Internet of Shit security

File: internet of things oven.jpg (106KB, 1717x1088px) Image search: [Google]

106KB, 1717x1088px

Is it really that hard to NOT ENTER your wifi password when buying a device that has no business being on the internet?

>>60903699
Its simple. Don't buy internet of things stuff at all or don't let it connect to the internet.

>>60903746
>>60903766

That works great for people who aren't retarded but a lot of retarded people buy them. The question is more along the lines of what can be done to mitigate the damage of retards.

>>60903699
Reduce the risk by not purchasing IoT devices.
Are you fucking retarded?
>>60903746
How about dont put internet connectivity into a fucking stove.
Why in the holy mother of fuck would you ever need to remotely operate a stove? You have to be in front of the fucking thing to put food in it.
Anyone that buys this kind of shit deserves whatever happens.

>>60903699

Yes, a sure-fire way is to apply a Haptic Amplification Metallic Malletic Energy Redistributor to the device

>>>/games/1104294333/1-40

File: im ok with this.png (16KB, 379x214px) Image search: [Google]

16KB, 379x214px

>>60903785
>That works great for people who aren't retarded but a lot of retarded people buy them.
Let them. It'll be funny as shit when someone figures out how to access their webcams, notice a cardboard box on the electric stovetop, turn on the stove, then disable the fire alarm.

>>60903812
what does halo 2 have to do with this thread?

Just use a proper firewall and you will be fine.

>>60903785
Then why the fuck did you make this thread? If you are thinking of other people there is no reason to even think of a solution because they won't implement it.

Stay in school.

1) Don't buy an IoT device in the first place.
2) If you do buy one, allow it access to the Internet.
3) If you do want to allow it access for some function you really want to use, then put it on a network completely isolated from your normal devices. I don't have step-by-step instructions, but you should be able to limit bandwidth, yes.

>>60903699
>Is there a way to physically limit the bandwidth used by a device?
It is called QoS you tard

>>60903855
>2) If you do buy one, allow it access to the Internet.

Don't allow it access to the Internet, of course.

>>60903792
>he can't pre heat the oven for tendies while sitting in his couch
Stay small faggot

>>60903822

And what do you do when someone else's toaster is DDOSing a hospital's ER system? A hospital you or your family member is staying at?

I don't care one bit about someone suffering for their own idiocy but that's not the case here. This is their idiocy causing others to suffer.

>>60903822
And then it burns down an apartment building you live in.

>>60903857

If someone is stupid enough to purchase an Internet-connected toaster, they're not smart enough to configure QoS.

>firewalls are hard

>>60904088
>he doesn't leave bread in the toaster when he goes to work with a task on his smartphone to activate the toaster when he gets close to home so he can have fresh toast the moment he walks in the door
Why live?

>>60903806

We haven't always had gigabit connectivity. There has been physical limitations in how much data could be sent.

Why can't we impose such physical limitations on IoT devices?

>>60903792
don't really need internet connectivity, but network connectivity might be good for controlling your range/oven from a wall panel rather than a batch of built in controls placed all too close to a hot burner.

Turn UPnP off on you modem/router. Don't expose your shitty designed IOT device: if you need remote access use vpn.

>>60904359

OP here.

I'm looking more from an industry standard standpoint, not a "what can am individual do" standpoint.

>>60903699
of course they can.
you could probably limit most IoT toys to a packet a second and it would work fine.

>>60904376
From an industry standpoint, don't make it so devices are accessible from the Internet until the user configures them. Don't open ports to the outside, don't UPnP to try get open ports.

But people would complain about the inconvenience.

>>60903792
>Why in the holy mother of fuck would you ever need to remotely operate a stove?
fuck you i would kill for programmable stove/oven

>>60904403

Important part is that it not be a limitation that a Chinaman or Eastern European kid could undo after having taken over the device.

>>60904446
That's not going to work and you know it. Economics of it won't tolerate requiring user to learn how to configure their toaster or condom.

>>60903699

>$30 in bitcoins

>>60904376
It's a good question. The industry mainly needs to actually think about security when they build this stuff. The initial thinking at the start of IoT was it doesn't matter if it has security, because they won't be browsing porn sites and if it breaks they can just buy a new one fairly cheaply. They didn't consider blackmail and DDoS.

