This is exactly the mechanism that gets people in trouble going to China for manufacturing. They say "I want you to build widgets" and they get a good price quote, and say "Wow, this is awesome!" because they have in their mind that "making things in China is cheap" but in reality its that if you cut a lot of corners you can make things really cheap, and since the contract doesn't say you can't cut corners, it is all "perfectly" legal. But the manufacturer knows what the buyer doesn't, and exploits that information asymmetry to make money at the buyer's expense without the buyer having any true recourse.
The hotel in question could have said in the RFQ, "System will be impervious to network traffic snooping and at no time will systems or a guest supplied computer be able to access the controls in another room."
Had they said that, the price quotes would have gone up and had the system the author speaks of been delivered, the Hotel could recover the costs of installing it from the vendor. But they hotel didn't even know they needed to ask for that since they no doubt would assume, "nobody would make something that shoddy would they?"
I learned about this when I saw one of the rules in a NetApp hardware contract that said "Manufacturer will install all components shown on the schematic on the final units in their designated locations." That seemed really odd. I learned that before that clause had been part of the standard contract, there had been a manufacturer who decided unilaterally that half of the noise suppression capacitors in the schematic were "unneeded." Units from that manufacturer started failing in odd ways in the lab.
> This is exactly the mechanism that gets people in trouble going to China for manufacturing.
I keep hearing about the "cheap Chinese tech", even though nowadays a lot of high-quality gadgets are really Chinese. Even Apple's products are mostly from China. And it's not even for the cheap prices, it's because the entire production chain is there
The mistake is not going to China, it's going to China just in order to save money - or anywhere, for that matter. I get that your point is not actually about China, but saving money on the wrong things.
I'd just appreciate if we could stop using "Chinese" as a synonym for "cheap".
And if the design you are paying them to take from you is for some IoT product, the local Party boss can even make bonus points with his superiors by offering them a chance to backdoor it.
I'll bet the cheap tablets in that hotel for tech conference attendees, the tablets with the ethernet and WiFi listening circuitry, could collect a lot of great technology for their makers, and I'll bet they were made in China.
It was rampant in the US when there was the manufacturing workshop of the world, and rampant in the UK when they were before them.
TL;DR Immature locations cut more corners. More regulation, experience and reputation helps. Consumers are naive. Manufacturers want you to buy the same things many times over your life.
In all markets, There's always going to be someone willing to cut corners to secure a place in a market, or make a fast buck in a mature market. Or maybe it's a new market that can't yet have matured. That's only part of the problem.
As markets mature regulation increases and companies tend to trade more on reputation (not always deserved of course. eg Beats headphones). Now there's an opportunity to trade on the good reputation of wherever (Proudly Made in America! / Britain! / Japan!), whilst selling you cheap crap. That's the other half of the problem. The meaningless label to tell the consumer it's made wherever they currrently believe is good.
In the early 80s most things Japanese were crap. Hifi sounded awful, but had lots of LEDs. Bolts, tools and vehicles were made of soft cheese. Their stainless steel rusted (I kid you not)! Honda made cam chains of special stretchy metal and probably accidentally invented cheese strings. Now Denon make very nice hifi, Teng make very nice tools and their cars are pretty reliable.
Why pay £50 for a Snap On or Britool spanner when there's an almost identically packaged one, made in the same place, for £3 or £40? Only one will last longer than you in daily use. One risks breaking on first use.
So, it would be more accurate to say "isn't there a reason cheap tools break", "cheap materials break", "consumers naively expect $100 quality for $3.99" or "dishonest people are dishonest" than blame a specific locality.
The ONLY thing that has changed is all manufacturers adding built in obsolescence whenever possible. Now even the premium item is made to last "just long enough" (to get away with), but that doesn't make any one location especially good or bad at making stuff.
The only thing geography introduces is the further away it's made, the harder it is to audit your supply chain. Racism and nationalism has no relevance however.
 They're no longer British, or often made in Sheffield, they're just another meaningless brand of Stanley trading on 100 years of reputation. You're actually better served buying Teng these days.
