Device manufacturers who are sticking internet connections into everything from TVs to toasters need to lock down their systems with strong authentication, Google's chief internet evangelist Vint Cerf warned the RSA keynote audience. Cerf said he was "frankly astonished" at the range of devices that now come with an internet …
Vint Cerf: He cited the use of internet-equipped air-conditioning systems. If a hacker could get control of the nation's aircon units, and cycle between shutting them down and whacking them up to full, you might be able to crash the US power grid, Cerf suggested.
Why would you ever put them on a publically accessed net? Aren't there personnel on station to adjust the settings? Like 24/7 at a power plant?
Is he making a problem so he can sell us the solution?
No. The industry has created the problem, he's just pointing it out.
Even IF you only put it on an internal network, that network is still susceptible to using an intermediary to "hop the airgap," as we already saw with the Stuxnet attack on Iranian enrichment operations. That said, you are being FAR to optimistic if you think that it will even be properly airgaped, best you can hope for is that it will have a non-routable IP, trivial for a Stuxnet style attack.
Also, what does the power-plant being staffed 24/7 have to do with the A/C at department stores and office buildings which are NOT staffed 24/7, and infact use programmable thermostats to lower power consumption when unoccupied?
I guess my question is why even hook these devices up to ANY net. Not to sound too much the Ludditte, but mankind has prospered for centuries without remote control of air conditioners. I understand that there may be some savings involved, but the first time a successful attack occurs, you may find yourself doing a realistic cost analysis of what that cost versus manual control of those systems. And take into account Total Cost of Operation of them, personnel, hardware, electricity, software and then whatever the attack cost you. I dare say a trained person at the control panel would be a hell of a lot less...
Everything doesn't need to be plugged in. I have a Rolodex with all my contacts/numbers, for example. Not only does it *never* fail, it is faster than looking them up via software...
I also use programmable thermostats. None are connected to the net.
"Even IF you only put it on an internal network, that network is still susceptible to using an intermediary to "hop the airgap,""
That's it! It's Battlestar Galactica mode from now on. Henceforth, communications will take place only via little slips of paper sent through pneumatic tubes! Regrettably, this means I will be unable to further discuss the issue. It has been a pleasure working with you, gentlemen.
The "personnel on station" are the end users. These are devices for home use, "tell your home to prepare as you drive, and it's comfortable, your favourite music is playing, and you meal is ready when you arrive". The only way these will get secured is if the manufacturers build in security as the default.
I suspect that the novelty of arriving home to a cacophony of pets disturbed by the sudden music who have eaten the toast again and an enormous electricity bill because the windows were left open will quickly wear off, but by then the devices manufacturers will have made their profit, and the devices will still be vulnerable when you are not using the features.
Little slips of paper sent through pneumatic tubes
That's how it was done in 1984, and down the memory hole.
I suspect that the novelty of arriving home to a cacophony of pets disturbed by the sudden music who have eaten the toast again and an enormous electricity bill because the windows were left open will quickly wear off,
Yes, but the ultimate goal is that you don't ever have to go home. You will be able to do everything you normally do, including watching TV with the security camera's over the net, that it will be possible for you to stay at work 24/7.
"Yes, but the ultimate goal is that you don't ever have to go home. You will be able to do everything you normally do, including watching TV with the security camera's over the net, that it will be possible for you to stay at work 24/7."
Such is modern life. We have ansamachines to speak to people we don't want to talk to. We have PVRs to watch TV we dont want to watch. We have freezers to store food we have little intention of eating. We have social networks for dealing with people we don't want to meet in person. We have inboxes for messages from people we don't want to hear from. Now we're heading towards having machine doing most of the living in our houses that we're not in most of the time.
It's all very convenient!
WTF? ... Is he making a problem so he can sell us the solution? .... Cipher Posted Thursday 28th February 2013 00:32 GMT
FFS, Cipher, wake up and smell the Java, son, there isn't a solution to such problems, only accommodations to be made to encourage not too disruptive a creative application/novel and noble use of the leverage which can be discovered/gained/realised.