Also, maybe people will need a "cable guy" sort of thing, a "network guy" to come to houses and set up networks and firewalls for IoT houses? I don't do a lot of hardware, network stuff, that's just a guess.

>>60904180
It could be done i.e. by changing the ethernet chip, but that's expensive overengineering and you'd probably have problems because it won't comply any IEEE standard.

You are focusing on the wrong problem. If my IoT devices were hacked, I won't give a fuck I'm part of a botnet. I'm worried by being watched through my own cameras or smart TV mic, having my house set on fire by my oven, or having my beer frozen by my fridge.

Botnets are a very small issue to be mitigated if you are hacked. Companies should not let your devices being hacked, period. It's expensive but Apple did it with Homekit right?

>>60904449
You do know most ovens sold in the last 20 years are programmable, right?

>>60904695

Different issues. You don't care if your device is part of a botnet but others that you're DDOSing do. Issue I'm looking to address right now is teens or nation states creating and using botnets of increasing size that can shut down almost any service.

Creating a new standard is absolutely an option here. The industry is new and retarded and will accept anything anyone with authority tells them to use if it won't create substantial long-term overhead.

>>60903699
every day I hate computers more and more

>>60903699
>if you don't support me on patreon you might never see retarded nonsense ever again!

>>60904118
>stale bread from letting it sit out all day

What about devices that are set up on a closed network only accessible from a terminal configured to send/receive only in a specific type of encryption designated by the user that doesn't read anything that doesn't fall under that criteria, only set up to send/receive data to a specific device (ie your smartphone, but could be anything, even a custom receiver) and reject all other traffic?

>>60903699
> after they get hacked
> Is there a way to physically limit the bandwidth used by a device?

Even an extremely low-bandwidth device can be hacked.

A much more important question is: Can its internet access be totally disabled?

I'm guessing that IoT devices will generally attempt one of the following:
- find an open WiFi connection if one is available
- use cellular or satellite connection
- use a new zero-config wireless system designed specifically for IoT (most likely in the long term)

So the question becomes: How can you shield your entire living residence from all of these?

Remember that some day it will be illegal to buy or possess appliances that don't have internet connectivity, so this problem will need to be solved eventually. "Refusing to buy" IoT devices is only a a short-term strategy -- eventually the price of black-market non-IoT devices will become so high that you won't be able to afford them, requiring an eventual blocking solution. (Remember that the real goal of IoT is total authoritarian government surveillance "to ensure the safety and security of the public", so market forces will be powerless to prevent the rollout of universal IoT.)

>>60904983
>his toaster isn't in an air tight container

>>60903855
>put it on a network completely isolated from your normal devices

It won't work that way.

In the future, IoT devices must eventually use a zero-config solution so that the wireless connection happens automatically.

In a future home with 250 IoT devices in it, there's no way you're going to be entering your WiFi password into each device separately. A zero-config solution is mandatory for large-scale IoT rollout. My guess is a new type of wireless standard specifically designed for IoT, designed to be zero-config so that internet connectivity will occur automatically without the need for user action.

>>60905125

The idea isn't to stop devices from getting hacked. It's to reduce the harm they're capable of when they're hacked.

>>60905378
>reduce the harm they're capable of when they're hacked.

Once hacked, the scope of the potential harm is almost completely independent of the bandwidth.

One byte per second is plenty of bandwidth to disable the appliance, cause it to operate unsafely, implement a ransomware attack, leak personal data, etc.

A person can be doxxed in 1KB of data. Transmitted at one byte per second, that takes only 17 minutes to upload. IoT devices are connected 24/7, so even transmitting one picture or one frame of video can be done in one day at that speed.

I don't need the CIA knowing what I have for breakfast. If we let the CIA into our kitchens next thing you know the CIA will try to kill us by overheating our toasters or microwaves.

>>60905516

Harm to *others*.

Again the topic is weakening botnets.

>>60903746
Imagine coming home to a burnt down house after a hacker cranked up your oven to 1000 degrees

>>60903699
>he buys IoT things that do not respect your freedoms both in software and hardware
>he does not put his IoT things behind a NAT or something
>he uses IoT things that use hipster technologies like JSON and HTTP

>>60906474
I bet you have an arduino hooked up directly to mains electricity for controlling your lights and other appliances

>>60904118
Agreed my dinosaur toast tastes like poorfag footjam

>>60905207
Sounds like a nightmare.