Few people that I've met have any real world experience with contract manufacturing. Of the ones I do, they have mostly dealt with Chinese manufacturers, although I do know one person who worked with a Japanese contract manufacturer and one with a Vietnamese factory. Everyone who has ever asked me about this I point to Bunnie's "Made in China" blog entries . Which convey the challenges and rewards of taking manufacturing to China much more clearly than I ever could.
That said, people who have had experiences with contract manufacturing in China have all had a very similar experience, that experience was that the contract manufacturers have an exquisite expertise in squeezing costs out of manufacturing through creative techniques, not specifically disallowed by the contract. Bunnie writes about this at length in his blog.
The thing here is the law of large numbers. There are so many contract manufacturers, and their business is so competitive, the ones who develop this expertise survive and the ones who don't, they don't survive because nobody accepts their bids. It is important to understand that they are this way because they are good at what they do, not for any negative reason.
It is this exact asymmetry of information which I expect befell the hotel in its attempt to have "cool programmed light switches and TVs." This mechanism, which many people who have used contract manufacturers have experienced, is that an inadequate specifications on the final product can give the manufacturer room to economize on their costs, which increases their profit, and also increases the chance that the bidder will be around for the next bid.
And it is the large number of Chinese contract manufacturers, the ease with which they can be located and contacted via Alibaba or other web sites, that means so many people have had a chance to experience this effect first hand with them. Using Chinese manufacturers as an example of the challenge in my post was my way to communicate what I was talking about in a way that folks who might look this up could find additional resources discussing this challenge (and they would probably find Bunnie's blog too).
The leap here, was to take what I wrote and assume that I said, or believed that because something was made in China, is was cheap.
That was not what I said, and certainly not what I meant. But a mix of people have both read it both ways. So it certainly could have been written more clearly.
I really do recommend Bunnie's blog. Everyone should understand the challenges of working with contract manufacturers, regardless of their nationality. Not tightly specifying a contract (and worse not knowing how to tightly specify a contract) will create situations like the one with the Android controlled light switches.
I don't understand how putting that in the contract is supposed to help if the manufacturer being used is pulling stupid "you didn't say the product actually had to work" semantics games that would get them smacked in any reasonable court anyway.
From what I've seen it is extremely arbitrary and is extremely frustrating. I was on a jury once, where one witness was told to tell only what they had heard/seen/etc. They would try to say "I heard so and so say such and such", and the other side would object. The judge would then say to tell only what you saw, heard, etc., not what other people did or said. And I'm sitting there thinking "But what that is exactly what they were trying to do!" (of course I couldn't say a single word for risk to my own safety).
You're talking about a Chinese court, right? The guy you're planning to sue lives in China and is a long-time business "associate" of the judge who will decide your case.
It could also be that such clear terms are useful in other jurisdictions where shenanigans like that wouldn't be smacked down without them.
If you read contracts a lot (and over the years I've probably read a couple of thousand and negotiated maybe 100 or so) you will begin to see clauses that are in the contract which specifically prevent what was clearly a problem before that had not been decided as being in breach, so the added clause insures that in future contracts it would be decided as being in breach.
My lawyer once told me that every contract tells a story if you know how to read it. The more I've read, the more I have come to appreciate that sentiment.
These are the signs that I always have a good chuckle with, thinking, "that sign is there because someone did that."
"I was just thinking of the provisions of a typical Alexandrian rental agreement. For a house or an apartment. You know, the one about—"
Zeno smiled, nodding. "Yes, I know." His voice took on a sing-song cadence: " 'At the end of the term, the tenant shall return the house to the lessor free of dung.' "
He laughed himself, now. "It was so embarrassing for me, the first time I rented an apartment in Constantinople. I was puzzled by the absence of that provision in the contract. When I inquired, the landlord looked at me as if I were crazy. Or a barbarian."
As a security exercise, assume a malicious hacker have physical access to your LAN. (shares, KVM, IPMI, MITM)
You can put down "device should not be hackable" but without their own competent IT arm the hotel can't possibly verify the product delivers on the security promise.
