Watch the windows
If someone is casing a house, they'll just watch the windows! No burglar is going to be sniffing IP traffic to see when someone is up and awake. Why go to all the trouble, even if they had the knowledge?
Princeton boffins reckon the Internet of woefully insecure things yields sensitive information about connected homes with nothing more than a bit of network traffic analysis. The problem is that single devices have very individualistic traffic profiles – a thermostat behaves differently from a lighting controller, both of …
That's shows a serious lack of imagination there! Entire new industries will spring up as a result of this (all the holes in IoT)! We simply have no idea yet. But a few people are beginning to glimpse the nightmares that await.... Expect to see new criminal enterprises, new governmental control departments, new espionage based industries. They may not all come around to your place, but they will tap the IoT data stream of people you know and care about. Why? The temptation is just too great....
Worse than "Entire new industries will spring up as a result of this", entirely new theories of crime and legal defences could spring up as a result of this, and then they'll be followed by the ambulance-chasing shysters of the "Have you been injured in an accident that wasn't your fault" variety ....
As an aside I was once working at a large bank as a contractor, a colleague (also a contractor) was more fond of the opening lines of "Got to pick a pocket or two":
"In this life, one thing counts, in the bank, large amounts....."
He would quietly sing it to himself whenever anyone was out of hearing distance
>> "No burglar is going to be sniffing IP traffic to see when someone is up and awake."
Your name is Fagin and you sniff the IP traffic to hundreds of homes and send out your little Oliver Twits as appropriate.
Disruptive imagineers will sweep away the legacy burglary industry like the dinosaurs. Which is just as it should be.
Icon for maximising revenue opportunities whiles travelling between burglary opportunities-->
Now you can have a thief sitting in the comfort of their own home monitoring tens if not hundreds of houses.
IOT becomes a tool for 'remote casing' of properties.
And people will still want to and do install this crap in their homes.... {mind boggles}
None of this stuff will be allowed in my home.
Thanks for the list of Domains that some of this TAT uses. I'll be adding them to my firewall later today.
"Now you can have a thief sitting in the comfort of their own home monitoring tens if not hundreds of houses."
They don't need to monitor it. Just have software monitor the streams for the pattern of someone going on holiday and then send an alert to the local operatives. It can also include the details of the security systems it's identified. If the house has been sold in the last few years it can include the floor plans and internal photographs from Rightmove. (photos will be out of date but still useful for familiarisation).
No burglar is going to be sniffing IP traffic ....
Yet ... Already the rats are sniffing around in databases to find the homes of elderly people where they can fore their way in so much easier, the databases are the ones used by those other rat bastards, the telephone salespeople, who LOVES half-deaf possibly senile people with few relatives to take the fight for them.
Once those convenient resources are *eventually* blocked over EU privacy laws and such, then, they will do IP sniffing. Of course they will. They sniff car key codes already. They may be rats but not stupid.
"Whoa! What's that you got there Agrippa?"
"It's a gun"
"A what?"
"A gun. If throws small arrow heads out like a ballista, and you don't even need to wind it. You just put this magic black powder in this hole here and then your arrowhead and then you point this end at what you're trying to kill, and then smash this bit of flint on this bit of iron here and..."
"Is it supposed to do that?"
"Err, I don't think so. Does it look as bad as it feels?"
"Err, Are you in excruciating agony and wish you were dead?"
"Yes"
"Then yes it is a bad as it feels. You appear to have lost half of your face"
"I think we should wait a millennium or two until they've ironed out the flaws"
The paper stops short of telling manufacturers to quit collecting data unnecessarily, which seems an obvious first step to The Register.
Right; because Internet companies would immediately stop surveilling users collecting usage data to improve the user experience, if only some random researcher would tell them to.
It's not the manufacturers who need to know. It's their customers. It would be much more effective to tell a few scriptwriters, so that this sort of spyware becomes more widely known in popular culture.
For bonus points, someone can thwart such attacks by knowing how to configure the firewall on their (ordinary) router. Obviously that is going to stretch credibility somewhat (sigh) but that's the writer's problem and they're a pro, right?
I had a very 'lively and interesting' discussion with a bloke in town flogging Smartmeters on Saturday. Wifey walked off in embarasment, but the sales guy had no clue what he was talking about and was adamant that they are secure. Adamant I tell you! I think I drew a small crowd but he was talking rubbish.
If you've got access to ISP data then you don't need smart devices to track user activities.
1.) Did the home owner recently go to a airline online check-in page?
2.) Has the amount of web traffic reduced.
Assumption: home owner is away.
Any type of date and be analysed, pattern matched and assumptions made.
OK, some of the IoT crap I can at least see why people might think it could be vaguely useful or interesting in some way, but what on Earth is the point of a sleep sensor? It's not exactly difficult to figure out if you've had a good night's sleep or not, and even if you were desperate to quantify exactly how good it was how does streaming the data while you're sleeping help with that? I suppose you could try to use it to monitor someone else's sleep, but children are pretty damn good at letting you know when they're not asleep, and why the fuck would you need to spy on anyone else? Other than occasional medical use for people with actual sleep disorders, I just can't imagine why anyone would want one of these things, let alone one that constantly livestreams data to let everyone know exactly when you're sleeping and how well you're doing it.
Because extending the "occasional medical use" to "diagnostic use" to "Check whether you have a problem" is the usual way it works in marketing. Convince people they have, or may have, a problem and they need the latest gadget to identify and/or fix it.
I'd guess that it's not streaming while you're asleep so someone can view it, it's streaming it to a cloud, sorry server, so that you can review it later.
See also the current fad for wearable fitness monitors, which were recently reported to be rubbish at measuring calories used.
I dunno guys. If someone is already on your network sniffing your data to do traffic analysis it either means they already have access to your wifi or are in your house already. I think that means you have more problems than some IoT device selling the ambient temperature of where it's located to "the cloud data mafia" for big buckeroos.
Sorry, totally forgot this is el reg. I should have written:
oh noes small microcontroller based thing on my network is so much more scary than the 3 or 4 windows machines I have because it's called IoT. Whats that? IoT uses IPv6? How will I remember all the digits? What about my NAT?