And you definitely don't want to be messing and fcuking around with anyone capable of providing such fare, for the horrendously expensive grief that that foolishness would cost would, just isn't worth it whenever so much be freely available to all taking the easier routes with smarter roots access.
And if Vint Cerf doesn't already know that, then would he be as a puppet in the system rather than a master pulling strings.
I believe you can now get Electric Monks to do your believing for you too...
Me, I find the best way to deal with the internet of things is to leave them in the shop. It turns out that the timer on the heating works really really well, and after only thirty-two years working for the BBC I've finally located the remote control for the telly.
Ah so your one of these homeless bods who never leaves his house right?
Why even hook these devices up to ANY net?
"I guess my question is why even hook these devices up to ANY net."
It's a valid question for toasters, but for large buildings, building services networks that cover fire and intrusion alarms, door locks, heating, air con, ventilation and other devices are already common. Remote access for building managers outside normal hours is a common requirement, so security and authentication are very essential. Ultimately, I expect all this will trickle down to private homes too. Your house might well tweet you about a flooded basement one day.
@ADG - isn't that what the wide's for? Ok, the running costs are greater, and she's not overly reliable, comes with no warranty...but what the heck, at least she can't be hacked.......put that knife down dear and step away!!
<<hope the missus doesn't read TheReg>>
"tell your home to prepare as you drive, and it's comfortable, your favourite music is playing, and you meal is ready when you arrive"
Usually, a wife can already do all that. Just need to be nice to her...
Meanwhile in other news....
Today, the city of London was rendered uninhabitable after the hacking group anonymous took control of all the internet enabled toilets in the city and caused them to flush at exactly the same time causing all the sewers in London to overflow.
I like how you can tell a amfm post without looking at the name :)
Re: WTF? (@ sabba)
You should really hope your wife doesn't read this, with your typo of "wide" in place of "wife"
Re: WTF? Why would you ever put them on a publically accessed net?
Because there are Darwin Award candidates that must have the latest cool thing, and there are mobile apps that allow remote control of your air conditioning equipment. (I saw one recently demoed on This Old House). Their HVAC guy made a big deal that you could adjust the settings with a mobile phone or tablet over the internet.
As to the intelligence of connecting such devices to the 'net, well, it will just be a case of 'in the eye of the beholder'.
Re: WTF? I guess my question is why even hook these devices up to ANY net.
I guess you would like to run around up and down the elevators adjusting thermostat settings in a large high rise office building, so, could I just suggest a two word response to your question: building automation.
There are many buildings of recent vintage that have both their aircon and lighting remotely controllable from a building automation net.
Re: Your house might well tweet you about a flooded basement one day.
Recently, while watching a Hometime episode about this remote cabin they have in northern Wisconsin, the subject of power failures in winter came up. Those that live in such climates already know that if your house freezes, a burst water line is a expensive repair job. So, if you do own such a property, being able to get some kind of status notice (like one of a power failure) may reduce the potential for damage. Similarly, a home security system for a luxury cabin that is unoccupied for extended periods of time that can be remotely polled in th even of an alarm may help prevent false alarms, and assist in identifying burglary suspects. (Think streaming the real time video to a cloud server, or to the local,PD.)
I am not stating that connecting such devices to the 'net is bad; just that they need to have security designed into them from the very beginning.
Re: I guess my question is why even hook these devices up to ANY net.
People have been working on it since around the time that toaster got connected to the internet. My second real job was for an outfit called SMART HOUSE, LP (now defunct). This is something they would certainly have included in their home automation package. It would have been marketed as part of the energy savings package. They'd also have included teasers about being able to phone home to make sure the air conditioner was off/higher temp if you suddenly were worried you forgot to change it before leaving the house. They were a bit more concerned about security than it sounds like these manufacturers are. In fact, they killed part of their planned phone automation system because they realized it opened a break-in liability issue.
