back to article Smart home owner? Don't make your crib easy pickings for the smart home pwner

If you live in a smart home you may as well take all the locks off your doors and hang up a sign saying "burglars, free swag here". At least that's the thrust of a report by Trend Micro into the security threats posed by "complex IoT environments". Those environments are what peddlers of IoT home gadgetry would describe as the …

  1. Tom 35 Silver badge

    Patch LOL

    A hub might get patches, but the doodads? Your light bulbs, door switches, door locks! will all be... patch? It's 6 months old! buy a new one. The fancy fridge that cost $2000? Maybe if you can get it on the NEWS so it's hard to ignore.

  2. Yet Another Anonymous coward Silver badge

    I'm safe

    The burglar would first have to break in and disconnect my cable modem for 15mins to force a network reset, then turn it off and on again to get a new IP, before they were able to hack my smart home.

    Rogers telecom: not only an expensive unreliable monopoly - but now my partner in security

    1. DougS Silver badge

      Re: I'm safe

      Can you explain your reasoning for those who aren't familiar with Rogers? Is there some reason why your wifi is completely unhackable when everyone else's is vulnerable to known exploits that aren't addressed until WPA3 is out, for instance?

      Once they're inside your network, if you have a smart lock with a known exploit they can open it. Though some smart locks have had exploits that don't even require network access...

      1. Yet Another Anonymous coward Silver badge

        Re: I'm safe

        Rogers follows the Canadian telecom model of providing billing with a minimum of actual telecoms.

        By cleverly removing the 'transfering IP packets to/from the customer" loophole they are able to greatly enhance security

  3. Will Godfrey Silver badge
    Happy

    Look on the bright side

    With all the switched-on generation falling for this crap the burglars won't bother to go to the effort of picking locks and smashing windows, so the rest of us should be safe.

  4. Anonymous Coward
    Anonymous Coward

    Not really sure that the world has changed that much

    Obviously IOT introduces vulnerability, but it's hardly groundbreaking. A smart burglar can hack a camera, work out when you are in your garage and 'just walk in'? Of course. A smarter burglar might just sit on a park bench over the street and notice when you walk out to the garage, which would have the advantage of them being nearby*. If I want to identify people with a regular 'habit' I could sit at the train station and watch who it is who gets on the 7:38 each day. Clearly setting up an impersonal-able way of unlocking a door is a bad idea. So just don't do that.

    * Visions of the stereotypical hacker in his pants and vests in mum's basement. 'Oh Mr AC has gone into the garage... I'll go round and rob him'. Tripping over the pizza boxes, pulling on a hoody, getting onto moped, driving round, sneaking into the house... 'Oh he's not in the garage any more, he's in the house with a hammer in his hand that he went into the garage for......'

    1. Tikimon Silver badge
      Facepalm

      Re: Not really sure that the world has changed that much

      Yes, it's changed quite a lot! First, the so-called "stereotypical hacker" you describe has not been a notable player or serious threat for years. The Good Stuff is written by well-funded professionals, for whom it is a BUSINESS. It's not about individuals on pathetic ego trips, but well-run outfits making sophisticated malware to steal millions. And hoodies? Seriously?

      Second, nobody will sit outside a house on the off chance the residents will leave, that's NOT convenient and is a good way to get questioned by cops. Instead, they can sit comfortably at home, in their van, etc. and monitor dozens of potential burglary sites.

      The world has changed indeed. Never could so much info be easily gathered from so many sources, stored in searchable form and shared around with a click. Dystopia doesn't begin to cover it.

      1. Anonymous Coward
        Anonymous Coward

        Re: Not really sure that the world has changed that much

        Well - locally the preferred modus operandi is to walk up to the door and ring the bell. If no answer try the side gate and if that's open stroll round the back. If challenged choose from 'I saw the gate open and thought there might be a problem' or 'isn't this Fred's house - he said I could pick up his wheel barrow'.

        Hoodies are pretty much obligatory.

        Cops? I saw one once when I went to the big city.

        Has anyone EVER actually been burgled by an IOT literate burglar? (FoF , man in pub's FOF or Facebook memes don't count).