But at least the buyer becomes aware that security might be an issues, and thus take it into account when making the final decision. (Even if its just "take the lowest bidder that talks about security convincingly"). OTOH, this doesn't work for buyers that don't actually care.
> You can put down "device should not be hackable" but without their own competent IT arm the hotel can't possibly verify the product delivers on the security promise.
Sure, but if the vendor puts this in the contract and the hotel does get hacked, isn't the vendor then suddenly liable?
This isn't really security theater — the term refers to something which gives the illusion of security and doesn't deliver, not the failure to achieve absolute security. In general, door locks are about as secure as they're portrayed: they don't prevent someone from breaking in but they considerably increase the time, skill/tool requirements, and risk of detection. The other key part is that the threat model is obvious: people understand that if e.g. you put a Grade 1 lock on the door but leave the window open, it's not a failure of the lock.
> Criminal nuisance laws are probably enough to deter anyone actually turning on all lights at 3am.
How are you going to find out who to charge?
The implementation felt like they'd asked a VB6 dabbler to implement it in Java. Then stuck it in the cheapest 600mhz tablet they could find.
The UI was purely a button grid with distorted graphics, and dodgy typography. Button presses took about 1/2 a second to respond, and every 5th press caused the app to crash (adding a good 30 s to the experience).
My room had 4 tablets* in, and all of them behaved exactly the same way.
* the idea of a tablet to control the room is neat if it could be moved around. Like a remote-control. But for security (and using Ethernet) they were all fixed down. Making them far more useless than plain switches
Now I'm living in the future.
I keep waiting for this iot/we put a chip in it/etc to produce results that are an improvement...
Here are the greatest hits.
By the way, it seems like extreme product fail on Twitter's part that I have to go to a sketchy third party site to get the top tweets for an account.
Not necessarily. They just decided not to have this specific feature. It is a product design decision.
For many Twitter accounts, the top tweets are a lot more interesting than the latest tweets, especially if you've just discovered the account for the first time.
On the DVD commentary, one of the writers explained that the future will be like Star Trek, but nothing will work. It's turning out to be true.
The original Modbus was designed to communicate with factory devices controlled by logic controllers over serial and eventually over a custom token ring network. Modbus got moved to TCP at some point when I stopped paying attention. Modicon rejected TCP when I was there because the OSI model 7 layer network stack was going to be the next big thing.
Of course, there are no security provisions whatsoever. If you can get a device on the LAN, you're golden. Every device, fully open to monitoring and control of every attached piece of equipment.
In the new world of inexpensive, battery powered LoRaWan to Ethernet bridges with tens of kilometers range, I can't even begin to imagine the industrial carnage we're heading for. A sufficiently funded attacker could find ways to implant remote monitoring and control in virtually every facility, where they can get a minimum-wage cleaning staff member hired. That means -- pretty much every facility (short of military, perhaps).
Anyway, what the LoRa did emphasize is that both the network layer and application layer are encrypted with different keys using AES. This means someone would have to compromise both layers to actually control the devices.
Buuut, given that both encryption keys are stored on the device, I bet someone will just walk up with a chip clip and read the keys right out of EEPROM and then the pretty lights will start.
Or they'll just hack the application servers. I've seen some really god awful pieces of software in use.
A vendor once told me "it's so easy to admin our device over the internet. Just go to 192.168..." And of course due to corporate politics we still bought that piece of shit.
Usually keys are stored in a part that is not accessible directly, think of SIM and bank cards. Actually lots of LoRaWan use SIM cards.
/deploying CAN bus without security
That if you have a box that can talk to network A and B, suddenly anything on A can talk to anything on B.
A CAN bus, or older modbus installs, would be airgapped by its very nature.
Using Modbus may be insane, but Internet Protocol (IP) predates it by 5 years.
while true; do turn_on_all_lights $IPADDRESS; done
And why not do that to the entire block of addresses you can reach, of course?