Granted in the end I'm with you (I never could work out a cost/convenience justification), and given they went bankrupt about a year after I left apparently not many consumers did either, but that doesn't mean people aren't working on it. And at the low prices for internet connectivity these days, I can see manufacturers throwing it on without a lot of strategy thought.
Re: because the windows were left open
But NOT if you buy our NEW and IMPROVED:
AUTOMATIC HOME WINDOWS!!!
If you're on the traveling and you it suddenly starts to rain, or even if you just wonder if you didn't close up all the windows when you left, it's no problem, Just use your shiny Windows 9 Smart Phone to call your SMART house and tell our iOS HOUSE Windows to close!
Re: because the windows were left open
Note: WINDOWS BURGLAR SECURE is an option extra for AUTOMATIC HOME WINDOWS. The company is not responsible for unauthorised ingress or complete trashing of your home.
Confused by endless conflicting configuration screens? Get our ULTIMATE SECURE CONFIGURATOR and say goodbye to gaping security holes because of stupid configuration errors.
You know, there might be an endless market here...
Vulnerable (to sneakernet attacks) but rather low risk
Securing your toaster and a/c to prevent them spamming is awkward.
tl;dr: an internet of things is more trouble than its worth.
The problem is not authentication or lack thereof
but rather the bugginess of embedded systems, Internet-connected or otherwise, manufacturers' unwillingness to expend engineering work to issue patches, and the logistic intractability of managing patches for all the devices out there. We've seen makers of expensive SCADA controllers wash their hands of the problem, and even lowly printers have turned out to be attack vectors.
Authentication won't solve the problem. Strict product liability laws that force manufacturers to fix bugs would be a first step, and it's encouraging the FCC recently compelled HTC to release Android security updates for phones they'd just as soon not want to support.
One option could be to require devices to disable themselves 6 months after their last autoupdate, and to require manufacturers to support devices for 7 years after EOL just as they are required to for spare parts.
Re: The problem is not authentication or lack thereof
"Strict product liability laws that force manufacturers to fix bugs would be a first step, and it's encouraging the FCC recently compelled HTC to release Android security updates for phones they'd just as soon not want to support"
Yeah right, good luck enforcing that. And in the context of Cerf's point, you obviously don't know where air con units (and everything else) are manufactured. Ever heard of a place called China? Updates could be more dangerous than the stock firmware.
shut off internet access for my toaster?
But then how am I supposed to read my morning emails?
Re: shut off internet access for my toaster?
What do you think the waffle iron is for?
Just because you can, doesn't mean you should.
One hack on your home aircon setting it to 0deg while your at work for the day could lead to a very large electric bill in the heat of summer. Honestly, a simple programmable thermostat works a treat and can be replaced when it flips over on its back and twitches its legs for just a few quid.
Re: Just because you can, doesn't mean you should.
"it flips over on its back and twitches its legs for just a few quid"
Taken out of context, that line has an entirely different meaning.
The need for central control
Quite a few commentards seem to overlook the need for central control of demand and the benefit that it can provide.
The overall demand for electricity is variable. Storage is expensive and output modulation of the most efficient generators is a rather slow. If part of the overall demand can be made adjustable, being advanced or delayed as appropriate to smooth out fluctuations, this can improve regulation and reduce the cost of supply.
Given that the variability of wind power will have to be factored in to the grid, the problem of mismatch between supply and demand will become more acute. Already some large customers pay a reduced price in return for sometimes being shut off at times of peak demand. If the grid ever becomes truly 'smart' this sort of cost saving through switched supply will become fairly widespread.
Re: The need for central control
"Quite a few commentards seem to overlook the need for central control of demand and the benefit that it can provide."
And some commentards overlook the simple concept that I pay for electricity, plus a range of taxes and government levies on top, and I expect the industry to meet my demand when I want it. Speaking as an employee of a power company, I can assure you that's neither difficult nor particularly expensive to match demand and supply and suits almost everybody. The high costs and malign impact of renewables certainly make things more difficult and expensive, but the operational problems are surmountable.