Can someone explain how an IoT device is "hacked"?

Say you have a garage door or fridge. Are there terminals and users built into these devices? Are they not running locked down proprietary software that only takes executable commands, and no writing?

Considering Normans can't even secure a Windows machine and it does that shit for you we are completely boned.

this has been a very entertaining thread

>>60907301

The shit tier security situation more often than not means these things are running fairly standard Linux installs, and nearly always have some web interface where you can logon, send commands, etc.

What we've seen with a number of recent botnets is that they usually also have SSH open, and usually accept a default logon, and that there's encouragement for a user to change that default logon.

It's no different to booting up a Raspberry Pi, enabling SSH and just putting it online with the pi/raspberry credentials.

The web interfaces vary from a spaghetti code PHP5.2 mess full of shell_exec() calls, to a CGI-bin interface with all the controls in C.

>>60906402
But that would be sweet sweet irony and just what they deserve for buying such bullshit

>>60907301

Teddybears now have Linux running on them that can be used as part of a DDOS.

File: juicero.jpg (319KB, 2000x1240px) Image search: [Google]

319KB, 2000x1240px

>>60903699

Bigger question: how is IoT useful in any way that justified the various headaches that come with them?

>>60907301

Have a look at your average router. The only real difference between the stock firmware and OpenWRT is that the stock one is closed source.

>>60903746
why would you even want remote start on your stove?

>>60907528
Most consumer routers run openwrt anyways

>>60905207
it'll be something like IoTivity's onboarding process, where you scan a QR code on the Thing, connect to the soft AP (automatable), and from there it'd be reasonable to have m2m communication so you don't have to manually punch in credentials.

>>60903699
Considering people are still comfortably using 200-300 year old tech to live their lives comfortably daily I'd say just don't invest in it. IOT is a terrible meme, it's widespread adoption would cripple our society.

>>60907863

It's *already* crippling parts of our society and it's going to get massively worse because we have the backend of most IoT shit made by Pajeets.

They're going to shit all over us regardless so we need to find a way to make the shit manageable.

>>60903699
I honestly don't see the point of connecting everything. I feel like it's just a buzzword to use as a motivation. Although it might improve our lives through big data collection. A lot of problems can be fixed easily if the source of these problems are analyzed over wide array of devices.

Security for IoT is impossible. You just need to accept the fact that we're always going to have a reset button on these.

>>60904695
>smart oven
literally WHY

How hard is it to set a fucking timer?

any news on that botnet that hunts down unsecured iot and routers and disables them?

doing the lords work if you lurk here vigilante

>>60907999
I can see that it could be useful in some very minor ways
>Check if the oven is on out of home
>Built in sous vide option
>Directly use temperature date for recipes

But these are just very minor to be considered.

>>60907988
Big data collection will cripple the lives of far more than it would help. It is an unambiguous evil in most cases.

>>60905130
>his toaster doesn't launch his toast out to land perfectly on his plate every time

>>60908038
How?

>>60908052

It's primarily used to monitor people and change their behavior into doing something that is in the best interest of either the company, law enforcement, or national security. It deprives people of agency by design in most cases. A few cases such as self-driving cars for the elderly is the exception, not the rule.

>>60908142
>It's primarily used to monitor people and change their behavior into doing something that is in the best interest of either the company
Opposite is true for this part. They want to ride the interest wave.

>>60908157

Who else will be doing the big data collection that otherwise wouldn't happen without parasitic commercial voyeurs?

File: the internet of things.png (227KB, 1300x731px) Image search: [Google]

227KB, 1300x731px

How to make skynet.
Wait for this to be a common thing, hack nsa and get the backdoors, run a distributed simulated neural network thousands of times as powerful as the human brain, also hooked up to the internet, happy end of the world.

>>60908049
>His toast doesn't pop up, and hit a switch, which triggers a complex series of mechanisms, which fries my eggs, cooks my bacon, and pours my orange juice.

>>60907526
This is now the most retarded thing I've seen to come out of memeicon valley