It's no "steal identity, rack up tens of thousands of debt" level of nuisance, but it's enough that some basic security is definitely called for. Given the capability of the devices on both side (i.e. we're not dealing with "embedded" 1MHz processors here), client and server side validation of SSL certificates on an SSL connection, combined with some basic physical security to detect that someone's pried the Android off the wall (this can be something like "seal" stickers; we're going for detection here more than prevention), would have had a pretty good cost/benefit ratio.
(Remember, the goal here isn't to make the security "perfect", merely to make hacking it more expensive than what is being protected, which in this case still isn't that much. Nobody's going to risk being physically fingered as the room that pried out the Android tablet just to screw with lights.)
level = 0
while level <= 100
set all lights to level%
level = level + 1
set all lights to 0%
If that succeeds in waking the person, they will wake up in darkness, wondering what the heck woke them up.
More fun with lights: someone at Caltech once modified the wiring of a student's room and the adjacent bathroom so that the light switches in both rooms controlled the lights in both rooms. They they waited in the courtyard that the student's room and the bathroom both overlooked to watch the hilarity that they knew would ensue.
What happened was that the occupant of the room eventually went to bed, turning off his light. Then later someone went to use the bathroom, turning on the bathroom light (and so also the student's light). That woke the student, who got up, turned off the light, and headed back to bed. The guy in the bathroom shouts something, and a few moments later gets his pants under control and goes and turns the light back on and heads back to the stall to resume his business. Meanwhile, bed boy is shouting something and getting up to turn his light back off. What I'm told then happened is that the lights flipped on and off a few more times, with the time between flips getting smaller and smaller, until both guys are just standing at their light switch flipping it repeatedly, before they both go out into the hall to try to figure out what is going on, find each other, and figure it out.
Your're not wrong, but the other point is they are swatting a fly with a sledgehammer. What wrong with a simple light switch for gods sake. Why would a hotel spend hundreds of dollars to do what a $2 device can do more reliably and securely?
Also, some hotels manage to have the tv showing a welcome message when you enter.
As a result, I can shut things down from my office or set up schedules to do the same. I can monitor usage and save resources (lamp hours on projectors and lighting, etc)
The idea of using a full-on tablet computer is just silly and sounds more like something I'd do while tinkering at home and was looking for a use for some old phone or tablet sitting in a drawer. It's not something I'd put in any enterprise or commercial space.
Though I wouldn't be surprised that the cleaning staff would "clean" it up if you weren't there. Might want to put out the Do-Not-Disturb sign too.
So, somebody is going to set up shop across the way, in what is probably another commercial building, commit a couple of crimes, all to take a picture of some random, likely unidentifiable person sleeping in a hotel bed?
Personally, I'm not very worried about that.
I mean, it's not like there aren't easier attack vectors for creeping on people in hotel rooms if you were so inclined.
Or a camera equipped drone.
It made Tron look technically accurate.
I doubt the hotel came up with this solution completely by themselves. Whoever installed it will probably install it elsewhere and it's only a matter of time until it goes badly.
Which takes us to this: "Any sufficiently advanced technology controlled by a miscreant is indistinguishable from a possessed object in a Stephen King Novel."
And if you wonder why the blood reservoir has to be connected to both the elevator shafts and to the Internet, I ask you this: who would want a dumb blood reservoir in their hotel? I mean, obviously you have to have one, but wouldn't you rather be able to query tank levels from your phone and automatically order refills online? Nobody wants to be the unlucky employee that has to go up there with a dipstick at midnight during a thunderstorm, right?
What is worse, your data being sent to people you know or to people you don't know?
Why? Because I know Google has systems in place to detect sysadmins browsing in data unrelated to their job and I know they have fired people over it even if was tought to have been done with good intentions.
Edit: as for tracking I wish they would up their game and stop providing ads for <insert eastern country here>-dating.<tld-of-the-day>
I wish they would take into consideration that I am happily married with more than 3kids, belongs to a subset of the population that has way less than 10% divorce rate and I might even be in the market for a new car at some point.
In fact I would even tell them if they asked.
At the interview for my current job I was asked how I'd secure a remote service. My first response was along the lines of "Ask someone who actually knows about security, because I know just enough that I'd probably mess it up".
