster or not connect it to my home network. (If the toaster requires Internet connectivity to make toast, it will be returned ASAP and I'd post a warning online to keep others from buying that model.)

      --
      My sci-fi novel, Ghost Thief, is now available from Amazon.com.
    3. Re: I don't think so. by gnick · · Score: 2

      If you don't want an electric coffee machine then use a French press.

      There's a middle ground between a French press and a coffee maker that tracks my brewing habits. No matter how prevalent these smart devices get, there will always be a demand for dumb ones. And where there's demand, there's supply.

      --
      He's getting rather old, but he's a good mouse.
    4. Re:I don't think so. by hey! · · Score: 2

      Individual businesses may fail, but businesses as a whole will keep trying until someone succeeds at getting their technological hooks into you. It isn't customer demand driving this, nor is it customer benefit (you can't be *that* naive). What's driving this is a fundamental fact of marketing: new customers are expensive to find.

      So when you as a customer are seeking a transaction, I as a marketer am seeking to parlay that transaction into a relationship. This is apparent if you look at something like a so-called "dealer warranty" for your new car, which if you read the fine print requires you to get oil changes at that dealer much more frequently than the manufacturer recommends, at a price named by the dealer.

      Digital technology transforms the marketplace into something like a dating service where everyone you meet will be a stalker. You buy a tractor from John Deere, Deere tries to create a future revenue stream by forcing you to use an authorized repair center.

      --
      Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
    5. Re:I don't think so. by ColdWetDog · · Score: 5, Insightful

      Nope, but that's not the way it will happen. The Internet Toaster won't care if my toast is perfect. It WILL care what brand of bread I use and will want to tell me about other wonderful choices in the world of sliced bread. And THAT will take 15 seconds, be associated with an annoying noise, voice and / or blinky light.

      Then the company that made the toaster will shut off the server for reasons unclear in the engineering world. I won't be able to put another slice of bread in it until I either buy a subscription to toast.biz or another fucking toaster.

      It's not the microprocessor and sensor suite that is the issue (although you can overthink a problem pretty easily these days). It's the connection to the cloud for no apparent gain other than to line somebody else's pockets.

      --
      Faster! Faster! Faster would be better!
    6. Re:I don't think so. by rahvin112 · · Score: 2

      His argument is that non-internet toaster won't be produced. The problem with that is that no matter how inexpensive that internet connection module gets, it still adds cost to what is the most basic of electrical devices around (AC Electricity directly connected to heating wires, a simple mechanical switch and spring). A toaster is actually a perfect example of a device that might be sold internet connected, but will never ever be ONLY sold as internet connected. And the simple reason is that internet connection stuff would add cost and the 90% of people that don't want an internet connected toaster wouldn't pay the extra $$ for the connection.

    7. Re:I don't think so. by hawguy · · Score: 2

      Nobody gives a shit how much toast you make, certainly not enough to go through the engineering efforts and added cost in general of sensors, controllers and backup batteries with the electronics similarly made to operate when "offline" (unplugged) for prolonged periods, whatever you say/do around the toaster on the other hand is information they can sell.

      My grocery store, bread baker and bread-flour producer all have great interest in how much toast I make, how it correlates with other products/services I use, and how to get me to make more toast. And they don't care if the wifi chipset adds $3 to the price of my toaster and they'll get me to pay for it by claiming that the internet connected toaster is "cloud connected" to ensure perfect toast every time.

    8. Re:I don't think so. by sunking2 · · Score: 2

      His point is that the engineering costs will be so low because it'll be sold as single component there will be no reason not to put it in. Of course the same thing was said about RFID 20 years ago and while its certainly used quite a bit, it's hardly taken over the world like it was supposed to. And that's much simpler.

    9. Re:I don't think so. by AmiMoJo · · Score: 4, Insightful

      How about a free toaster if you plug it in for at least 16 hours a day? And by the way it has a microphone and a screen showing adverts on it... And it etches adverts into the toast as well... But it's free!