If self-selected people are willing to have the plug pulled on them at the convenience of the grid operator, then I certainly wouldn't deny them that choice, but I'd draw your attention to the pathetic squealing by "interruptible gas" customers last winter, who wanted the low price of such a supply, but then weren't happy when their bluff was called.
The "benefits" of centralised control of demand are dramatically overblown by those who think it would be good to control how others live their lives. So leave me alone, and go turn of all your power consuming devices at times of high demand. I'll be warm, you can be smug, and we'll both be happy.
Re: The need for central control
"And some commentards overlook the simple concept that I pay for electricity, plus a range of taxes and government levies on top, and I expect the industry to meet my demand when I want it."
While I agree that no good can come of ceding control of a service to an entity centred on making a profit from your use of those services. This assumes that the price you pay for that service is actually the true total cost of using it. When it involves a finite resource of unknown total quantity that has both in increasing demand and increasing side effects inside and outside the borders of sellers domain it's a bit difficult to calculate.
Coal and Natural Gas are essentially free. They exists already. Any charges are based entirely on extraction costs (which are largely based on safety legislation) and taxation (which are largely based on greed legislation).
Re: The need for central control
"Coal and Natural Gas are essentially free. They exists already. Any charges are based entirely on extraction costs (which are largely based on safety legislation) and taxation (which are largely based on greed legislation)."
How's that different to anything else, resource wise? Wheat "just grows", and the only cost is the extraction cost plus seeds and planting (for which cf. oil and gas exploration). You can argue the farmer wants a return on his land and labour, again, no different from rent seeking by the government that controls the energy reserves and the costs of extraction. Even sunlight and wind are "free", but that doesn't make solar PV or wind energy free.
Its already reality in Sweden
Here in Sverige, a relatively progressive country in terms of tech adoption, the ability to remotely interact with your house is already being advertised to Joe Public by the utility companies. Pundits are being sold the notion of controlling light switches and heating via their mobile phone whilst abroad. Personally I cannot see the usefulness of this *ever* being balanced against a nagging worry about potential vunerabilities.
Re: Its already reality in Sweden
Never mind the vulnerabilities, when there's the cost.
Let's overlook the cat 5 all round the house, and assume you're using a pre-existing wireless router. Assume the app and smartphone elements are zero marginal cost, and you've still got to install a wireless lightswitch that will cost more than if you left the light running for an entire year.
The whole thing is a solution searching for a problem, a bit like smartmeters. Except that smartmeters have been mandated across the EU as yet another means of impoverishing the continent to please a few eco-twerps in Brussels.
Great, spam from the toaster...
RE: Would you like a waffle?
Would you like a bagel?
I am Nigerian baker. I have 500000 tons of flour I need to move out of the country. Please send $500 asap for a 10% share of the profit.
Re: Great, spam from the toaster...RE: Would you like a waffle?
No more likely your toaster will serve up targeted advertising burned into patterns on your toast touting the benefits of some shitty product.
Re: Great, spam from the toaster...RE: Would you like a waffle?
Quick - patent that!
You'll make a fortune (by suing the first company that tries to implement it!)
While an internet fridge isn't much of a threat...
Vint, what's the IP of your fridge. I'll check your grocery list and find the perfect temperature to turn something into poison (botulism would be the ultimate,) then I'll tell your fridge to kill you, and everyone downwind.
An internet fridge isn't much of a threat, HA!
How to burn someone's house down using TCP/IP
I heard a talk at DNSCON a few years ago, by someone who had managed to upload firmware to a window blind control motor which caused the thing to drive in both directions at once, resulting in smoke being emitted. Having a very hot motor underneath window blinds is one way to burn someone else's house down using TCP/IP. The earlier model had a hardware lock preventing this, but software control will inevitably be cheaper.
Pretty obvious reason for flame icon.
Re: How to burn someone's house down using TCP/IP
"software control will inevitably be cheaper"
In the case of Therac-25, of course, the cost of pure-software control was three patients killed. Small price to pay to save a few cents per unit by not having hardware interlocks. And that case didn't involve network hacks either.