Smart, connected things? Yes, maybe.
Smart things connecting over the Internet to a corporate cloud? Hell no.
Edit: Shoutout to Internet of Shit https://twitter.com/internetofshit
It's easy to build it in a way so that the worst that the software can do is cause it to turn into a "dumb" fridge.
My problem with this whole hatred of iot is that it's not productive.
it's a bunch of people commenting how the trend is dumb and how everything was so much better in the past. Nobody ever gives suggestions on how to improve it, or how to fix some of these issues, or even what they would like to see. It's always just "Who wants a wifi light switch anyway?" or "Oh great now my door lock can freeze".
If it's so easy, why don't more companies do it? Why didn't Nest build their thermostats so that when the battery runs out, it reverts to a "dumb" thermostat instead of turning off your heat? http://www.theguardian.com/technology/2016/jan/15/bug-nest-t...
Very few actually pull operating current from the 24v C wire if it even exists on the given system. If it doesn't, R (the switched 24v power for Heat and Cold signals) isn't guaranteed to continually have current. Only when your Heat is turned on (probably a standard toggle lightswitch on the side of your furnace) will there be current on the Rh line, and only when your AC is enabled (possibly a breaker shunt on the side of your house near the condenser unit in a small box) will there be current on the Rc line.
Nest tries to recharge it's battery by trickling the C wire, if available, and if not it will try to charge off of one of the R wires, either during normal operation, or it will try and "pulse" the heat signal to pull a little bit of current to keep going. Thermostats were designed at a time where they didn't even consume any electricity on their own. We're trying to retrofit computers into signaling system, not a circuit.
The GP is right: most new thermostats don't take power from the 24VAC line. That surprised me when my heat wouldn't come on one morning because the battery was too weak to pull in the relay for more than a few seconds. That's what I get for ignoring the "low battery" warning! All my previous electronic thermostats only used the battery as a backup.
In any case, are you really saying that using a toxic metal (mercury), or an imprecise bimetallic strip is really an improvement over a simple $10 electronic thermostat?
A dumb digital thermostat is just a thermocouple and a relay, which you could rig together with very little EE knowledge and a weekend with an Arduino.
It's clearly more work to do it that way, as you'd need multiple "layers" of firmware/code which all need to communicate and run on their own, but i personally see that as insurance against the exact situation you are describing.
Nest is far from what i'd consider a good IOT company. They are the epitome of vendor lock in, proprietary and buggy code, and shitty support.
The thing I don't get with 'control everything with your smartphone!' is that people don't think about everyday use. It's like the people that design these products don't look at the actual, repeated use cases. Why would I want to pull my phone out of my pocket, unlock it, find the app I need, launch the app, wait for it to connect, hit the buttons I want....
(Even when I'm on Android and I can have an IoT control widget on my homescreen, that's still pulling the phone out, switching it on, unlocking it with my fingerprint, finding the page, hitting the button.... oops I forgot to turn Wi-Fi back on, better do that....)
I think IoT is great, but to do a great job at it you need to design the product with that in mind to begin with. The whole architecture of the product has to fit (see again, Hue). Sure, picking an Android tablet is easy, but why would you architect all that complexity? Why not a touchscreen device with a really simple real-time OS that does only what it needs to do?
I'm confident that this will all be self-correcting in the end. Consumers and 'the market' are smarter than we give them credit for. Certainly it takes a long time for them to react, but I think that when enough of the public is jaded by 'bad IoT' and the fad phase has passed, the actually good IoT products will survive and those companies that really think about their designs as a whole will be rewarded.
This is exactly the sentiment i was talking about though.
If you buy a car that had a faulty AC unit, do you just swear off cars altogether because "they all have shitty AC"?
Why do so many people like to bring up bugs/issues with poor iot devices and act like it is something that can't be improved or fixed?
But it hasn't been that long at all, and there are people doing it right.
The problem is that they are expensive and don't offer the same amount of features that some people want.
Take the "traditional" smarthome networks like z wave and friends.
I have a z wave light switch that works as a lightswitch 100% of the time. I actually installed the switches before i had a controller for them.
