Due to smart phones, computers and tablets, I already have all my internet habits being recorded, and half a dozen cameras and microphones all over the house.
Whats just as concerning is how many quasi-legitimate service providers, for reasons of people desperately trying to secure themselves from bad actors, end up finding technical solutions that are indistinguishable from malware and other kinds of network attacks/exfil techniques.
Argh, this is a stupid future, I want to go back and try again.
And given the mediocre job we have done with online security so far, one can easily think of half a dozen scenarios for the "IoT" (the term alone makes me cringe) to turn in to security nightmare. Think of the Windows malware wave of 2003, when you could not install XP on an internet-connected machine without catching some worm before the installation was finished; now think of billions of lightbulbs, fridges, thermostats and whatnot and how much thought their designers must have put into security. Unless we wise up soon, the future is going to become very "interesting".
EDIT: I just remembered one useful device - a networked smoke detector that the fire department remotely query to see e.g. what parts of a building a fire has spread to and that can tell a central computer when its battery runs out. I could imagine this being really, really useful often enough that it's worth it. But still, the security concern remains. (IIRC, the smoke detectors were not connected to the internet and did not use regular Wifi, which would make sense - if my living room is on fire, my internet connection and wifi router probably aren't so much working as ... liquified.)
Yet every single IoT kit, howto, stack-as-a-service, or other piece of material or IoT startup I see enshrines this as The Way. IoT devices connect to IoT cloud backends and that's how it's done. Period.
There are several reasons:
(1) Vendors desperately want to avoid total commoditization. Competition in the hardware space comes from cheap Chinese vendors with unbelievably cheap labor and monstrous economies of scale. Tethering your device to a backend provides both some amount of lock-in and keeps your secret sauce away from the Chinese reverse engineers. (Or so people think.) This is as true for Chinese vendors as it is for domestic ones-- don't expect them to forgo this strategy when their competition is each other.
(2) There is no good solution for end-to-end transit that copes with the ugliness of endpoint networks.
Full disclosure: I am founder of a company that is trying to address #2 in an open, scalable, reliable, and interoperable way. I am therefore partial to this problem. Yet I also think it may be the easier of the two to solve since it's mostly just a technical problem. Problem #1 is deeply baked into the structure of the market and I have no idea how to solve it. Pathological emergent behaviors like this in complex systems like markets are notoriously hard to fix. You can see the train wreck but you as an individual are helpless against it-- in fact you are almost forced to help drive the train off the cliff because every market incentive points that way. Usually the ham-fisted solution of legislation is the only thing that can address such pathologies in the real world. I hate that as a still-semi-libertarian but it is what it is.
It gets worse. Now add:
(3) All kinds of creepy agents from governments to crooks to (perhaps worst of all) quasi-crooked "dark pattern" companies who want to "monetize the user," would love to get as many Internet-connected cameras, microphones, sensors, etc. into your house as they can. It's a gold mine of private data they can do creepy things with. Think about the malware situation on PCs -- that is about to happen to your house.
#1 and #3 obviously interact constructively. The race-to-the-bottom nature of hardware and the ease with which software is copied means that companies must look for any revenue stream they can. We've seen what this has done to the web: the most successful web companies are free services that monetize the user through surveillance. It's hard to imagine that the same economics won't drive IoT vendors to the same endpoint.
I toy around with the deeply contrarian idea that what we need are significantly stronger intellectual property laws to upend this economic death spiral, but I am not at all convinced that that is the answer or that it would have any chance of working.
The other less radical idea is that this is a marketing problem, and that IoT is ripe for a higher-end vendor to come in and say "we aren't creepy."
Okay enough rant -- back to work trying to put a dent in this problem in a way that's probably more effective than posting to HN. #1 might be the harder of the two problems but if #2 isn't solved there is no chance of #1 being addressed.
Yes, there is. And it exists right now, and it's completely free.
I've been using TOR hidden services for months now. On every machine (Linux), I install TOR and set 22/SSH available as a hidden service. This gives me a [HASH].onion address.
Now, why is that useful? The Hidden Services gives you a flat address space so that every .onion is reachable easily. There's no NAT, no firewalls, no stupid of any sort. And unlike "static IP/port forward/hole in NAT/Dynamic DNS" anti-solution, you install TOR, set up which ports are to be forwarded, and off you go.
I've also figured out how to get full .onion resolution on a Linux system as well. That means, instead of having to do a "Run Tor Browser/proxy" for every program, you simply use the .onion where you want. The DNS resolver takes care of obfuscation and TOR handing and everything. So that means you could have a list of servers in different physical locations with firewalls, NATS, and other network tools. And you can administer them via CHEF or Puppet or Ansible using a list of .onion in your config files.
I use Mosquitto, a MQTT broker to handle my data store. I have sensors in 3 physical different locations (my house, a friend's house, and my local hackerspace). I don't have access to the border router on 2 of them; but that doesn't matter. TOR takes care of all transit.
The last piece of this puzzle is Node-Red for handling of IoT data. With the aforementioned DNS solution I figured out, I can pub/sub data to my mosquitto broker, sitting on port 8883 on my onion. The Node-Red doesn't have to know where the machines are, nor does my Mosquitto broker.
My hardware platform is self-made: Arduino Nano clones, nRF24L01+ mesh networking chip, whatever sensors, and the MySensors library. Works really well.
Tl;Dr. An IoT system that guarantees anonymity, privacy, and security. And doesn't rely on someone else's machines.
(from my previous comment a few weeks ago)
4 points by kefka 18 days ago | parent | on: The Research Pirates of the Dark Web
I find the way TOR is used lacking. I really would like to have .Onion resolution across my whole system (in my case, I extensively use Linux). So, Here's a way to do just that:
I use a significant amount of HiddenServices to communicate back and forth with my machines. My eventual goal was to be able to process data from different geographical areas and have them inserted into MQTT via Node-Red. Until now, it was all or nothing with regards to proxy settings.
I have figured that out. For those that want to integrate seamless .onion usage across the whole of Node-Red (and every other Linux program), follow this.
get the following packages (Ubuntu, Debian)
sudo apt-get install tor iptables dnsmasq dnsutils
sudo service tor restart
sudo service dnsmasq restart
sudo iptables -t nat -A OUTPUT -p tcp -d 10.192.0.0/10 -j REDIRECT --to-ports 9040
/sbin/iptables -t nat -A OUTPUT -p tcp -d 10.192.0.0/10 -j REDIRECT --to-ports 9040
Of course, this does not discuss how to actually add a new hidden service You should think very hard before enabling a service: Make sure there is good authentication on them along with the newest updates. There is no determining origination on these kinds of attacks.
cite: http://www.linuxquestions.org/questions/linux-networking-3/h.... , Have confirmed directions work flawlessly on Ubuntu 14.04, 15.04, and 15.10 (various flavors of Ubuntu, XUbuntu, KUbuntu)
HN seems to have gotten poisonous with people saying "you cant, you wont, you shouldnt".. and yet the alternative solutions aren't posited. That disturbs me. I try to set a rule, that if I complain about something, I try to have an alternate path to go forward.
