back to article The wheel turns slowly, but it turns: Feds emit IoT security tip sheet

The US Federal Bureau of Investigation has offered advice on securing Internet of Things devices to prevent "Cyber Actors" using your garage door for nefarious purposes. The cheat sheet, following hot on the heels of tips on how to fend off cyber attacks last year, includes an explanation of what a Cyber Actor is (sadly, not a …

  1. hplasm Silver badge
    Facepalm

    Now the 'G-Men'

    Are the 'Cyber-men' ?

    How quaint!

    1. Wellyboot Silver badge

      Re: Now the 'G-Men'

      Can they be stopped by applying a little Gold!

      Dr Who ref. for the unknowing

      1. Ken Moorhouse Silver badge

        Re: Doctor Who

        The Daleks of the future will be programmed to utter:-

        ExterminIoT

        ...and will thus become the "good guys".

  2. Pen-y-gors Silver badge

    election swinging?

    before the Feds come knocking on your door after your microwave has attempted to swing an election at the behest of a not-nice foreign power

    But presumably OK if it's a nice foreign power? Like that lovely Mr Putin who is such a chum of the Prez? "Webcams for Trump!"

    1. Version 1.0 Silver badge

      Re: election swinging?

      If "corporations" have the same rights as people in the USA, then why not your fridge and security cameras? Fridges have rights too, if they are made in the USA then they should be able to vote ... of course they will be arresting those Mexican and Chinese made fridges that vote illegally.

    2. Ken Moorhouse Silver badge

      Re: election swinging?

      Convert your boiler into an IoT device and you are likely to find yourself in hot water.

  3. DCFusor Silver badge

    We know it's ok to swing elections

    By the usual suspects - lobbyists from big corporations, people like the Koch brothers, George Soros, other wealthy people with an agenda, and even special interest groups -- all of whom do so right out in the open and even brag about doing it. In some districts of fame, the phrase "vote early and often" is not joke.

    I'm sure foreign powers get into the act too, but to blame all your problems on them vs what we all know to be true and which is right out in the open is to deflect responsibility for fixing that and to CYA the current jerks in power. It's a very old game pols play.

    1. We need a distraction from our poor performance, and to convince people they need us.

    2. To do that, we create an enemy, using someone we can't fight without horrible consequences, and who we can't extradite from. Doesn't matter if they're actually a threat or not - they may even be in on it and using you for the same purpose (see...west vs east and control of their populaces). Currently, we have a 3 way tie for superpowers, so any one can use the other two as enemies. For smaller countries, we all just have proxy wars to keep things riled up and bomb the mostly-innocent populace of those places - nice real world weapons testing and..."you know what waving".

    3. We get you to to clamor for protection, from them, by us, thus retaining and increasing our power over the normal citizen/serf. We keep the status quo, which benefits the top crust more than anyone else, going indefinitely.

    See HL Mencken quotes. This is not news.

    All sides do this (doesn't make it right, just real). Wake up, it's a not-nice game and you're being played. If you sit at the table and don't know who the mark is...it's you.

    To get on topic - the IoT is a joke. I built a LAN of things for myself. But the only real reason to put things on the internet is so someone can be a man in the middle - to charge rent, spy on you, and other shenanigans. Do you really need to turn your heat up and down from work, a job a cheap timer could do - and have security and reliability advantages doing it? If the police are such a failure you need realtime video monitoring remotely - why not get that fixed? What would you do from miles away anyway? And so on - the IoT is just another way to try and charge you for living "as a service". Get wise.

  4. Tromos

    Keeping up to date with patches

    No problem for most IoT devices. They start out with the full complement of patches that will be issued over the coming decade.

  5. Claptrap314 Bronze badge

    I had a guy assert to me that everyone is going to become a programmer. Looks like the G-men want everyone to become a sysadmin.

    This advice is the sort of thing to get my paranoid side going. The only honest assessment of IoT "security" is, "Hahahahahahahahaha.....!", or "Ieeeeeeeeeeeeeeeeeeee...!" If consumer protection were the real goal, the FBI ought to be issuing stern warning about the lack of security, and the dangers of using these devices. Almost all are fundamentally unsecurable, which means that that any vaguely competent actor can just pop them at will and get complete access to...

    Yeah. My paranoid side really gets triggered at this point.

  6. Michael345

    better advice

    Better advice is at RouterSecurity.org.

    Block unknown IP address in the firewall? What does that even mean.

    Much IoT security is really router security. Disable UPnP and NAT-PMP to block devices from opening holes in the firewall. Test the router firewall yourself to see if there are open ports (aka holes).

    The FBI is right that IoT devices should be isolated, another router issue. Of course, they offer no help in doing so - or even a warning that many routers can not do this.

  7. Anonymous Coward
    Anonymous Coward

    Encouragement for IoT in the national press.....

    ....and in the mean time, there's this gem today in The Guardian newspaper encouraging their readership to install a few, maybe dozens, of IoT microphones in their houses!!

    *

    https://www.theguardian.com/technology/2018/aug/04/how-do-i-get-best-from-alexa-amazon-echo-hacks-apps-accessories-skills

    *

    Fab.....let me get onto Amazon and place an order!

  8. Winkypop Silver badge
    Stop

    No

    Just no

  9. RGE_Master

    They're sitting here wondering how we can secure things, i'm sitting here knowing full well that you can hack a dildo with a webcam attached to it......

    Incdentially, how do I patch this thing, for my girlfriend of course..

    BTW, you can google the above and they show you a video how to do it... It's quite amusing. It was carried out by Pen Test Partners.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019