I admit I LOL’ed when I saw this 😀 What else could go wrong, I wonder?
|
|||||
|
We are developing the social individualist meta-context for the future. From the very serious to the extremely frivolous... lets see what is on the mind of the Samizdata people. Samizdata, derived from Samizdat /n. - a system of clandestine publication of banned literature in the USSR [Russ.,= self-publishing house] Authors
Arts, Tech & CultureCivil LibertiesCommentary
EconomicsSamizdatistas |
The Internet-of-Things! What could possibly go wrong?October 5th, 2016 |
 14 comments to The Internet-of-Things! What could possibly go wrong? |
Who Are We?The Samizdata people are a bunch of sinister and heavily armed globalist illuminati who seek to infect the entire world with the values of personal liberty and several property. Amongst our many crimes is a sense of humour and the intermittent use of British spelling. We are also a varied group made up of social individualists, classical liberals, whigs, libertarians, extropians, futurists, ‘Porcupines’, Karl Popper fetishists, recovering neo-conservatives, crazed Ayn Rand worshipers, over-caffeinated Virginia Postrel devotees, witty Frédéric Bastiat wannabes, cypherpunks, minarchists, kritarchists and wild-eyed anarcho-capitalists from Britain, North America, Australia and Europe. CategoriesArchivesFeed This PageLink Icons   |
|||
All content on this website (including text, photographs, audio files, and any other original works), unless otherwise noted, is licensed under a Creative Commons License. |
|||||
Rule number zero, if untrusted users have access to the console you’re GOING to need astroglide.
And, in perhaps a more serious example of how it can go wrong, http://www.theregister.co.uk/2016/09/26/brian_krebs_site_ddos_was_powered_by_hacked_internet_of_things_botnet/
The newly preferred term is the “Botnet of Things”, or BoT.
I wonder when some TV-making company, maybe Samsung, will have a system that changes incoming commercials so that rivals never appear on the screens of its’ products? Would customers know, or worry?
Related:
😈
At the very least things are going to need software updates to patch security problems as they are discovered. And it has to be completely automatic. I don’t see people manually updating the firmware in their lightbulbs. Even people who know better are liable to choose convenience over security when they have to get the job done.
Here is a comment from the Reg article about IoT DDOS: “IoT should be banned. Trouble is finding a politician in the UK who understands.”
Here is another:
That last one makes it sound so easy. Even I don’t know how to easily stop a particular device from being hacked. NAT should stop incoming requests, but these devices dial out and phone home. If I did stop them doing that, they might stop working altogether, or fail to download updates. Never mind the increasing IT support needed for my family, friends and neighbours. Not going to happen.
An IoT device is not fundamentally different from a computer. Most people’s computers run Windows, OSX or Ubuntu and it is increasingly hard for an ordinary user to fail to install security updates.
But there will for a while, at least, be manufacturers who just make cheap junk that is completely insecure and able to do damage.
I don’t know what the solution is but it won’t come from the state and it won’t come from educating users. Possibly there is is market or game-theory solution, or some technical thing the ISPs could do. Or it will be a perpetual low-level annoyance like spam.
The attack suffered by Brian Krebs was relatively “small” when compared to that suffered by OVH:
https://twitter.com/internetofshit/with_replies
If “things” are doing real measurable damage there is presumably potential for lawsuits – particularly Stateside.
Once the manufacturers understand the legal and financial risks they’re running, perhaps they will either fix the “things” or stop making internet-connected “things” at all.
The latter, imho, would not be a problem.
Kickstarter is touting an IoT Invention Kit, so you can make your own IoT devices. That genie isn’t going back into the bottle.
Most every illicit capture of an IOT device happens because buyers neglect to read the manuals and re-set device passwords from their default state.
Drive along any suburban street with your laptop running, and you’ll see all sorts of signals coming in. Chances are, for 90% of them, the password is still set at “admin” or “12345”, the two most common default settings.
Bobby b, I have the same combination on my luggage.
From the local Energy Usage Supervisor:
Ah Mr. de Havilland, I see you have the coldness dial set way too low on your new refrigerator. You are using too much electricity, so in the name of Gaia, I am re-setting it to a more appropriate, warmer level. Hmmmmm, I can also see your household thermostat is too high, I will lower it so as to reduce your carbon footprint.