Right now, I'm looking into IPFS (interplanetary file system. tldr: single worldwide git repo backed by bittorrent). So far, I've been able to share a staggering amount of content quickly. Our hackerspace has decent bandwith, except when we have open house nights every wednesday. Using IPFS allowed me to share the newest Star Trek Horizon movie with 10 machines in ~6 minutes.
Turns out, they are also working on IPFS-aware Tor, so that the file hosters can reside purely in .onion space. You can probably see why that is interesting to me: worldwide backed tor repo access. Files can be hosted with little/no knowledge who they came from, or to unknown destinations.
I'm also working on porting http://s-macke.github.io/jor1k/demos/main.html so it resides purely on IPFS, including your user data (just stored in a separate key). This would allow distributed computing in a Linux js environment, with networking support... unlike Ethereum which processes data in "Instructions per second" speeds (10^8 slower than your laptop).
I've my hands full, but distributed applications are really, finally here. It's what I can call the cloud, without hearing "other peoples' servers" in the back of my head.
When I see an app or product that touts some security claim, I check around their website to see what they offer to back that claim up. I do not file support tickets asking for clarification unless I really really want the product.
People like me probably note that the product mentions end to end encryption and simply move on if there is no more information provided to explain this.
My thinking behind this is: When vendors are proud of their security they flaunt it. When they don't flaunt it, you should be concerned about why they aren't.
From my perspective anyway. Just my 2c.
I can imagine this would be hard to "tout".
Security is process.
- Do the engineers writing the code have sufficient time to do a good job (assuming they are competent in the first place? Which gets to the hiring process), or does marketing win that battle?
- What is the security audit process? Who has the keys to the servers, who changes the keys when one of those people leaves/dies?
- What processes exist to deliver security fixes to the lightbulb/baby monitor/robo-proctologist? How are consumers notified of the need, and how does the update payload delivery work?
- etc. etc. etc.
I mean, I do have a checklist of features for networked devices for my house. Those include things like user-serviceable certificates, root on things I own, etc. But unfortunately, when searching for a product, the important parts of the security picture are invisible, and reputation and visible implementation are really all there is to go on.
Which is why my lightbulbs don't get wifi.
Open source client + whitepaper describing how the client encrypts the data with a particular scheme that still allows the server processing they need, without leaking undue data.
This can be as simple as: audio stream is discarded on device unless "ok Thing" is recognized, by a low quality open-source on-device recognition software. After that, the next 2 minutes of audio are sent to the mother-ship for higher-quality recognition and analysis.
Done, privacy-preserving Amazon Echo alternative. Get a third party (the EFF?) to audit it for you and put a badge that means to semi-technical users, 'this product goes beyond snake-oil on privacy'. Super-paranoid users can inspect the code for the client, which anyways includes little more than well-known open source libraries and some trivial glue code you don't care who copies anyway.
Of course, the real reason not to do this, is that companies don't want the 2 minutes of audio after the user asks their devices a question. They want the 'big data' of 24/7 surveillance (with all the beneficial applications this can have, but also the chilling ones).
Just explaining which established crypto you're using and where you're using it goes a long way. (And please don't let Marketing write this part - specifics matter)
It has to be in some way that isn't automated.
If a tree falls in the forest, and a surveillance system integrates it with the sound of millions of trees falling in forests all over the country in order to build and monetize a detailed model of trees falling in forests, but no one actually listens to it ... did it make a sound?
That was the GCHQ database of hacked webcams.
A school district recorded photos of kids in their bedrooms at home via laptop camera
Some people apparently like the idea of being able to lock/unlock the front doors of their houses/apartments via smartphone app. I am not certain how this is more convenient than getting a key out of your pocket, but it doesn't matter - the same scenario applies. These are probably going to be "cloud"-based, so if someone can compromise the servers, they can now gain access to entire neighborhoods. (Or, alternatively, lock the doors, keep the people inside.)
I'm not sure why doing it through the Internet is a good idea, if you can do it via the 433 MHz unlicensed spectrum.
The engine: https://www.shodan.io/
The Ars Technica story: http://arstechnica.com/security/2016/01/how-to-search-the-in...
... and still the public does not care.
Yes. That's why the camera in the parent article calls home. The vendor says it does that so the phone app can find the camera. If the camera and app can establish an Internet connection with each other, they communicate without going through the vendor's servers. That's the "P2P" feature. If not, they communicate by sending video and audio through the vendor's servers.
This is insecure, of course. But it's the only way to establish phone to device communications without setup problems.
Skype has a similar architecture, except they don't even try for a true P2P connection any more.
Or to just toss out IP laws, and every other toehold companies have that prevents their products being totally commoditized, and let the free market do its magic.
Or shift to an economy based on the social good over locking things down for profit.
How does connecting to a network provide lock-in? By forcing the user to use a particular interface? By keeping your files incompatible with general purpose computers? What do they do?
Is there really that much 'secret sauce' in an internet connected camera?
For example, you can buy wifi-enabled SD cards for your digital camera. Unfortunately, you can't transfer files directly from the camera to the computer to use in your favorite editing app because the card requires you to connect to a particular server which automatically uploads your photos to their service and you then have to re-download them to your computer if you want them locally.
This is where manufacturers are trying to lead us. They want users to be locked in to their service any time we purchase one of their devices.
Those light bulb are a bit clever as they need to plug into your wifi for remote control. He discovered that the plug was creating a new wifi network, with hardcoded simple password and security setting such that it exposed you internal network to an external attacker. I can't remember if it was calling home, but surely a future version will.
So yeah, you will eventually end up with something connected, light bulbs are connected now !
And the list of things it does :
So, in summary: it's a device that infringes my copyright, gives you root access in response to trivial credentials, has access control that depends entirely on nobody ever looking at the packets, is sufficiently poorly implemented that you can crash both it and the bulbs, has a cloud access protocol that has no security whatsoever and also acts as an easy mechanism for people to circumvent your network security.
He has poor impulse control for purchasing internet-enabled devices and investigating how terrible they are.
I may not be able to hack your iphone, but if I can get on your network through a rather easy means, it will give me access to what the information I really want and then correlate it with the rest of the information they can get from the carriers.
I would imagine this is exactly the sort of soft target the NSA looks for.
I wouldn't say it is at all intentional.