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    10. Re:I don't think so. by omnichad · · Score: 2

      Yes, more standby power usage is what we need. That cable box uses almost as much electricity on standby as it does when running.

    11. Re:I don't think so. by Anonymous Coward · · Score: 2, Funny

      Toaster: Howdy doodly do. How's it going? I'm Talkie, Talkie Toaster, your chirpy breakfast companion. Talkie's the name, toasting's the game. Anyone like any toast?

      Lister: Look, I don't want any toast, and he doesn't want any toast. In fact, no one around here wants any toast. Not now, not ever. No toast.

      Toaster: How 'bout a muffin?

      Lister: Or muffins. Or muffins. We don't like muffins around here. We want no muffins, no toast, no teacakes, no buns, baps, baguettes or bagels, no croissants, no crumpets, no pancakes, no potato cakes and no hot-cross buns and definitely no smegging flapjacks.

      Toaster: Aah, so you're a waffle man.

      https://www.youtube.com/watch?v=LRq_SAuQDec

    12. Re:I don't think so. by MountainLogic · · Score: 2

      If the current direction continues, there will never be an Internet toaster. The bulk of consumer IoT devices lack the I in IoT. A device is not port of the Internet if it does not have an IP address. Until I can ping my toaster from across the planet, we do not have an IoT. We have an ioT, small "i" that is routed through a bunch of half-baked proprietary layers and protocols that is only then tunneled through the Internet to a proprietary cloud application. (Real) IoT, fusion and (real) AI have been just a few years away and will be for a long time to come.

    13. Re:I don't think so. by BarbaraHudson · · Score: 2

      When toasters have to be connected to the internet to work, the idea of me buying a toaster is toast.

      Besides, toasters are simple devices. My current toaster has "no user-serviceable parts" and was riveted shut. A drill fixed that, so I could repair it when crumbs caused it to malfunction when I shook it upside down to get out the last of them. I like my toasters dumb. If I wanted a smart toaster, I'd get a Cylon.

      --
      "Transparent" is a shit show that trades on every stereotype going. A man in drag is NOT a transsexual.
    14. Re:I don't think so. by BlueStrat · · Score: 2

      I don't doubt you worked in a building where those activities were being done, but this isn't even a hard problem. You're trying to wave around some sort of authority chode, but argument from authority is crap. And you're not even claiming experience; "I did work I thought was important, a long time ago, therefore I know all about modern materials engineering." It is really weak sauce.

      Wow, dude, take the stick out of your ass and that huge chip off your shoulder! Have you got 'little-man syndrome' or something? I'm not trying to wave around any authority, just trying to have an interesting technical 'what-if', the background was just attempting to establish rapport with possibly another person with an engineering background. I was simply tossing out some random off-the-cuff thoughts, I wasn't submitting an engineering thesis, FFS!

      Most ICs are also available in ceramic packages. Typically that means it is rated to 210C ambient.

      Those ceramic packages also come at a premium price, again making the idea of putting them into the base of a 6L6 not practical. That 210C ambient is also likely a maximum spec and/or exposure time-limited and reliant on heatsinking and forced-air cooling. Good luck fitting that in there.

      The base of the tube's plug doesn't get that hot, and the reason is because it has a high temperature plastic washing in between.

      That is false for most common octal power power tubes used in guitar amplifiers. There is no "high temperature plastic 'washing'" between the glass envelope and the base. There is only a bit of high-temperature cement to aid in keeping the base attached along with the leads inside the base. Heat also gets transferred to the base's interior by the tube's pin-leads exiting the glass envelope and connecting to the pins in the base. The bases are typically made of the modern version of Bakelite which helps prevent burned fingers, plus the fact that when tubes operate in an upright position the heat rises away from the base due to convection. Many amplifiers operate power tubes inverted, Fender being prominent. I guarantee you that after an hour of operation the bases of 6L6s in a '68 Fender Twin Reverb are quite near 200C, sometimes over, and if you're foolish enough to grab one of those bases you'll leave burned flesh behind, Bakelite or not.

