Sign in / up

back to article Wi-Fi standard could make Internet of Things things even easier ... for hackers

A new standard for Wi-Fi for IoT devices may create yet more ways to attack vulnerable kit, according to a security consultancy with a storied history of hacking into internet-connected gizmos. Many legacy IoT products – thermostats, remote switches, burglar alarms, weather stations etc. – already communicate in the sub-1GHz …

COMMENTS

Post your comment
House rules Send corrections
Add to 'My topics' unstar *
  1. TeeCee Gold badge
    Stop

    Wasn't it bad enough already?

    We see an ever growing set of "things", all of which have one thing in common. The security's shit and the chances of regular patch updates to fix 'em is slightly lower than that of ice storms in hell.

    And you'd want to connect them to your LAN why exactly? Is there a name for this particular insanity?

    18 2 Reply
    1. Anonymous Coward
      Reply Icon
      Anonymous Coward

      Re: Wasn't it bad enough already?

      Should I ever actually find a use for any of this IoT snake oil, it sounds like a good use for the "guest" network - at least it'll be on a different subnet from the rest of the LAN, where it shouldn't be able to cause too much chaos when its bug-riddled instantly-abandoned firmware ends up being exploited.

      0 0 Reply
      1. sysconfig
        Reply Icon

        Re: Wasn't it bad enough already?

        "at least it'll be on a different subnet from the rest of the LAN, where it shouldn't be able to cause too much chaos"

        If you trust your home router to be secure enough. I wouldn't trust any consumer-grade (or even ISP-provided) wireless router much further than I can throw it.

        The point being made is, though, that the IoT devices get a better range using 802.11ah than they previously had ("bulky RF antenna may not be required any more"). Pair that with bonkers security of the IoT device itself, and the attacker might just be able to talk directly to it using their wireless kit in the car outside, bypassing your home networks altogether. Your main wireless network may still be out of reach for them - for the time being - but your heating is switched off for good, your smart meter will read 10,000kw/h extra next month nonetheless, the toaster is frying itself and your fridge is spending a lot of money restocking itself from a bunch of local grocery deliveries. And when you leave the house in rage, your alarm system says engaged, but the attackers (and burglars) know it's not...

        This may sound exeggerated now, but wait a couple of years. If ignorance towards security prevails (and it will) and people connect all sorts of appliances, this may just be the beginning.

        *grabs coat to flee from IoT enabled robots* ;-)

        6 0 Reply
        1. TheOtherHobbes
          Reply Icon

          Re: Wasn't it bad enough already?

          > This may sound exeggerated now

          Getting IoT security wrong makes it easy to kill people and destroy property.

          Losing money to a hack attack is trivial in comparison to the country-wide infrastructure damage a mass IoT attack could do.

          It's literally a national security issue.

          4 0 Reply
        2. LewisRage
          Reply Icon

          Re: Wasn't it bad enough already?

          "I wouldn't trust any consumer-grade (or even ISP-provided) wireless router much further than I can throw it."

          Whilst I understand your point the router I got from plusnet has a pretty good throwing weight. I reckon i could get it down the garden and over the wall fairly easily.

          The cisco I actually use is much heavier, I could barely chuck it halfway down the garden I reckon. Although with a couple of Cat5's plugged in and thrown like a hammer I could probably put it through the neighbours back window.

          6 0 Reply
    2. Chris King
      Reply Icon

      Re: Wasn't it bad enough already?

      "And you'd want to connect them to your LAN why exactly? Is there a name for this particular insanity?"

      It's probably buzzword-laden gibberish that translates to "Oooohhh, shiny."

      6 0 Reply
  2. Mage Silver badge
    Devil

    Madness

    It's simply adding a USA UHF ISM band.

    Pointless.

    If these things are made, then idiots will import them to Europe, add booster amps and Yagi aerials sold for fixed GSM 900 (common rural Internet in Czech republic in the past) and cause havoc to European GSM and 3G (Some operators are migrating 900MHz gear from GSM to 3G/HSPA, trials started some years ago).

    Consumer Electronics seems to :

    A) Lost the plot.

    B) Not be properly regulated.

    C) In Europe not enough "in the Retail Market" Policing. Many "approved" devices are not the same as the one approved, or tested incorrectly (Power line networking) or simply fake labelling.

    2 3 Reply
  3. Anonymous Coward
    Anonymous Coward

    IoT?

    These seems to be a lemming like rush into this with those apparently sexy Samsung IoT connected fridges etc at the CES.

    Yet so far I don't know of an IoT widget that is even half secure.

    IoT === Idiots or Twats. Don't know which. Either way those that fall for this current flavour of jungle juice certainly have more money than sense.

    all I do know is that I won't have any of this crap in my house for at least 5 years. By then there might be some sort of security standard in place.

