I can only repeat a comment I've made before. Consumer items usually have various certifications before they go on sale, e.g UL. The certification authorities need to incorporate checks for crap like this in the certification process. Fail and they don't get their certifications.
Internet of Things 'smart' devices are dumb by design
Princeton boffins have looked at the networking behavior of a bunch of Internet of Things kit and found – stop me if you've heard this one – device makers aren't paying attention. The pair, PhD student Sarthak Grover and Center for Information Technology Policy fellow Roya Ensafi, say the devices they tested obey the rules of …
COMMENTS
-
-
Wednesday 20th January 2016 00:11 GMT Anonymous Coward
Won't happen. The internet of tat has to be cheap or the punters won't bite. Consumers don't understand security and don't value it at all.
Even assuming the certification means jack shit, after point of sale the vendors will spend exactly zero on support, so security will become progressively worse over time. Anything more will eat into the margins.
-
Wednesday 20th January 2016 00:26 GMT Fazal Majid
Do not despair
A recent report by Accenture found that 47% of those surveyed were avoiding IoT devices due to concerns over privacy and security. People are not as apathetic as you think. When combined with the marginal utility of most IoT devices, for half of potential customers the value proposition is just not compelling enough to outweigh the risks.
-
-
-
Wednesday 20th January 2016 00:04 GMT Crazy Operations Guy
Home cloud?
I wish the industry could come together and make a standard for some kind of personal cloud gateway type device. Build some kind of discovery protocol so that all IoT traffic passes through a single device so that the traffic can be secured properly and monitored. Even build in a bit to allow devices to communicate through such a device rather than going up to the cloud and back.
-
-
-
Wednesday 20th January 2016 12:27 GMT Charles 9
Re: Home cloud?
ONLY when the market's mature or there's a synergy between them. Otherwise, the applicable terms are "acquisition," "buyout," and "cheating". It's all in the name of getting the most dollar.
As for using nuts and bolts, that depends. Apple was notorious for using penta-star screws, if you'll recall. The only reason nuts and bolts standardized is because the market was extremely mature and well settled. IoT is an emerging market; not much is settled, and just like with the HD-DVD/BluRay war, companies are jockeying to become the standard-bearer, which gives them big market advantage over the longer term.
-
-
-
Wednesday 20th January 2016 00:20 GMT Steven Roper
Re: Home cloud?
It's not hard to do this already. Simply set up a WiFi router with no direct connection to the internet and have all your IoT shit connect to that. Then that router has a single LAN line to a second non-WiFi router that does have an internet connection. If you want additional security and filtering, the internet-connection device can be a Linux box running SmoothWall or IPCop to keep control of all the telemetry and spying that seems to be default in IoT gadgets these days.
Which brings me to my other point: a fucking photo frame is phoning home? In $DEITY's name why? Whoever came up with that should do the world a huge favour and fucking kill themselves, preferably in a slow and messy manner.
-
Wednesday 20th January 2016 08:40 GMT Mage
Re: Home cloud?
It's called a router + firewall appliance. Mine runs OpenWRT or something as the cable modem is only a modem.
It doesn't solve the problem:
1) It won't make the data be encrypted if the remote server doesn't support encryption.
2) Doesn't easily tell you what is being shared. Especially if it IS encrypted!
3) I don't want ANY data sent to cloud.
4) Doesn't solve issue of bad use of WiFi (see doorbell article)
A home router ought to provide a VPN server by default. But how easily can user setup phone/tablet/laptop to then remotely access their IoT junk?
Win10 seems to be in same phone home category as the stupid photoframe?
Even a Kobo reader has to be edited by Calibre or else it tells Kobo everything. Additionally anything with Adobe ePub DRM. I don't sync my Amazon Kindle or use their cloud either. USB file transfers.
The privacy issues are worse than people imagine
-
-
Wednesday 20th January 2016 08:38 GMT Mage
Approvals?
Well, there ought to be security approvals.
But loads of stuff already fails to meet existing standards as the Regulators fail to police after approval and in market devices don't match devices tested. Or the devices were self certified or 3rd part tested (with no direct regulator involvement), or not tested in a realistic setup, or tested in wrong category.
Or devices don't meet the minimum 2 years retail SOGA life in EU and many other countries.
So good luck ...
-
Wednesday 20th January 2016 10:04 GMT Jeroen Braamhaar
I propose the "Internet of Things" acronym be prefaced with the acronym for "Infinitely Dumb" or any other similarly lettered term signifying its uncanny ability to provide solutions for nonexistent problems whilst providing a raft of problems in dire need of solutions.
Just to inform people so they can see it for what it is before they jump on the "you really don't need this but you want it anyway" hype bandwagon.
-
-
Wednesday 20th January 2016 11:56 GMT regadpellagru
Re: CAB
"Pretty soon you will be able to buy software for mobile devices that will show which shiny things are inside a specific flat and whether someone is inside or not. CAB - computer aided burglary."
No need for an app, a simple web browser will do !
http://www.insecam.org/
Amazing how many people have a default password CAM staring at their door, made public on da web.
-
-
Wednesday 20th January 2016 14:17 GMT Francis Boyle
If I ever buy any home automation it will not be attached to the internet
The much touted benefits of putting home appliances on the internet are really just edge cases or illusory. Turn the heating cooling on before I get home? Maybe if you work irregular hours and are desperate to save electricity and your memory's good enough. The rest of us will just a timer. Let my fridge reorder for me. Show me a working system that's not a pain to use. Let my washing machine reorder detergent at exorbitant prices. Not bloody likely. Of course maybe that's just me being a control freak but I remain unconvinced that consumer IoT systems make life easier for the user. In which case they stay in their little niche.
-
-
Wednesday 20th January 2016 19:12 GMT Anonymous Coward
Re: Nest has issued a patch after they found it sending location information in the clear
One that perhaps reacts to the weather, which to find out it probably needs to submit location information for a current report and forecast. What good's a "smart" device if it can't react to conditions around it to do a better job.
-
Thursday 21st January 2016 02:43 GMT Vic
Re: Nest has issued a patch after they found it sending location information in the clear
One that perhaps reacts to the weather, which to find out it probably needs to submit location information for a current report and forecast
I have a flight program[1] that downloads METARs for the entire country in a mater of seconds. That would leak no more than country information...
That said - how much diffrerence does a weather forecast *really* make to the job of a thermostat? If you have *very* large thermal mass or *very* poor insulation, I can see it being handy to turn on a bit earlier, but how often does that really apply?
Vic.
[1] Flight Assistant if you're interested. It's rather good...
-
-
Sunday 24th January 2016 18:30 GMT Down not across
As the researchers note, novice programmers abound in the Things market, making novice mistakes, and trying to do things on hardware that can't support security. Because Thing-makers are relentless snoops, even two devices on the same network communicate with each other via the cloud.
And herein lies the big problem with IoT devices (apart from the pointlessness of most of them). They're all hell bent on talking back (and via) mothership for everything.