      So you if put a flexible printed circuit (made of kapton, good to 260C) with a ceramic IC somewhere inside of some plastic whose purpose is already thermal shielding, then it is safe to assume that that circuit will be somewhere in between the temperature of the tube, and the ambient temperature. And it isn't going to melt or burn.

      That might work, but there's bloody-little room in one of those bases, I know as I've had them apart many times.

      It might be technically achievable, but it would not be easy or cheap, the added costs would likely negate any added value, and the value itself is still a question. What value could it add to a set of tubes in some guy's guitar amplifier?

      Strat

      --
      Progressivism (aka US 'Liberalism'): Ideas so good they need a police/surveillance-state to enforce.
  2. Security company scaremongering IoT by Opportunist · · Score: 5, Insightful

    Film at 11.

    He's probably right about the push towards having to be online, but I fail to see how an IoT firewall should mitigate it. Especially with the increasing use of IPv6, which means more and more IoT devices will try to get un-NATed access to the internet (and will probably also get their wish granted).

    Good luck trying to firewall that.

    Sorry, but no. If we want secure IoT devices, we have to demand them. And that means not buying the shoddy, insecure junk that's currently peddled. And I'm not even talking about any gimmicky gadgets from some Aliexpress shops, I'm talking about our "smart" TVs and other "smart" appliances made for dumb people.

    --
    We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    1. Re:Security company scaremongering IoT by StormReaver · · Score: 2

      Especially with the increasing use of IPv6, which means more and more IoT devices will try to get un-NATed access to the internet (and will probably also get their wish granted).

      Good luck trying to firewall that.

      That's rather simple to do. Unless device manufacturers are going to provide their own Internet infrastructure, they will still need your Internet connection to do their nefarious deeds.

      Simply have a default I/O policy of Deny on your firewall, allow only specific devices to use your connection, and you're done. There is nothing magical about IPv6 in this regard.

  3. Re:It doesnt have to be online by EvilSS · · Score: 5, Insightful

    Just rip out the antenna so it can't try to get on your wifi or cellular networks. Bam, good old fashioned dumb appliance that will simply do what it was originally designed for instead of trying to integrate a billion little web marketing doodads on to a screen that shouldn't be there in the first place.

    "We're sorry, there seems to be a problem connecting to the internet. You will need to complete the WiFi setup before you can make your toast"

    --
    I browse on +1 so AC's need not respond, I won't see it.
  4. alarmist nonsense by slashmydots · · Score: 2

    Yay, headline-bait garbage! If you don't plug an ethernet cable into it or tell it your SSID and wifi password, then I guess there's no threat at all and they won't sneakily connect to the internet without your knowing and hack your whole house and OMG your whole family is gonna die ahhhh!!!

  5. Brickerbot will destroy this model by knorthern+knight · · Score: 2

    Manufacturers are effing *CHEAP*. Yes you might be able to mesh network a device with a 2-cent chip. But you can't make a *SECURE* device for 2 cents. You'll get the usual idiot practices of hardcoded passwords being the same for all products of the same model, communicating by cleartext telnet. When bricked devices start being returned in droves, watch for manufacturers to change their minds quickly.

    Ditto for not operating when not connected. maybe Brickerbot can get some of these devices to transmit a random noise signal at max power. Eventually it'll become like wifi in my condo, where I can see 25+ neighbours' systems fighting over the same 11 channels. If it needs connectivity to work at all, a *LOT* of people will avoid it.

    --

    I'm not repeating myself
    I'm an X window user; I'm an ex-Windows user
  6. Re:It doesnt have to be online by Rick+Schumann · · Score: 2

    There will always be a market for basic, 'dumb' appliances and other things, because not everybody is rich, but everybody needs to live. So you don't get the shiniest new things; so what? A toaster needs to just be good at being a TOASTER. Or a coffee maker. Or a refrigerator. Or a dishwasher, clothes washer, clothes dryer, and so on. There will ALWAYS be companies that make basic, reliable things like that. Don't believe all this bullshit hype that 'everything is going to be a computer'. Not necessary. As remarkable as it may sound, common sense manages to survive.