Amazon Is Making It Easier To Set Up New IoT Gadgets

At an event yesterday where the company unveiled a range of new Echo smart speakers and other Alexa-enabled devices, the company announced a new way to easily set up internet of things (IoT) devices. The Verge reports: Called Wi-Fi Simple Setup, the system will use Amazon's Wi-Fi Lockers to store your Wi-Fi credentials and share them with compatible smart home devices. Amazon is debuting this tech with TP-Link and Eero, with the idea that customers can reuse network credentials in order to set up new devices. This means devices will connect on their own instead of you having to manually set up each smart product. According to Amazon, it's as easy as plugging in a Wi-Fi Simple Setup-enabled device. The device will automatically look for the Wi-Fi Simple Setup Network and connect once it receives encrypted credentials. Amazon says the process should take no longer than 30 seconds. The ecommerce company also announced a "plug-and-play smart home kit called Alexa Connect Kit. "It starts with a module that has Bluetooth LE and Wi-Fi and a real-time OS that companies can put in their products in order to make them smart," reports The Verge.

The thing I fear

[SuperKendall]

I can just see within five years I may not be able to buy any home appliance that is not "smart" and connected, with some of them trying ever so hard to connect even if against my will.

Re: The thing I fear

Just give them their own segregated lan and turn it off when you're done.

Re: The thing I fear

error: can't connect to license server. shutting down.

Re:The thing I fear

I can just see within five years I may not be able to buy any home appliance that is not "smart" and connected, with some of them trying ever so hard to connect even if against my will.

I do not worry about this. I already turned down a wifi-enabled dishwasher. ("You can start it from your phone! " "I, and how many hackers?")

You see, chips are not free. Appliances comes in a spectrum: From dirt cheap, to sturdy quality. Those going for "cheap" will get the non-Internet devices, because manufacturers underbidding each other can shave off some cost by not having that wifi chipset. A toaster is so simple a device, so this will make a difference on the price tag. (Or on the corporate profit.) Even if they insist on wifi, it will only be midrange and up. Dirt cheap plastic items for the poorer will be without.

Also, most appliances are simple from an engineering standpoint. If nobody will sell me an internet-free toaster, I can make my own. Won't look pretty, but it'll work. I cannot make a dishwasher myself. But I know my electronics. So I can take any existing diswasher, and rip out the electronic controls. Then I can make it work just fine with my own electronics. No wifi then. A motor, a heater, and some pumps & valves - not at all hard to control with an arduino. If this is not an option for you, pay someone like me to "mod" your appliances for you. Go to a maker fair - anyone there could do it.

Re:The thing I fear

So I can take any existing diswasher, and rip out the electronic controls. Then I can make it work just fine with my own electronics. No wifi then.

You must be single. No Mrs. AC in the modern world would let you rip into their shiny new dishwasher to futz with the electronics.

Firefox AND Tor Browser: Nasty MitM possibility

Firefox AND Tor Browser: Nasty MitM possibility with the blocklist service (plus info disclosure)

- https://trac.torproject.org/pr...

(Proof of concept and Technical info within ticket's top post)

Related tickets:

Sanitize the add-on blocklist update URL
https://trac.torproject.org/pr...

#
Tor Browser 8.0 sends OS+kernel+TOTAL_PING_COUNT in update queries to Mozilla
- Tails 3.9, which ships with TB 8.0, is also affected.
#

User report:[1]
https://blog.torproject.org/co...

- Sanitize the add-on blocklist update URL
https://trac.torproject.org/pr...

[1]: "TBB-Firefox sends Linux kernel version in extensions blocklist update queries to Mozilla. 6 years old ticket closed https://trac.torproject.org/pr... without fix this privacy issue.

Superblather KenDoll the apologist whines again?

You're the idiot who brags about your Amazon echo and yet you're complaining about THIS? You really don't begin to self-comprehend your constantly whined ignorance, do you? You're an apologist for genocide, but THIS, this you whine about!

What a non-life you must have, complaining and pretending to have a job as if they were valid occupations lol.

Oh wonderful!

Now IoT devices don't actually need my permission before they begin spying on me and selling all my info to others. Nirvana!

this can't possibly end well....

'automated' setup.. credentials stored who-knows-where.. cheap tech partners.. firmware that will never get an update.. proprietary protocol..

i envision an entire new army of botnets based on this bullshit.

all because of the stupid, fucking fad of audio-only (or no audio and no suitable controls) devices (read: spy machines) with no screens or touch pads that would require pairing with a 'smart phone' or connection to a computer to set up a secure wireless networking connection otherwise.

How about no?

[Shikaku]

I could pull a huge number of examples but you can just scroll through https://twitter.com/internetof... and see why this is a bad idea.

AWS IoT is mostly secure

[mveloso]

If you look at their implementation, it's a lot more secure than most implementations. Client-certificate based authentication, provisioning, etc.

The only thing it can't do is prevent connections from devices with expired certificates ie: you can't prevent them from trying to connect.