Busy afternoon that day...
...plotting how to exterminate the human race through internet-enabled home appliances.
When does Mr Cerf get his own underground lair? Can I be a henchman?
"Why would you ever put them on a publically accessed net? Aren't there personnel on station to adjust the settings? Like 24/7 at a power plant?
Is he making a problem so he can sell us the solution?"
Aircon is one example, but there are plenty of things that require outside connections - monitored alarms for instance. One could well envisage a scenario where neer do wells could cause chaos by tripping every monitored alarm in London. The monitoring firm (who would normally call the Police or their Security patrols) wouldn't know where to send Police or Security, and the noise pollution could cause substantial public concern or panic. Conversely it's conceivable that an alarm could be nullified with a man-in-the-middle attack or simply by being hacked into, allowing burglars access to a lucrative target at their leisure in the safe knowledge they won't be disturbed because the monitoring centre won't be getting any calls from the alarm box. Same could apply to remote access CCTV on campus sites and inserting a false video stream (21st century equivalent to putting a photo in front of the camera!).
Of course controlling your heating and lighting from your phone to "save energy" is pointless in a domestic scale. In larger buildings it might be a serious cost saving. One that would be offset by having staff wandering around turning them up/down in the evening and morning - far more efficient to monitor from a central location, which can also spot anomalous behaviour and call a service tech, ideally before the office gets to sweltering point and someone takes the time to put in a call.
$120 to control your Home heating remotely from your smartphone
I came across a wi-fi enabled Home Thermostat just this weekend - if my wife ever comes across it, she'll buy one and insist that I install it so that she can turn the heat up before she goes home.
Verizon is also pushing "Home automation and control" for an additional $10 a month -
(you pay extra for the actual hardware - the $10 only get's you permission to use the control panel!)
IOT is coming. Who will control it?
Whatever it is ultimately called, the IOT will come. Of that you can be sure. It is, in a sense, already with us.
Security is indeed a problem, but the problem is inherent in how we do security, not in the IOT. Properly secured, an IOT world would be safer than a non IOT world. It would also be faster, cheaper and easier.
The number one problem confronting us with the IOT is not the technical failings of our security (though they be many). Those can and will be fixed (made 'good enough'). We have a profound problem of governance that is getting worse with each passing day. Bad players like the MPAA, the RIAA, corrupt/lazy/incompetent politicians and people worse than that have had the citizens of the Internet under attack for some time.
Any techie managing his own local network can see that most of the world could easily and cheaply be connected at Gigabit speeds. The drag on our systems imposed by rent seekers like the telecommunications cartels is obscene. The disparity between what is technically feasible and what is actually possible grows larger every day.
If you had told me forty years ago that I would one day live in a world where it was possible to give every intellectual artifact possessed by humanity to every child in the world for the cost of a few books *and* that we chose not to do so, I would not have believed it ... and yet here we are ... poised on the brink of a magical world and being held back by fools and bullies who are so mean spirited that they would rather we live in a lesser world so they could prevent the rest of us from enjoying abundance that rivals their own.
One need only look to the infamous 'salt laws' to see that those who seek power are not above telling your refrigerator to spoil your food if you don't pay yet another arbitrary hike in pricing. Not only should those guys not be in control, the Darl McBrides of this world should be charged, tried and serve a sentence that denies them access to the commons until they mend their ways.
The "Internet of Things"...
... needs to be beaten to death with the Salmon of Correction.
"... needs to be beaten to death with the Salmon of Correction."
The way this week's been going it needed a dose of the surreal.
Thank for telling us of your spoons.
- iPad? More like iFAD: We reveal why Apple ran off to IBM
- +Analysis Microsoft: We're making ONE TRUE WINDOWS to rule us all
- Climate: 'An excuse for tax hikes', scientists 'don't know what they're talking about'
- Analysis Nadella: Apps must run on ALL WINDOWS – PCs, slabs and mobes
- Apple: We'll unleash OS X Yosemite beta on the MASSES July 24