While that would be bad, there's a way to fix this. We can expose the supervillain, fix the problem, and TA-DA! everything's good again.
What I actually suspect is that the typical person is just dumb enough (and hey, I'm not doing the superiority complex thing here, pretty sure it applies to me too) to let this happen accidentally. We don't need to be manipulated or brainwashed or tricked. We'll do this because Amazon will list the bad device 2 cents cheaper, and the companies making the good stuff anticipate this and don't bother to make the 2-cents-more-expensive-but-better one.
It helps that people are oblivious to how damning metadata is. One could easily foresee being able to tell who is adulterous just by when the front door opens and closes, for instance.
And in some other parts of the world, far removed from TV cameras and annoying privacy advocates, that's basically how we decide who gets a drone strike.
Metadata is really, really important... otherwise the government wouldn't be interested in collecting it.
I would agree with the narrative that so far in the digital age the elephant in the room (NSA) has purposefully withheld security related information based on the calculus that "it's worth having insecure things floating around, so long as it's mostly just us that is capable of hacking them at scale"-- that math is rapidly changing now, hopefully their policies and objectives will shift with it.
Now, the real question is, how do we get there, integrated and private, without selling out the whole stack to 100 different vendors with different API's, without one of them hacking the rest of your network, and without your government either hacking you, hacking one of those vendors, or just pressuring them for your data?
I don't have an answer.
Of course, it's a different argument when your house starts making food for you, but but I think I'll still lean towards maintaining my current system.
For example, my cable box comes with a remote that has a 'turn everything on' macro button. Except there's no integration, it just blasts the power toggle IR for the TV. Does it work? Yeah. Does it work well? No.
Buying a single brand and carefully selecting devices can help with that sort of thing, but it's BS you have to be careful to get any integration, it should just work.
I'd agree that a lot of the time it still doesn't work 'well' though.
The sad thing is that it is so easy to imagine so much more. If the cable box provided the available programming as data, I could use whatever interface I wanted to access it. Instead, I'm stuck with their customer hostile crap (no way to hide channels, etc.).
Try installing new lights and switches in your house sometimes and come back and ask that again.
Not to mention, why do we want 120/240VAC to the controls rather than low voltage DC (less shock risk, less fire hazard, etc.)?
This is even more desirable in office buildings.
I've installed plenty of lights and light switches... I still don't see the problem. Either you have the requisite knowledge to do these things, or you hire an electrician who does. Furthermore, no fancy IoT device is going to remove the basic requirement for running wires to the light socket and (semi-optionally) from the socket to a switch. This is fine because it only has to be done once when a space is built.
I would much rather have simple and reliable wiring done once when my house is built than have to buy new light switches every two years because my old light switch is obsolete.
>Not to mention, why do we want 120/240VAC to the controls rather than low voltage DC (less shock risk, less fire hazard, etc.)?
Oh come on. the shock/fire risk of a properly installed light switch is indistinguishable from zero.
Not to mention that the whole project has cost just a few hundred dollars, and the results will last decades. Why would I ever want my house to jump on the high tech upgrade treadmill?*
*Call me back when you can sell me robotic chicken legs for my house. That would be awesome.
Because its simpler, and therefore both cheaper and less failure-prone, to run the actual power to the device through the switch.
We've had alternatives with a complexity cost for a long time; they are rarely preferred because the complexity cost is rarely justified.
IoT provides more alternatives with complexity costs, but doesn't really change the basic reality for most light switches.
FOSS doesn't solve every problem we currently have with IoT, but it can if we give it enough power to.
I imagine your kids (and potential interests) might have something to say about that. Taking that to its logical extreme, how is your desire to invasively monitor people in your care any different from what the government is doing?
Parents are permitted to sit on their porches and wait for their children to arrive home.
Government agents aren't permitted the same right.
But that surely cannot extend to other children (i.e. the boy/girlfriend).
My mother was very much the "helicopter parent". The result was that friends never came round to my house, but I'd go to theirs and simply lie about what I'd done. "Why are you so tired?" is as easily answered with "we stayed up until 10am playing Warhammer" as "we drank three litres of wine and played GTA2 until dawn." Even my best friend's parents agreed my mum was terrible in this respect, and they'd fabricate cover stories if we'd gone out drinking somewhere and my mum phoned.
So no, I still don't see the fundamental difference between a parent claiming "I reserve the blanket right to monitor my childrens movements" and a government claiming the same on its citizens.
(edit: not saying they're equal, there certainly are differences in scale and execution -- but the fundamental policy is still one of distrust and subversion)
From the ruling:
"The Court rules that the Constitution permits law enforcement officers to remotely and continuously view and record an individual’s front yard (and the activities and people thereon) through the use of a hidden video camera concealed off of the individual’s property but only upon obtaining a search warrant from a judge based on a showing of probable cause to believe criminal activity was occurring. The American people have a reasonable expectation of privacy in the activities occurring in and around the front yard of their homes particularly where the home is located in a very rural, isolated setting. This reasonable expectation of privacy prohibits the warrantless, continuous, and covert recording of Mr. Vargas’ front yard for six weeks."
Having that ability is also convenient, even if you can't use the evidence in a court of law. It could lead to obtaining evidence that can be procured in legitimate ways.
We don't, because people don't care.
(or, in some cases, they don't understand how much privacy they are giving up)
There are some very asinine products on the market, there are so very many badly implemented products that throw security and privacy out the window, and there are some that are trying their best with what we have today. All of these are fleshing out the ideas that will stick for tomorrow... and hopefully are getting the user base familiar with the right questions to ask when looking at new stuff.
The ability to reduce home energy usage, let people in remotely, get alerted to activity inside your house when you're on vacation, detect a leak or flood while away or asleep. These aren't stupid. Some of these will genuinely (attempt) to help the world, most of them are nice to have, but not stupid by any means.
Where we're likely headed is that all of these individual devices don't need a direct connection to the Internet, but will have some local/mesh communication protocol to get the data to a main hub. Each local protocol will have security so that you can't sniff raw data just by being near the house, and the hub would use whatever the latest and greatest 'Internet security' offers up, a la TLS.
This is pretty much how Z-Wave and ZigBee devices work with the more established home hubs from Mi Casa, Samsung (SmartThings), and Wink.
We will continue to get burned by manufacturers in the near term. We will get burned by expensive, cheap, no name, and trusted brands. It's a growing pain, we don't have to accept it, but the majority of the products in the near term are going to be awful. Find reviews and analysis, create them yourself, or sit out, but your 'stupid future' is not going to magically stop marching into your house.