    4 1 Reply
    1. imanidiot Silver badge
      Reply Icon

      Re: IoT?

      Idiotic Twats

      1 0 Reply
      1. LewisRage
        Reply Icon

        Re: IoT?

        Idiot O'Twats?

        2 0 Reply
  4. Anonymous Coward
    Anonymous Coward

    Back of the net!

    Knowing me Alan Partridge, knowing you 802.11 aha! (low)

    can we expect all future reporting of HaLow to incldue Partridgisms? ... or is this too frivolous for the new "seious" register?

    0 2 Reply
  5. W Donelson

    Internet of ....

    https://gyazo.com/71fb3c6f6d0f0ac69b3e12924a368bd5

    0 0 Reply
  6. Anonymous Coward
    Anonymous Coward

    Attack!

    It's like a committee sat down and said "How can we make the attack surface as large as possible?".

    4 1 Reply
    1. Preston Munchensonton
      Reply Icon
      Boffin

      Re: Attack!

      No, it's like the committee asked the question about how to address longer range WiFi access. Given all the focus on higher and higher bandwidth options (like 802.11ad), this is really a welcome change to introduce WiFi that will gladly work over much longer ranges (and through walls) than any of the other iterations available.

      1 1 Reply
      1. Anonymous Coward
        Reply Icon
        Anonymous Coward

        Re: Attack!

        Four years ago I was in a rented house with a Worcester wifi boiler/thermostat. When the climate went cold and foggy it stopped working. I took the stat off the wall and propped it on a shelf in the next room and it worked again. The logical explanation seemed to be that it stopped working because the direct path between the two devices went through two brick walls at an angle and about four foot of moisture-laden outdoors.

        (Were it my house I'd have had a wired setup).

        1 0 Reply
  7. tiggity Silver badge

    IOTat

    <grumpyoldgitmode>

    I don't want a web enabled kettle, fridge, lightswitch or whatever the **** other simple household item is now available IOTified.

    Can we go back to properly constructed kit instead of shoddy tat based on razorblade model, e.g. kettles.

    The ones that were commonly avaiable base models back in the day, designed for a long life, where, when the heating element gave up it was possible to remove it and add a replacement & hey presto working kettle again.

    I remember a kettle my parents purchased when I was a kid, lasted over 30 years (with elements replaced as required) until some of the welding finally failed & began to leak where spout joined body so had to be replaced.

    Not this full circle mode where a v. expensive (well over a 100 quid) Dualit is advertised as "ground breaking" for having a replaceable element

    </grumpyoldgitmode>

    5 0 Reply
    1. Mike 16
      Reply Icon

      Dualit Duplicity

      --- Not this full circle mode where a v. expensive (well over a 100 quid) Dualit is advertised as "ground breaking" for having a replaceable element ---

      I actually would not mind that obnoxious advertising if I was actually able to buy a replacement element. When mine died (about 4 years in), I went to their website, and email support, and phone support, only to find out that they have no idea what element they would ship to the US, to work on our 120V mains. Almost as if they forgot they ever shipped such a toaster.

      Yeah, we won't even get to the fact that my gran's old tilt-toaster circa Great War, still worked well enough in the 1970s to do my toasting, before I could afford a new one.

      0 0 Reply
  8. Andrew Jones 2

    At least 2 mobile operators use the 900MHz band..... I doubt they will be terribly happy about a sudden influx of equipment that could cause interference to their signals.

    0 1 Reply
    1. Preston Munchensonton
      Reply Icon
      Boffin

      900Mhz Band isn't one big channel

      For licensed bands, there's no reason to be concerned. Illegally operating on a licensed band isn't something that any manufacturer will take likely, with fines and unwanted publicity effectively killing their business model.

      It's also not as though this is some US-only standard exported to the world. The IEEE has lots of really smart people who live in throughout Europe and that has to be accounted for in their standard.

      0 0 Reply
  9. DerekCurrie
    FAIL

    IoT: The idIoT Tech of the 2010s

    I understand the motivation to push out the crap into the market as fast as possible, ignoring the security implications. But you'd think the moronic companies pushing this crap would notice that ignoring their crap's security is the equivalent of stabbing themselves in the head. It's self-destructive. It's:

    Short-Term-Thinking,

    Long-Term-Disaster.

    How fitting for our age. :-P

    0 0 Reply
  10. martinusher Silver badge

    Just a FYI

    The original use for WiFi was infrared communication between devices such as laptops. The protocol will work anywhere.

    Don't confuse the MAC protocol -- the thing that manages packet flow -- with the underlying data coding (which is itself somewhat intelligent).

    0 1 Reply

POST COMMENT House rules

Not a member of The Register? Create a new account here.

Forgotten password ?

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like