Thursday, July 31, 2014

The 'Internet of Things' is shaping up to be a security nightmare

In our most recent 'Around The Blogs' segment we linked to Karl Denninger discussing the very real security threat posed by the so-called 'Internet of Things'.  Now the Telegraph reports:

The Internet of Things (IoT) has connected everything from smoke alarms to fridges and cars, making life easier and safer – but it has also given hackers a new way to attack their victims, warns HP.

In a study of the ten most popular IoT devices (which it did not name in its report) HP found 250 potentially dangerous security vulnerabilities.

The devices came from manufacturers of TVs, webcams, home thermostats, remote power outlets, sprinkler controllers, hubs for controlling multiple devices, door locks, home alarms, scales and garage door openers.

All of the devices included remote smartphone applications which were used to control them.

It was found that 90 per cent of the devices collected personal information, 70 per cent transmitted that data on an unencrypted network and 60 per cent had insecure user interfaces. Eight out of ten failed to require a strong enough password.

There's more at the link.

The real danger is that these devices inside your home are also inside the firewall provided with your wireless Internet router - in other words, if they're designed or programmed with malicious intent, you'll never know it until after they've done their job and compromised your security.  In fact, unless you have very good tracing programs, you may never know that your security has been compromised.  Think about it.  In the not too distant future your light dimmer switch, or your TV remote, or your refrigerator, may be storing every login ID and password you use over the Internet, storing them, and sending them to a remote site either on a fixed schedule or on command.  So much for your online bank accounts . . .

Personally, I'll be avoiding anything linked to the 'Internet of Things' like the plague - and if I can't avoid buying a 'connected' item (because there are no alternatives), I'll be disabling its connectivity first thing, if necessary with a knife or a pair of pliers.  I'll also be using the most comprehensive monitoring software I can afford, to track anything in my home that's trying to call out - and stop it.



Jennifer said...

You mean, having my fridge connected to the net is BAD idea. Who could have possibly seen that coming?
I have a dumb fridge. It's not even connected to the water line.

Rev. Paul said...

It's bad enough having a TV & blu-ray player which connect wirelessly. At least they don't do it until I tell them to ... but I'm with you.

Wirecutters sound like a better idea.

Eric Wilner said...

Just to make things even more interesting: I've been noticing a lot of unsecured WiFi access points with names suggestive of wireless printers.
So... devices that get taken home (or to the office), set up indoors, maybe connected via Ethernet, and sit there looking like default WiFi access points with, apparently, no security... and who-knows-what access to the internal network.
Ain't we got fun!

Sevesteen said...

It isn't necessary to entirely forego nifty networked stuff...Better home routers can set up a second guest network that can't access the main network directly. Give this sort of thing guest access only, and if someone gets control of your wifi lightbulb they have no advantage over someone on a completely separate part of the internet.

Corporate networks have used this for years--We run a bunch of virtual networks, traffic from one virtual network has to go through the router and firewall to get to another--just like traffic from the outside world.

A much bigger problem is the home router itself, and that ordinary users won't keep them updated or even set them up with basic security.