Sign in / up

back to article Pisspoor IoT security means it'd be really easy to bump off pensioners

Two things are fixed on everyone's minds when it comes to the Internet of Things: security and law. How does industry overcome the threats posed by these two hurdles? Speaking at yesterday's Cambridge Wireless IoT event in London, Max Heinemeyer from Darktrace was all in favour of automating away the security problems. He …

COMMENTS

Post your comment
House rules Send corrections
Add to 'My topics' unstar *
  1. Anonymous Coward
    Anonymous Coward

    Could Darktrace fix an home IoT device?

    The issue with a tool like Darktrace is it can be installed at an ISP or company organization, not at a single customer site (which would probably don't understand what the tool reports).

    But what it could do if many IoT devices at many houses are compromised? Ok, the IPS can cut the traffic and save Krebs' site, but what about the IoT devices if they perform critical tasks like controlling environment and open/closing doors when needed?

    The problem with IoT is they can handle more critical tasks than web browsing or email, thereby identifying issues *after* they happen is not enough - especially if it needs a 600Gb/s DDoS to discover it.

    I wonder also if Darktrace could have spotted the remote login to the fingerprint reader with default credentials - or would it have to wait for the exfiltration of data to spot something? It's a matter of early warning.

    5 0 Reply
  2. Updraft102

    "I think what can save us from the IoT problem is to let machines do the heavy lifting."

    Or we could just not connect them to the internet in the first place.

    21 0 Reply
    1. Scott Broukell
      Reply Icon

      "Or we could just not connect them to the internet in the first place."

      I'm sorry Dave, you MUST connect me to the internet, if a connection is not completed within the next thirty minutes, user termination procedures will commence!

      2 0 Reply
      1. You aint sin me, roit
        Reply Icon

        "I'm sorry Dave, I can't let you do that... I'm currently upgrading my Nest thermostat software and heating will be switched off for several hours. Maybe days."

        You don't even need hackers to kill oldies, remote updates already do that fine.

        1 0 Reply
    2. David Pollard
      Reply Icon

      Battle of the Botnets

      Coming to your local farm soon.

      0 0 Reply
    3. Pascal Monett Silver badge
      Reply Icon
      Facepalm

      "letting machine learning take the strain of countering IoT malware"

      Yeah, great idea : let's connect everything to the Hive Mind and let that sort out our security.

      Forget doors, locks, windows . . . hell, forget walls while we're at it. Let's just hand it all over to the AI God and everything will be fine.

      Here's a tip : when you want security, make sure you don't depend on someone else for it. A hardware firewall will give you better security than any remote AI will ever bring you.

      Good Lord, to think there was a time when I thought all those people quoted in journal articles actually knew what they were talking about.

      5 0 Reply
  3. Alister

    Two things are fixed on everyone's minds when it comes to the Internet of Things: security and law.

    You're havin' a laugh, apart from a very small minority, the two things on everyone's minds when it comes to the Internet of Things are money and image.

    6 0 Reply
  4. Anonymous Coward
    Anonymous Coward

    If the last 4-5 years in IT security has taught us anything

    Its that anything that can be hacked will be hacked. So the best thing the governent can do is step in and stop production of self-ordering fridges and stuff like that until the security is worked out. Not just for privacy (which doesn't matter a bit to the government), but also energy usage/pollution and public safety, which the government does care about

    3 0 Reply
    1. Richard Jones 1
      Reply Icon
      WTF?

      Re: If the last 4-5 years in IT security has taught us anything

      OK, I have a few different fridges, one is 40 plus years old and the other two lasted a longish time and have just been replaced. Their replacements will likely be some way off in the future when I am unlikely to be interested. The heating thermostat is only 25 years old and probably good for at least another 25 ~ 50 years, so no hurry there.

      The boiler controller was 25 years old and was only replaced when the boiler was done because the installers were here doing the job anyway. So far after almost a year I have managed to set the same programme for every day of the week, other things should be possible but (a) too damned difficult (the installer gave up and passed me the book) and (b) lacking in any point or purpose.

      Now remind me why I should buy some things to make life more complex and which some scum bag, probably in Russia might be able to miss-operate more easily than I could when stood next to the heap of junk.

      Best of all I really, really, do not need the crap.

      5 0 Reply
  5. David Roberts
    Windows

    Pensioners?

    Grumble, grumble......spotty yoof....grumble.....

    Speaking as a pensioner if the thermostat turned itself down I would (1) turn the bastard up again (2) light the log burner (3) give the router a good seeing to (4) use the over ride on the boiler controller

    From sad experience, those of declining lucidity are not likely to be open to this style of attack because they will already have turned the thermostat down to save money, then put on a couple of electrc fires to keep warm, then opened a window or two because it is a bit hot with their overcoat on.

    More likely to get a yuppie by disabling the electronic door lock.

    3 0 Reply
    1. Anonymous Coward
      Reply Icon
      Anonymous Coward

      Re: Pensioners?

      Don't worry, government want you to shuffle off your mortal coil, so whether you bake or freeze they don't mind.

      Sounds awful, but this very afternoon I was at a big wigs talking shop at a most prestigious institution in London, and when I made the case that energy related devices need to be easy to use, and to deliver the required level of comfort easily and effectively, the individual next to me (representing the energy interests of BEIS) sniffed and complained that this might encourage people to turn up their heating.

      All of UK energy policy is about saving polar bears and snuffing out vulnerable humans. But this they blame on "fuel poverty" which has nothing to do with their idiot policies, of course.

      3 0 Reply
      1. Fruit and Nutcase Silver badge
        Reply Icon
        Flame

        Re: Pensioners?

        @AC

        But this they blame on "fuel poverty" which has nothing to do with their idiot policies, of course.

        Going by the reasoning of zero rating VAT on essential food items, I think VAT on heating fuel implies that it is a luxury that we could choose to do without.

        0 0 Reply
  6. Notas Badoff
    Alert

    "I'm sorry, boss, but network security ...

    won't let you start up the quarterly video conference with Wall Street. You'll just have to send them an email about how secure our network is. Sorry about your bonus benchmarked to stock price..."

    "He emphasised how, once installed, it learns how the client’s network operates over a period of two to three weeks and then act on unusual activity from there."

    Two to three weeks to learn about daily behaviours and weekend reconciliations. Two to three months to learn about the once-a-month activities, that are spread throughout each month. Two to three quarters to learn about the quarterly activities. Two to three years to learn about yearly activities (vacations, holidays, a coupl'a industry conferences, tax reporting, product rollouts, merger bids, etc.)

    And then after two three years it'll be ready to notice the merely new coming in and old falling away. Things which change every week.

    If you don't staff these automatic tools with 24x7 attendants well-versed in all company activities, they will constantly be tripping up business activities or flipping off alerts. Where's the big red button for the automatic monitor that keeps hitting the big red button?

    2 0 Reply
  7. Herby

    An 8 letter word, starting with S, ending with Y.

    For many people that is what "security" is. Oh, and it costs money.

    One day the DDOS attack will be on the company that actually makes the devices, and it might get some traction.

    I'm not holding out much hope. End users need to be conscious of the many problems as well. Good luck with that.

    0 0 Reply

POST COMMENT House rules

Not a member of The Register? Create a new account here.

Forgotten password ?

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like