I think (hope) the difference will be the utility to the the average user of these devices. We're basically in the infancy of IoT and are already seeing useful consumer grade devices. Going back to the home hubs as an example: You can grab a z-wave light switch from a big box store, a generic z-wave thermostat from Amazon, the hubs go from free to $200, and The only knowledge you need are to be able to replace a light switch in your house and the knowledge you would use to install a new WiFi router, you can have your outside lights come on only when it's dark outside and your thermostat respond to outside temperatures or vacancy just like Nest does. All in, you're less than the price of a Nest Thermostat, are (probably) more secure, and have a real shot at actually reducing your electric bills- and that's just with what we have right this second.
Is it saving the world today? No. Is there WAY too much hype. Heck yes. Are there some REALLY useful devices out there today? Yeah, once you wade through the crop.
Admittedly we're in the super early adopter phase, but there are real non-superficial benefits to making our biggest home energy appliances smarter with respect to consumption. There are attempts to interface with the power providers to have things like dishwashers and washing machines automatically wait for lower usage times to run- which means we can use slack in the energy network instead of firing up more coal or bringing more turbines online. It's a bit of a rosy picture as its well understood that residential use doesn't compare to local industrial use, but let's get any efficiency we can.
As I've said to friends that are dubious on global warming- even if it's not a real threat, is it really a bad thing to use less energy and tear up less of our environment? Even if our residential efficiencies barely make a dent, assuming our privacy and security aren't completely compromised, is it bad to make our homes work just a little better?
Programmable thermostats have been a thing for about 20 years now. There is no need to have these things networked for only a slight gain in convenience. I'm pretty certain I can turn my thermostat down for vacations in less time than it would take to launch an app and do it.
Your programmable thermostat very likely doesn't accommodate the situation where you're out of town for 8 days over the winter holidays and you need it to be just warm enough to not have pipes freeze, and you want it to be warm when you show up with your two toddlers and pregnant wife at 7pm (bedtime). Also, what if you can't remember if you actually turned the heat down or not?
Also, I'm sure you can't turn your thermostat down in less time as I have a Vacation Mode shortcut button that I can access from the Today pull down in iOS that sets the thermostat to 55, turns off all the lights, and turns on motion detection notifications- without unlocking my phone. I'm being pedantic, but it is truly that easy.
Your light switches hooked up to a surprisingly power hungry timer don't tell you that they actually turned on when you're gone. Can't remember if you left the living room on and you're out of town? Check your phone.
Using a local communication protocol helps keep your gadgets from leaking your info all over the Internet like those god forsaken Internet cameras and such are doing these days, and the hubs they connect to allow you to actually interface with them remotely. This leaves the hubs as the weakest remote link, but in that case you only have to worry about one vendor getting it right instead of every vendor. It doesn't remove the risk, but it certainly makes it more manageable.
Z-wave and ZigBee both have their flaws, especially around security, but they do have the advantage of not making everything in your house addressable from the Internet.
These things aren't necessary, but they're not frivolous. They already are bringing efficiencies with not all that much effort.
Not at all. Unfortunately, very few people are actually including proper security and risk costs. A device that improves energy use and makes usage data or admin control accessible by a network may not be "just a little better". The network attack risk may even make the device a net harm.
It is rare to even see these negatives addressed by the people promoting IoT. I consider this extreme negligence, as any problems from a network attack are paid by the end user. Like coal based power, insecure consumer devices avoid paying for their negative externalities.
However, I am not particularly worried and that is because there will always be industrial/commercial models. I know this because it is the case with flat panel displays.
We are certainly well over the transition to "smart" TVs and all of their accompanying features - you probably can't buy a single display at Best Buy that isn't "smart". However, you can also buy an extremely well built, completely dumb "signage display" (like those thin-bezel NEC models you see airports use for departure/arrival boards, or what video walls are made of).
They aren't even much more expensive, since the buyers (airports and shopping malls) need economies of scale when they are buying 200 of them at a time. They last longer, are more rugged ... and are completely dumb.
The same is true with commercial refrigerators and ranges, etc. - pro cooks in a kitchen can't be dealing with the wifi or the facebook integration.
I am very optimistic that this will always be the case and that "dumb" models will be available to smart people for a small premium.
It's also easy to predict that lack of smart features (and screens and lights and boopity-beeps) will be a subtle class distinction. When everyone in the trailer park has a flat panel on their refrigerator, you'll see them disappear from the highest end models.
If I remember who talked about that I'll edit this message.
As I said, the airports (or the commercial kitchens, or the industrial lighting consumers) need to buy these things in bulk, so the prices get driven down.
Yes, a brand new NEC displaywall panel purchased quantity 1 might cost 20% or even 100% more than a panel at best buy, but go backwards one revision and its as cheap as any electronics.
In this case it's not "the rich" but rather the informed, or the savvy.
I think people with a will to learn often end up living comfortably, because they like learning and informing themselves.
I just bought a non-smart TV at Best Buy. It was somewhat difficult to discern, let alone find a non-smart model. It's do-able but your overall message is right: soon you won't. Worst, you won't even know one way or another.
Perhaps there needs to be a move for mandatory labeling here. Certainly, a better case than for GMOs.
I have never used a "smart" TV, mine is a dumb TV with a Chromecast sticking out of it.
That interface shouldn't be much more complicated that some connectors and passive wiring. Then I could connect a communications and sensor modules and replace them independently as needed.
I'd actually go for a little home automation, perhaps a Philips Hue or two if they were LAN only.
99% of these things should be blocking WAN access. Even the smartphone apps should be limiting themselves to never be on the net.
Unlike gmail and facebook actions driving ads, I fail to see what manufacturers get out of the data from when I use my fridge, toothbrush or thermostat. Seriously, I don't see what earthly use it is for them, unless next step is an ad driven toothbrush.
Every time I see an article about what's been found on Shodan I shudder. It's a very stupid future.
Incentive for dentists to recommend their internet enabled toothbrush so they can suggest specific brushing plans and monitor how well the person has been adhering to their regular brushing. There might also be some software on the dentist side for managing all of this.
I have one of these toothbrushes, that's roughly pulled from the features section of the manual. (I have it because I can track how well I keep to brushing my teeth over time, well worth the ounce of prevention.)
The local power company has a program where they supply a smart thermostat that they can regulate during peak use. With certain caveats of course, I think you can opt out of the automatic regulation several times a month.
Haven't seen a practical use for this yet.
So, I use 2 thermistors and a photoresistor and equipped them in my fridge. I used an Arduino Nano clone with a nRF24L01+ chip and MySensors library for getting data.
The data then is posted to my MQTT server (Mosquitto) and also saved in a file. The file is parsed by a graph library and is displayed on my http://[hash].onion/fridge . Also, if I detect >45f or higher after last fridge door open event, I throw an alarm (chirp on piezo speaker and email).
And yes, It's saved us at least 1 fridge load of groceries. We can't afford to buy a fridge every 3 years, even though throw-away culture sure would want us to.