        And good luck hacking your way in via Alexa - 'Alexa unlock the back door' - 'Back Door Man by the Doors isn't avialble on Amazon Prime - subscribe to Amazon Music to receive unlimited downloads' ....repeat ad infinitum.

        1. Anonymous Coward
          Anonymous Coward

          Re: Not really sure that the world has changed that much

          I'm safe then because I don't have a doorbell. And having worked for a company that makes smart locks, there's no way I'm having anything other than the finest Swedish mechanical locks on my doors.

  5. chivo243 Silver badge
    Windows

    Call me very old school

    I have ZERO smart\IoT gadgets on the home network. PNP on the modem is disabled.

    1. Anonymous Coward
      Anonymous Coward

      Re: Call me very old school

      Nope - you have a modem and a home network.

      Old school is 'I live in a cave and have none of that new fangled electricerry'.

      (And maybe you just think PNP is disabled because that's what they want you to think....)

      1. Rich 11 Silver badge

        Re: Call me very old school

        Cave? What cave? I'm still roaming the Kalahari.

        1. CrazyOldCatMan Silver badge

          Re: Call me very old school

          I'm still roaming the Kalahari.

          Roaming the Kalahari? How terribly modern! I'm still considering whether to evolve from primordial slime..

      2. Aladdin Sane Silver badge
        Trollface

        Re: Call me very old school

        It's easier to not have anything worth stealing.

        1. the Jim bloke Bronze badge
          Trollface

          Re: Call me very old school

          Whats a kidney worth these days?

  6. Flak

    Technology capability vs human capability

    The real challenge here is that technical capability of devices is increasing at an incredible pace, while for all but the most savvy users default settings and blind trust seem to prevail.

    In some cases the technology implementation may be completely wrong and insecure, regardless of the implementation.

    In other cases it will be configuration.

    Most ordinary users will not be able to recognise the first and properly mitigate the second.

  7. This post has been deleted by its author

  8. Anonymous Coward
    Anonymous Coward

    History Repeating Itself

    This is just like the early versions of multi-user Windows - allow everyone to do anything, then try to restrict then from doing something they shouldn't be doing.

    Should really be the same as any properly designed OS where no-one apart from the administrator can do anything at all, and they then you allow you to do specific things as necessary.

    It isn't rocket science.

  9. Anonymous Coward
    Anonymous Coward

    It isn't about burglary.

    For most people, if they are the subject of crime it is likely to be opportunistic. Complex attacks against chains of IoT devices designed to allow access to a property are unlikely. Blackmail or attempting to obtain your banking credentials are more likely, but until its easier to find insecure IoT devices to attack than it is to just phone up members of the public and tell them you are from their bank and please give your pin, it's not going to be a big thing.

    If someone is targeting you specifically, and they are prepared to go to the effort of compromising IoT devices they probably are going to find a way to get to you anyway.

    That being said, IoT security is very important, and as the number of devices increases, it will become more popular. It is just that these current first and second generation devices aren't going to be when IoT crime really takes off, and so the manufacturers have a few years to get things right still.

    1. the Jim bloke Bronze badge

      Re: It isn't about burglary.

      The point of all this.. is to encourage people to spend money on Trend.. but potentially, someone finds a gaping hole in IoT configurations, sets up a script and sells it, and every hoodie wearing illegal immigrant can use their mobile phones to select opportunistic attacks by simply checking an app.

  10. SVV Silver badge

    Cybersecurity Risks in Complex IoT Environments

    Att the moment I woud rank the probability of professional break in merchants having the IT skills ncessary to exploit the IoT gizmo flaws as very low.

    Howver, when most of these IoT security gizmo merchants go bust, there may well be a surfeit of out of work IoT people whoi have the knowledge needed to turn to a life of crime. And due to the devices all needing personal info to be given to the supplier, they will possibly have useful lists of the installed user base to hand too.

  11. CrazyOldCatMan Silver badge

    "or a barking dog sound if the owner's phone is not within range of the home network"

    Personally, I prefer to have an actual dog make barking noises if I'm not at home..

    (I'd love the cats to also participate in home security duties but I'm not holding my breath. After all, they don't bother to keep out the neighbours cats let alone burglars..)

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019