Add a controller and you have a "smarthome".
Connect that controller to your wifi and you have the ability to control these things safely from within your own network using anything from a bash script to shitty iphone apps.
Connect that network to the internet through a firewall and an authentication system and you now can control all of that stuff securely across the planet.
If any one of those breaks, functionality is reduced. Internet is down, i can't control it outside the house. Controller goes down, i can't control them as groups or from within the house but still "remotely". But it will literally always turn on/off the lights when i hit the switch. I don't need to worry about the security of a cheap chinese zwave knockoff thing because the controller is that gatekeeper.
That's IOT done right.
But people don't want to pay the money for that, they don't want to pay an electrician to come out and install them across the whole house, they don't care about security or what happens when the internet is down, they want a light they can control from their phone for as cheap as possible as fast as possible. And of course when people are asking for a product, manufacturers are going to make it.
Hence my shoutout to IoS! :)
Which might be quite a challenge with some devices when your neighbors drown you in free WiFi.
Fifteen years ago. Wow, I love the way I gave Jini a shout-out.
Nothing in remote/automatic updates requires being brickable. Don't buy such a crappy fridge.
Or, call a serviceman to fixe it, just like you would today with dumb fridge.
How does Tesla implement updates?
An opt-in switch is merely convenience for the incredibly thin % that bothers with this kind of thing. And that % will actually be informed enough to not opt in.
Come to think of it, that % will likely be informed enough not to buy this kind of device in the first place.
Tesla has a pretty vested interest in shit keeping working considering it's a pretty luxurious and high-profile product. The cut-price manufacturer of your $20 lightbulb or $300 fridge? Not so much.
It's not a matter of luxury, it's a matter of having people work on it who care.
Disclosure: I work with them. Much <3 :)
Source: Chromebooks are awesome, and even with excesses like this, they're still the cheapest to operate by far.
A comment in https://bugs.chromium.org/p/chromium/issues/detail?id=323010 claims that the BSSID is used for a "suspected" state, but that may not be enough to actually stop it from downloading updates, but I'm far from an expert in that domain.
In short, identifying tethering states with iOS seems to be hard.
It is either possible to do something securely and won't really take significantly more time, or it's not possible to do it securely at all, and no future update is going to fix it.
If an application was created without security in mind in worst case it might require complete rewrite. In other cases it might be a whack-a-mole game.
For example compare ssh vs application that simply opens port and starts bash as root. You can use both to control your server, but if you want to add security it would be a lot of work (you could incrementally add authentication, encryption, maybe restrict user what s/he can do but there will be million and one ways to escape).
After fixing one issue after another without seeing the end you'll realize it would be less work to just rewrite it from scratch with security in mind.
Security is not a feature, it is a process.
In regards to IoT devices, as the article is lamenting, many are designed with no security in mind and instead seem to be thrown together as quick as possible to achieve a function, without considering the implications that a security breach may have with said device. (e.g., IoT baby monitors, thermostats, home locking systems)
In truth it's much much more like how Google just has computers trying to index every site on the internet that they can find. Most of the attacks these days are broad searching things, just testing every exploit they can against every site they can.
Also, seriously, Google will find and index those GET+DELETE non idempotent URLs and ruin their day.
Here is the professional ethics piece of a talk I gave last year to a developer meetup:
I don't have enough knowledge of the stage the OP's startup was to have answered, so I stand corrected.
These days, this is the kind of thing I negotiate up front. When they ask me how long something will take, I explain that they can have a prototype quickly, but only if they promise to throw it away as soon as the experiment is done. I explain that they can have me build a movie set or a real house, but that there's nothing in between.  And then I leave the choice up to them, explaining that it's really about their business judgement.
Generally people keep their promises on this, although sometimes it takes a little reminding. When they do, the business benefits are substantial. A good product person really benefits from doing quick, cheap experiments. And they also benefit from having a solid platform of high-reliability code for production use. But they can only get the benefits of both if they're careful not to mix the two.