It's up to you to do signed firmware etc, but from a communications infrastructure and management point of view they're better than what you can do in a reasonable amount of time.

Re:AWS IoT is mostly secure

Ah the ol' "you're safer under the protection of the Mafia" schtick.

Re:AWS IoT is mostly secure

[gtall]

The other thing it cannot protect against is Amazon siphoning any data these widgets can collect about your personal life...so that you may be fully monetized for wealth and enjoyment.

So Easy!

[spaceman375]

Gee, a simple device (or app on my phone) just a little too close to my neighbor's house, and suddenly I am on his internal network? Hacking & other mischief will be so easy now! Thanx Amazon!

Re:Killing nazi faggots is an American tradition

There are jewish nazis, that's an interesting and true point you didn't mean to make there. Some mixed-up retards in the world indeed, nazis are 3/4 of those.

Any Tech Details?

I did a quick search on Google and the only thing I could find was turning off Wi-Fi Locker improved someone's wireless network performance... If this is anything like Wi-Fi Protected Setup (WPS) which is a one button press setup, then it is simply horrible. WPS is trivially crackable and I expect Amazon's version of the same thing will eventually be shown to have the same level of security.

Possibilities

[Synonymous+Homonym]

If me and my neighbour each have one WiFi locker, and one of us brings a new device, will it receive the credentials to both our wireless local area networks?

Can this be used for connection sharing and bandwidth bundling?

Get Paid to Share Links on The internet

[Dannis12345]

Hey, buildup is a cool site that helps with emarketing through funnels marketing. Help in targeting customers for your business. onlineincomewithstan.com

Easiest everest

they just let hackers set up their incredibly retarded toys. And yes I know you want one :P

Re:Easiest everest

IRT sounds better than IOT.

Go right ahead

and make it easier for Amazon to know even more about you than they already do.
Why keep feeding the dragon?
Do you really need to keep seeing adverts for the effing thing that you just bought from them. How many Toasters does one person need anyway?

The same goes for Google btw.

No IoT device will every be connected in my home and yes, I do have tinfoil hat!

Aw HELL no

[Opportunist]

Make it more secure first!

Please!

For the love of $deity!

Another Reason I Like My Complex Network

People sometimes ask why I make my home network so complicated. Why have so many VLANs and ACLs and SSIDs...

Well, because of shit like this. There's no need for Echo to be able to talk to ANYTHING on my network. Echo VLAN. My home automation system should be isolated too. There's no need for it's regular UPnP scanning to itemize all devices on my network and upload it to some vendors insecure cloud server. But, it needs to talk to a couple of other local devices. HA VLAN. Tablets and laptops... Guests...

Everybody's wall off. Why? Because of stuff like this. It's no longer possible to know what all your OSes and IoT devices are doing behind your back. There's no telling if the next thermostat update is going to compromise my network or start spying on me in yet another unanticipated way. I want the promised conveniences but, I'm unwilling to let any and everyone have unfettered access to my stuff.

The Fuck?

Mostly secure? The fuck are you talking about?

Even accepting your statement, their "mostly secure" communication, prevents third party(you) access to their devices(that you paid for). So, you've got no way of knowing what it's doing and what they are transferring. It gives them free reign to your network.

I'm guessing that your network is mostly secure. Meaning, it's pwned!

Edit: The captcha for this post is "tunneled". Disturbingly "prescient".

Alexa Microwave

[freeze128]

I looked at the Alexa enabled microwave. It's cheap (under $100), but only 700Watts. "Alexa, reheat my coffee". "Your coffee will be hot in 12 minutes". It's faster to just reheat it on the stove yourself.

Re:Alexa Microwave

"Alexa, reheat my coffee"
"You already drank your coffee. Microwaving your body..."

Sell it to me

[TJHook3r]

I'm lacking in imagination obviously but apart from a smart speaker (that saves me typing) I cannot think of any IoT gadget that isn't going to be landfill within 2 years.

Have they thought this thru

[Dorianny]

I can see this working wonderfully in NYC apartments.

Hey neighbor mind turning my lights off

Nope

From Amazon's Privacy Policy @ https://www.amazon.com/gp/help/customer/display.html?nodeId=468496

Reason #1:
"We release account and other personal information when we believe release is appropriate to comply with the law; enforce or apply our Conditions of Use and other agreements; or protect the rights, property, or safety of Amazon.com, our users, or others. This includes exchanging information with other companies and organizations for fraud protection and credit risk reduction."

Reason #2:
"As we continue to develop our business, we might sell or buy stores, subsidiaries, or business units. In such transactions, customer information generally is one of the transferred business assets but remains subject to the promises made in any pre-existing Privacy Notice (unless, of course, the customer consents otherwise). Also, in the unlikely event that Amazon.com, Inc., or substantially all of its assets are acquired, customer information will of course be one of the transferred assets."

Note that #2's claim that customer data transferred via sale of part of Amazon would remain "subject to the promises made in any pre-existing Privacy Notice (unless, of course, the customer consents otherwise)" is specious. How would it be enforced?