For me that's a hell of a stretch. Just seems hellishly complex for checking the preferred 2 mins of brushing. Timer sure, especially for the kids. But, if people see real benefit...
> thermostat that they can regulate during peak use
OK, that's a benefit that's difficult to fault. Wasn't aware of any doing that.
Additionally, IoT security "solutions" can actually be worse than a malware. Here is a recent example:
Password Extraction Via Front Doorbell
You mean like Google and Facebook with the web?
Barring this, this is only going to get worse and worse as time goes on.
A bigger concern for me, is that since all this software / hardware is being built in the purview of repressive regimes (the US government not withstanding), that government actors will employ or dictate methods by which they can tap that "telemetry" without a court order.
It is important that the US pass these laws, as the majority of software that goes into these devices is built in the US (and, also, since the US is still the single largest market for them). If laws are passed in other countries, because of the cowboy mentality in the US (see: Uber, Facebook, Google, Microsoft in Europe, et al), I highly doubt there is any hope for self-regulation within the software industry itself, and that government intervention is necessary in this case.
Fortunately, market segmentation relegates certain features, network/internet connection being one of them, to the high-end/luxury segment.
It may take a (relatively) long time before network/internet will be so cheap that it will permeate down to the lower segment; considering also that being connected requires a backing infrastructure, which is cost added, I think this time will be very very long.
Also surprised no one posted the video of the guy on tech support phone call while his webcam was hacked and playing The Police "Every Breath You Take." https://www.youtube.com/watch?v=CUx8_JNNKsM
However, if your electric company already uses smart meters, which capture your power usage at a high resolution, they can determine a lot of what goes on in your home already: They can see what machines are on or off (they have different power signatures), even what TV show you are watching (again, based on the power signature), and make good guesses about when you are home, awake/asleep, how many people are there, etc. If you are less busy than I am at the moment, you can find reports from the Congressional Research Service, Colorado Public Utility Commission, ad IIRC MIT and the Dept of Energy detailing this (I think the CRS report references the others and is a good place to start.)
As long as what I want them to do (be a refrigerator, a tv, or a thermostat) isn't dependent on network connectivity, the "smart" device isn't much of a threat.
Awesome. Consumer electronics seem to get worse as fast as they get "better."
"What concerns me, as somebody who has absolutely zero interest in computers or electronics or whatever, is that as electronic devices become more and more ubiquitous, I'll probably still end up with some kind of quasi-electronic garbage in my house. Either because I didn't mean to purchase it, or because there was no alternative because in the future every under-sink washing apparatus requires electronic connection or some nonsense.
I'd love to see products that provide a user-friendly way to help me audit what my network is doing, and create firewall rules for different classes of devices. For example, if you're running a DVR server, the camera mentioned in this article probably shouldn't have been granted Internet access.
While some routers have basic firewall support, it's really rudimentary and nowhere near sufficient when you have several dozen (or more) relatively unknown devices on your network. And definitely not user-friendly enough for most home users.
We need be a better solution than this! I already dread having to configure and tweak firewalls every time I add a new device or install a new application.
Even with the most user-friendly firewall in the world, we'll still end up in a world where 99% of users don't do anything and have no security/privacy. And the 1% of technical users will end up breaking basic functionality because they blocked something that the manufacturer of the device or app deemed to be an essential connection.
Thinking out of the box for a moment: If you install a camera, suppose your router automatically encrypted everything coming out of the camera such that it could only be decrypted on your smartphone, or whatever you're using to view the feed from your camera. The encryption, decryption, and keys are completely independent of and outside of the control of camera manufacturer. The encryption is unavoidable; even if they get a secret feed of the video, they cannot decrypt it.
Instead of the router, perhaps it's the device driver that does the encryption. The point is that this is something automatically done whenever you plug in a camera and which the camera manufacturer cannot subvert. (This idea is for cameras and such. For other kinds of IoT devices, this particular idea may or may not help.)
NAT != firewall
IPv6 doesn't take away your stateful firewall, and NAT isn't providing ANY security. Your private IP addresses are betrayed all the time by your browser (and TCP option headers). NAT has done an incredible amount of damage to the internet; it prevented the development of true peer-to-peer software and forced everything to centralize.
The solution - even for IoT in the few places IoT isn't a surveillance scam - is to remove NAT by using IPv6.
That's not really true. By its nature, stateful/dynamic NAT, which is what the majority of the consumer world is using, means internal services aren't exposed to the Internet. Short of layer 7 stateful packet inspection, or some other IDSy type thing, a consumer-focused 'firewall' isn't going to do any better... they have to be generic and fuss-free. Just go back to the early 00s or mid-90s to see the ramifications that exposing ports from Windows machines to the Internet had, then tell me NAT hasn't had a positive security impact.
NAT has had the same _security_ impact that a default REJECT ingress firewall policy would have. (Coincidentally, this is the default firewall policy for non-Enterprise Windows Firewall configurations.)
If you combine default REJECT with a port opening protocol like uPnP, you have a really nice, reasonably secure, self-maintaining border firewall. (Hyperventilation about security issues with particular implementations of uPnP notwithstanding.)
I disagree. Defaults are a powerful thing. If one's router ships with a default REJECT ingress firewall, a non-technical user is not likely to change it.
I think a router with a smartphone based controller could work well - push notifications when your TV wants to connect to the net for the first time or a friend has dropped by and wants to log on to your guest wifi
Consumers want things that "just work" because they haven't been shown that they can have control. It's really a matter of selling the value proposition of such administration, and making these devices' communications patterns legible to the average consumer.
You've lost probably 95% of the mass-market: users who visit their router's setup page either zero times or one time throughout the devices' stay in their home. Users do not want a list of devices or controls or toggles, or text fields to fill in IP addresses. They want to buy their plastic internet box, plug it in, and go download cat videos. You can try to communicate value proposition until you're blue in the face. People want to plug it in and get on with their lives. Trying to convince users of the value of "administering a computer" is fighting a losing battle.
I heartily disagree with this defeatist figure of "95%" though, and feel it reflects tech feelings of inferiority more than the actual ability and desires of people using technology.
Most people will apply their brain to overcome straightforward problems and most people seem to be concerned about security. Of course this concern comes from mass-media scaremongering, which also misleads them into thinking that centralized entities will protect them. But it still means there's a demand, and the concern-actualization gap should be able to be bridged with sufficiently-accessible administration.
If plugging in a device makes it just work, then a user is likely to forget the step of modifying the ACL. But if going to the router page is a required part of setting up any new device (because they have previously chosen this mode when setting up the router), then it will just become part of their workflow, the same as entering SSID/passphrase.