 There is actually something between, but they don't want it: http://agilefocus.com/2009/06/22/the-3-kinds-of-code/
Prototypes-become-products is a trope much like _The Mythical Man Month_. We all nod knowingly when it is mentioned, we all know how it will turn out, and then we (well, management dictates that we...) turn right around and do the opposite.
You need to do it right from day #1.
The difference between you and the dunces building things like this hotel light system is that you know that there's a problem and will work to fix it. As the market matures, security will become more important. But the only companies with the chance to fix it will be the ones with substantial market share. And the people who will fix it best will be the ones, like you, thinking about security from the beginning. But that can only happen if people like you get in early and lay down the infrastructure in a way where security will at least be possible.
What could possibly go wrong?
- Sous vide normally uses a water bath at a controlled low temperature over a long period of time.
- Hike the temperature up past the boiling point, and the water is evaporated, allowing you to hike the temperature up to ignition points.
- Or, cycle the electronics fast enough to overload the power supply. If it isn't designed well, either the wall circuit blows or the power supply bursts into flame.
- In any case, the expectation of a long unattended cooking process means that human observers might not be in the loop.
Even without deliberate hackers, the device needs to contend with software errors, running without water, or a stuck relay that could leave it boiling dry and overheating.
- VW's dieselgate (although that was intentional)
- Virgin Galactic VSS Enterprise crash
(yes, designed for a skilled operator, but still: no interlock on the brake)
- Pyranha Moulding's industrial oven 
- Hotpoint tumble-dryers catching fire 
Perhaps 35 years ago computer control was still very new, but right now, IoT is very new, so there's a whole new world of mistakes to learn from, and the evidence is very clear: serious mistakes are being made.
OEMs moving to XXX over TCP protocols which have zero security by default and documenting this in the datasheets.
VAR installers switching to the newer products because CAT5 cable is cheaper and easier to pull than what they used to use.
The previous solution was just as insecure but harder to hack because you needed more specialised equipment.
I'm not sure how we are going to fix this without getting the OEM industry and the industry bodies behind xxx over TCP to understand that they need to bake a security model in.
> For example, you might know that Shodan crawls the Internet for industrial control systems (ICS). One of the most popular protocols in ICS is called Modbus that runs on port 502. At the moment, there are about 17,000 devices listening to Modbus on the default port. It turns out there are also 700 devices listening on port 503, again a one-off sort of situation.
Probably over 20k by now
Lawsuits for damages, as usual.
Structural engineering solved these kinds of problems with building codes. While I'm not sure that's the answer here, I think most people would welcome guidance beyond "just put whatever devices you want on a shared network and hope for the best".
I'm guessing a lot of buildings and bridges had to collapse for codes to take hold. I hate to think about how many power grid shutdowns and crashing cars we will have to go through. Clearly the routine theft of personal data has not made enough of an impact to improve security.
I was in my friend's Honda Pilot the other day, which has the new trendy big screen interface to replace the radio. I'm sure it is insecure junk, but more importantly it is a nightmare for humans.
I have a BS in CS, have developed some enterprise apps, run major complex tech programs successfully, and could program my dad's VCR in the early 80s. And... It took me nearly 10 minutes to figure out how to turn off the radio on the weird touchscreen.
To turn the radio on requires 4 clicks, and the key button is on the corner of the screen, where it is least responsive to touch. I would probably be safer driving with my knees and texting with two hands than controlling that radios.
If anyone interested, cross scan its default IP interface port 3671
say German telecom ISP IP range (and there is CSV available on www),
with efficient penetration test tool like masscan, challenge it with 0x0205, look for 0x0206 on response.
Thousands of home and factories and commercial buildings welcome you with real time datagrams on all their switches/appliances/presences/sensors/cams/... Bonus point: writable!
* "I stayed in a hotel with Android lightswitches and it was as bad as you'd think "
Another title would be:
* "CoreOS security developer stays in a hotel, and hacks the light switches to.."