Not true. Someone on the Internet can mark your router's external IP as the gateway for your internal network range and send packets to your internal devices fine.
(In practice most NAT devices also do firewalling to prevent this, but the two functions are independent)
I have no idea how well supported these headers are on the modern internet, but they are still part of the protocol.
> only the NAT process crosses
Nope, a router that doesn't have a firewall but supports NAT will route a packet if it has the proper destination address. That is, if a packet is received that has a destination address of e.g. 22.214.171.124, it will be routed onto the LAN. However, this is a very rare configuration, as most routers (including ~all home routers) also include a firewall that does packet filtering.
Iff the ports are logically connected. Nothing forces routing to be global.
If they're separate, it doesn't have to intentionally drop packets. An example configuration: You're NATing 15.x.x.x to 10.x.x.x, with a 1:1 mapping. It's wide open. But it simply doesn't understand what to do with a packet addressed to 10.x.x.x on the external port. No destinations in the external port routing table contain 10.x.x.x, so it gives up.
When I've seen a "NAT" box configuration it's literally been two iptables rules: one to do NAT, and one to default drop packets from outside.
Yes, I'm making a pedantic argument about terminology, but it's an important one because IPv6 means we can remove just the NAT part - all of the other filtering/etc features can remain. The goal is to make all devices addressable globally, which some people assume is a change in security. That isn't a correct assumption, as an IPv6 router (with a stateful firewall) should drop the same types of packets as their current IPv4-with-NAT router.
 NAT badly damages the network by imposing an imprimatur on the hosts behind the NAT.
The routing engine on the outside port has a destination for 15.x.x.x. Those packets go into the NAT engine. It does not have a destination for 10.x.x.x. Those packets suffer the same fate they would if you gave them to any router in the middle of the internet. Nowhere to send, abort.
Of course it's also going away with all the IoT things actively reaching out, since every external connection made without care is also an avenue for attack. ("Oh, you want your firmware update little camera? Have I got an unsigned blob for you! You're gonna love this update.")
1. Yes, browsers and other things will leak your private ip space sometimes, but nat does indeed provide a level of security simply due to complications in routing issues for attackers. Its certainly only a base layer, but it does help.
2. In many situations, we dont want devices on the internet at all, and on private only networks. This is doable with site private, but that brings me to
3. There is a lack of clearly communicated best practices for the industry. To the pont that adoption is almost nill. I recently had a private network setup via ATT, and they said I was the first customer on that network type to request ipv6...
4. Knowing how heavily the NSA was involved in ipv6 (in particular ipv6 ipsec), I have my concerns about the protocol itself, albiet as of yet unverified doubts. The corruption of NIST committees is a very serious thing to me.
5. As the admin, I want to be able to see non encrypted traffic and metdata traversing my exit points. I am having a harder and harder time diagnosing IPv6 because of how often it wants to tunnel to some ipv4 address that I dont trust (read: microsoft).
I know that all these points are fairly weak and suspect to criticism, but what gets me is that I dont hear this discussion. Instead I just hear either how ipv6 is god and you should embrace its loving arms, or I see people just sticking their head in the sand who say, I dont like it so Im going to ignore it and hold on to my ipv4 blocks until they make me.
Im open to conversations on the topic, and my list is larger but Im on mobile and late for fixing some ipv4 networking issues .
Unique Local Addressing (RFC 4193) solves this problem and requires no coordination with outside parties. The network admin gets to choose the scope of the ULA prefix, so you can trivially make your ULA traverse multiple LANs if you wish. (This addresses your first point, too.)
> 3. There is a lack of clearly communicated best practices for the industry.
Eh? This is the first hit for "IPv6 BCP": https://www.apnic.net/community/ipv6-program/ipv6-bcp
> 4. Knowing how heavily the NSA was involved in ipv6 (in particular ipv6 ipsec)...
Then -uh- don't use IPSec and block IPSec connection establishment attempts at your border firewalls. Or, because implementation of IPSec is -sadly- not a requirement for IPv6 implementers, use an IPv6 implementation that doesn't implement it.
Edit: You are aware that OpenVPN uses TLS for session authentication and IPSec for transport of tunnelled data? :)
> 5. As the admin, I want to be able to see non encrypted traffic and metdata traversing my exit points. I am having a harder and harder time diagnosing IPv6 because of how often it wants to tunnel to some ipv4 address that I dont trust (read: microsoft).
Are you talking about IPv6 over Teredo tunnels? If you are, then get a packet dump and fire up Wireshark... Teredo doesn't encrypt the traffic that it tunnels. If you aren't, and you're talking about something that's wrapping traffic in TLS, then -well- that doesn't have anything to do with IPv6.
That's not an issue against IPv6. The entire ipsec standards were backported to IPv4, by people from the same organizations. There is no reason to assume IPSECv4 is any less tainted.
Well the first answer that came to mind for me was NAT. There's a reason you'll see both botnets and (commodity, cheap) security cameras generating P2P traffic: NAT.
NAT+IPV4 is a problem that adds complexity and less usability at the cost of security. It's a clear bolt-on design that consumers have tolerated probably for longer than we should have. I think ISPs have mostly created this problem in being slow to adopt something else.
I would also agree that we have a basic usability problem in home routers and pretty much the entire concept of firewalls when it comes to normal users. How do you explain egress traffic filtering to someone who just wants to control their thermostat from their phone and stuff?
I am wholeheartedly open to maintaining a whitelist for all of what's trying to reach out of my home network, but the sheer magnitude of domains being queried makes it unfeasible.
It didn't occur to me how much you can learn until looking at power consumption home page of our demo house when the owner was on vacation (owner = boss). All the circuits are flat.
A manager at the company who installed it too, came hold and told his wife "I see you came home at 3". He knew because he could watch the power come on. We could count loads of laundry done and watch the sun rise from solar panel output. Then there is the awkward conversations when you know the dog walker didn't walk as long as they said they did.
I was glad the company transitioned to monitoring businesses, but I left after a few years for unrelated reasons.
circuit breakers are starting to have the measurement technology built it.
Parts of California US has a moratorium on these smart meters for "health and privacy" reasons https://en.wikipedia.org/wiki/Smart_meter#California
I though you could write a good mystery that could be solved using a power monitoring system... But alas I am not a writer.
the first option might burn your house down though
You're not the one in control of this data.
This is the huge feature that the Internet of Things is built upon, but sadly, far too few players in this market have yet accepted the full ramifications of the feature---while all the devices you own are now functionally within speaking distance of each other, every criminal on the planet is also now within speaking distance of them.
Hopefully, more manufacturers will wise up to this concern. Until then, I'm rolling my own IoT solutions.
This is because every company that has been making "Things" for the last 5-100 years are now thinking about making IoT devices without understanding anything about Internet or Security. The Nissan Leaf or that toy maker Vtech cases are good examples of this.
A Quick starter for the rubber stamp list:
1. Authenticate every request
2. Use encryption in every phase (transport, passwords etc)
3. Really, handle basic Web security
4. Be really, really protective about your customers data in every way
5. Don't sell the data without consent from the customer
Networked cameras do make sense to me, but a lot of the IoT stuff I see, if one really takes into account the full range of costs and benefits, are quite absurd propositions.
I don't know the answer to this problem though
I guarantee Nest, Canary, Ring, etc. all do the same thing. HomeKit and Weave do to (although they use
Apple/Google's servers which you probably trust more).
None of these devices need out-of-the-home communication for the users benefit. Not even Nest.
- central control via the manufacturer (thermostat talks to nest server, my app talks to nest server)
- dyndns with NAT hole punching or upnp (a way for my app to know what IP the nest is listening on and connect directly to it
- a vpn from my phone to my home and the app discovers the nest as a local network device. You still need a way to make the VPN connection to your router, bringing us back to dyndns or some way to discover your IP or hope it is static
- a P2P overlay network, such as what Krebs is complaining about, or more securely, a Tor hidden service.
I believe the latest gen hidden service descriptors also effectively authenticate as well because the unique domain is kept secret and has enough entropy. I'm not sure if it's quite as simple as hash(domain) is public and the preimage is used as a key, but something like that.
I thought this article was going to be about the camera emailing snapshots back to China we talked about a few weeks back. A bit disappointed that it's mostly FUD over simple IP discovery with perhaps some STUN/TURN added in. So, in that regard using Tor instead may not help.
However IMO anything that makes .onion become mainstream is a very good thing.
We need a hosted VPN service that provides a user-friendly firewall that defaults to deny all and offers a whitelist. Does that exist?
I am yet to see a single IOT device with would compel a non-techy-nerd to buy it.
IOT is stupid as it stands now.
Most people won't want to setup DDNS through their router with a service such as DynDNS (expensive at $40 per year). So the IP camera manufacturers offer DDNS as part of the product. Register the device, and you're up and running with the live camera feed appearing on your phone.
Increasingly the cameras have 2-way mic capability, so it's actually very cool to access it from your phone.
It's possible some of the fear is coming from not understanding the connections taking place as part of the DDNS. The actual video stream does not need to be uploaded to the manufacturer, unless they offer media management, backup etc and you've opted in. I prefer saving the video triggered from motion sensors etc to a local NAS.
Probably, it's either something like this or paying a subscription fee for these devices, as having them use other local hardware infrastructure is a non-starter.
I'd love a device like this that does P2P and lets me build meeting rooms across the different P2P devices. Just something that looks like a webcam, or like this, plug into the TV, and maybe have a button to start a meeting. That it gives access to my home network, oh well. I let anyone who visits more than once on my home network anyway, and also devices by a dozen manufacturers that I know aren't secure.
You're on your computer connected to a regular home router. You hit google.com in your browser. What happens is that you create an outgoing request towards google.com port 443 (TLS/HTTPS). The router opens up a temporary firewall rule allowing responses from google.com port 443. (Without it you wouldn't get any response)
Holepunching is simply using that fact, your device A and B shares their external IP:port with eachother (outside of STUN/TURN scope) and then does a simple connect() to eachothers external ip:port. When A does connect(B_IP:B_port) it opens up for B to respond to that channel, and since B is doing connect(A_IP:A_PORT) his request will be let through and they can connect to eachother. A direct connection, a P2P (peer to peer) connection between those two clients, no one else.
Imagine it as a temporary port forwarding that's most importantly limited to one specific IP and PORT that can use it: the other device.
(There's some technical limitations to this like the type of NAT/firewall you have, but for the simple home router the above usually works.)
However, if I have the cameras on a completely separate subnet and network interface on the firewall and block communication from this subnet to my regular lan and to the outside world, I should be immune to this, correct? A is in my DMZ, and can't communicate with the outside world based on my firewall rules, so A would never reach B.
Hole punching works when both A and B are behind NAT. It also allows B to contact A if A is behind a NAT (no matter if B is behind one or not). If both A and B have public IP's then the hole punching is "already done", they can already connect to eachother.
The one thing I've noticed in general is that a lot of these IP cameras and NAS devices have DDNS or some other type of automatic forwarding on by default because users just want to plug something in and be able to access it from their iphone. The ability to do this with no more effort than pointing at a picture on a phone screen is apparently a selling point. The idea that you'd need to set up your own port forwarding or firewall rules is enough to turn a large percentage of potential buyers off to a product.
It's an unfortunate situation and it's the one good case I can see being made for the whole "cloud" dependent devices like Dropcam and friends. If the only thing leaving your LAN is an encrypted stream from the camera, at least in theory it's harder for casual snoopers and Shodan tinkerers to find something sensitive to look at.
Personally I prefer to have my IP cams connected to a separate LAN and record to a NAS hidden in a closet but in this day of "there's an app for that" and "plug and play" being the norm, it's interesting to see how companies sell networked devices to end users with the basic capabilities they want while not opening up home networks and sensitive data to anyone with the right search terms and the latest exploit.
And the fear mongering(ooh Chinese, be scared! Must be worse than all American company/gov soon same.) Scenario presented is by far not one of the scary scenarios that ubiqitous, constant, and networked sensors of all types make possible.
I have seen a list from Brian Knopf for some preliminary criteria in an article.(1) I am always looking for more standards or advice on how to create a useful product that doesn't expose the user especially marginal gain products. I mean why give up all the privacy and security just to control our lights? The gain is small but the harm is very large.
Also, if some small developer wrote a mobile app to control such devices, would they also see themselves liable?
I agree with the stance of this post that this demonstrates the dangers of the internet of things. But I think it's misleading (and a little funny) that it's the p2p aspect that causes all the outrage.
You could move all the p2p stuff from the device to a central, manufacturer-controlled proxy, relabel the p2p connections "3rd party APIs" and suddenly your former security nightmare has transformed into an ordinary, industry-standard IoT product, even though the data that gets transmitted is exactly the same...
Instead the focus should be on what data is transmitted at all, but that is an old, well-known problem of course...
Unfortunately this is one of those issues that he is right about.
As explained by the company representative (including my own added explanations) the devices, when behind NAT, can not receive any incoming requests without setting up port forwarding in the router (this is done automatically and temporarily for outgoing requests to allow incoming respones, but thats another story). Setting up port forwarding is not a good solution so what I pressume they are doing is that they are connecting to a TURN/STUN server from the camera outwards to be able to communicate. When the application wants to connect that one also connects to this server to have the camera create a p2p link (that means direct connection between camera and the device the app is running on). If that one fails then they are relaying the data through their servers.
Now there's some ceveats for the above solution. If one relies solely on encrypted channels and certificate security it should be as safe as the encryption is strong or the strength of the certificates. If not done properly, say client/peer verification is missing or the encryption chain isn't complete, then it's most likely bad. However:
The single most important thing is that the _functionality itself_ and the technique used is not unsafe per se.
The author makes it sound like it's a giant P2P-pool of camera devices, however this does not seem to be the case. Rather it seems to be a big network of relay servers to reduce latency for the connected devices. Big big difference there.
(Then one may question the inability to turn it off or that its enabled by default, but thats another question)
"This is a concern because the P2P function built into Foscam P2P cameras is designed to punch through firewalls and can’t be switched off without applying a firmware update plus an additional patch that the company only released after repeated pleas from users on its support forum."
Later he quotes Nicholas Weaver from ICSI:
"Given the seemingly cavalier attitude and the almost certain lack of automatic updates, it is almost certain that these devices are remotely exploitable."
"punching holes through firewalls" <-- This _simply_ means that the device does a connect() call towards the clients IP:port while the client does a connect() towards the device:port at roughly the same time. You simply use the fact that a simple home router opens up a temporary rule allowing the destination:port to respond to your outgoing request. This won't work on symmetric NAT's for instance.
It's basically a completely safe method and does not open up for anyone else to connect ...
(The enabled by default is as I wrote in my original post is another question. The way I read the article it seems like the core focus of the post is to say that the solution used is bad or unsafe, which with given information cannot be said).
Krebs also understands the technology, and quotes David Qu from Foscam about how their P2P technically works.
I agree with you and him that it would be a lot nicer to let the user choose to enable this, and definitly not make it impossible to disable.
With that said, I'm still not sure that the author actually understand the technology behind or how it works.
Reading David Qu's answers they just align with what I'm saying about the technical part though. No matter what the author says, I think it's easy to misunderstand the text and make it sound like the manufacturer are doing something unsafe...
Yes, "only allows connections to a small number of peers". However, depending on how the IDs in the P2P overlay connection are chosen, an attacker may be able to select an ID that causes their node to be one of the nodes that your device contacts. Also, in the case where a remote login or remote execution vulnerability exists, the entire P2P network can be rapidly compromised, even though each node only punches holes in firewalls to a small number of other nodes.
I don't think you understand how the technology works. Each camera does _not_ "punch holes to a small number of other nodes", it setups a direct connection between itself and the client device (you) using a technique called hole punching... It's just a simple connection between you and the camera, no server in between.
Except that it's opening a port into an unverified P2P network. How can you say for certain that none of the peers are compromised or nefarious?
I'm not saying that their solution is safe, nor am I saying that its unsafe, simply because I don't know. What I do know is that you can make it rather safe and you can do it really bad.
If they are using a TURN solution which I think they are, then it's not really a "unverified P2P network" either because the peers do not know of eachother nor do they talk to eachother. They talk to the server and have no clue about one another without some external signaling. The server connects two peers upon request of a specific uid, however this where authentication gets important and I have no clue how they've done it.
Of course you can try to create connections towards random ID's (you have a lot of ID's to go through judging by the screenshot) but hopefully you won't be allowed to connect since you don't have the correct certificate/key needed. Again I don't know how they've implemented it though.
They forgot the part where my government keeps trying to make it illegal to fix it even if I know how.
The only device that actually benefits from the internet is a computer, and maybe a mobile phone (because there is this app craze). The rest I predict will fade when consumers discover the devices were fine the way they were.
Impossible. My bachelor pad apartment came with a washer and dryer. Those need to work without the building owner paying $50/month for internet access for a clothes washer. Maybe you could write into the lease terms that the appliances only work if the tenant pays for internet access. Imagine if the thermostat refused to turn on the heat because there's no internet access because no tenant, then the pipes freeze in winter...
Likewise my MiL does not do internet. She has no computer, tablet, smartphone... but she does have a lot of retirement income. Most of the VCRs in the USA blinked 12:00 because most VCR owners were uninterested in using that appliance to set up timed recording. A VCR that forced owners to set the clock before it would play back rented tapes would never survive in the market. She has one of those smart TVs that spy on people and spam them, because she liked the style of the case (bezel, stand, etc), but its not connected to the internet and never will be.
UI design is beyond human ability today, and will only get worse. I have one of those "efficient" nearly silent clothes washers and it drives me crazy that there's no way to predict when it'll finish, because it spin cycles until water stops coming out, etc. So from an efficiency standpoint I want to move damp clothes as fast as possible into my dryer, but the darn thing quietly plays an annoying little song once and then goes silent. I wish it beeped for an hour. Most UI design choices are made solely to impress other UI designers, therefore the user is left out. This is an extremely bad portent for the UI for internet of things.
There's just too much money to be ignored in places without internet access.
I'm not saying it has to be done that way; I'm just saying that it is.
While Windows activation can be done offline, for all practical purposes it + Windows Update requires you to be online.
I help an older lady with her technical struggles. Recently she moved into a retirement home and does not currently have internet access for her laptop. Microsoft Office started bitching about it being an illegal copy presumably because it could not phone home and verify her license. Sigh.
Yes, the only thing that benefits from a an internet connection is a computer, but eventually everything will need to have a computer in it.
That said, I was recently in the market for a new TV and the models with the best image quality in my price range didn't offer a non "smart" version for less money or even the same price. As a result, I've got a TV with AndroidTV built in and it's actually a lot nicer than having to cast everything from my phone or PC to Chromecast (although that functionality is also built in).
Now, granted, when the AndroidTV bits become outdated as they surely will before the actual display does, I'll be back to plugging external devices into it but for now, there's definitely a lot of benefits to plugging that ethernet cable into the back of it.
I personally think they should just bundle something like a Fire TV stick or Chromecast with the TV
My next TV will be as 'dumb' as I can find, at the moment off-brand TVs you get in supermarkets still seem to fit that bill.
Personally, the only thing attached to my TV is a computer. I said previously that a computer benefits from the internet, so I suppose you might say my TV benefits from the internet?
On top of that, the space is very immature and a huge nascent market, so you have all the big players trying to beat each other out for a large slice of the pie - Alphabet, Apple, Amazon, Intel+Qualcomm+Microsoft+Samsung (OCF Alliance), etc.
What you really need is a strong vendor with a compelling security story who you can credibly trust to create good devices with a lot of thought on end-to-end security...any guesses who that might be?
I can't really think of anything that would change this situation -- although IoT devices will get more sophisticated, they will likely remain quite single-purpose, with webapps or mobile apps serving as the UI, so there isn't going to be much to gain from a large common code base.