The problem is that when a software engineer goes to the front desk of a hotel and complains about the security of the brand new Android-Powered Hi-Tech system that they just put in, the person working the desk thinks, "Haha wow! That nerd was a real Sheldon Cooper, like on the television!" and they don't care at all. If you live in a bubble where programming and computer work is black magic, well then of course it is completely inevitable that someone so nerdy and so smart would be able to hack everything on the planet. So they don't really think there's anything to be done.
When it's a group of annoying little 15 year olds that sneak out in the middle of the night to wake up all of your guests, it's a lot bigger of a deal.
Back at the dawn of time, less than a billion seconds from epoch, it was considered rude to exploit obvious security holes. People would actually track down casual hackers and get them in trouble. But once script kiddies came on the scene, it became a lost cause. Once it could be any 14-year-old idiot on the planet scanning your ports and exploiting your old, unpatched software, it became clear that tacit agreements and social pressure weren't enough. The burden of security began to shift to people who created the software.
Can anyone recommend a good reference / tutorial for learning basic network-fu in unix ?
Even then, and with the limited 'damage' that could be done, each and every single room got its own VLAN. That was certainly a little ugly to manage at times, especially in a 1200 room hotel, but yes.
There used to be party lines in villages where the whole village could listen in to anyone's phone call.
Never mind the operator could also have a sticky beak.
Now if they can change your sound system to play Kanye West... that truly is a problem worth worrying about.
Now get off my lawn!
You want to add motion detection to lights turning on.
You want to attach light sensors to have variable intensity bulbs be brighter or dimmer depending on ambient lighting conditions.
You want your lights to turn on inside your garage when the garage door opens.
You want your front hallway light to come on when your door is opened.
You want to be able to check all the lights in your house at a glance to make sure you did not accidentally leave any on.
You want to have all your lights auto-off when your kids should be in bed.
And of course, most importantly:
You want to turn your house into a rave party, or an epileptic seizure inducing disaster, and I don't think there is actually a difference there.
Your networked toaster might have online profiles for how to optimally toast bread, bagels, rolls, etc based on the type of bread and they would be available on a per-toaster basis. Rather than just odd balling how you want your toast done, you could buy a toaster that has profiles with high ratings that will toast your bread to your exact desire with your given model of toaster.
For your fridge, it could have isolated temperature and humidity per compartment, give alerts when different foods are low in quantity / going bad, track the expiration dates of all your food, and have the same lighting features as your house lights.
There are plenty of applications of "smart" devices. The problem with the IoT is that once you put software in a device you need to be responsible for it, and I don't believe there is actually a single hardware manufacturer on Earth right now who is legitimately responsible for their hardware and respectful of their users (particularly their software freedoms in relation to that hardware).
You want to have your lights come on at a certain time.
I can get a timer at a hardware store.
I can get a motion sensor switch at a hardware store.
Yep. That happens with most existing garage door openers.
I've never seen this implemented, but it could be done in a multitude of ways such as the motion sensor or a simple contact switch on the door itself.
There's keypad in the entrance to the kitchen, with buttons labelled "Bright" "Dim" and "All off". If you press Bright, all of the lights (sink, under-cabinet, range hood, and island) turn on 100%. Dim sets just the under-cabinet lights are on at 50% and island is 10%. Without this keypad, you have to walk to 3 different switches on opposite sides of the room.
There's also a keypad by the front door. It has an 'all off' button which is great when we're leaving, and as we also walk by it on the way upstairs, handy when we're going to bed.
The front door keypad also has a "Garage" button. It lights up red if the garage door is open (as we can't see the door from anywhere inside the house). Press it and it'll toggle the door to open/close.
That stuff is just simple scenes, but I also have some more complex things..
The outside lights go to 20% from dusk until midnight, then turn off after midnight. On top of that, at any time between sunset and sunrise, if the garage door is open, or if the outside motion detector sees motion they go to 100%, and once the door is shut or no motion is seen for a few minutes, they return to previous level.
At sunset, if none of the lights in the house are on, one of the lights in the kitchen and one of the lights in the living room turn on (to make it look like someone is home).
At ~midnight, if only the one kitchen light and living room light are on (and nothing else has been adjusted, indicating someone is home), turn the lights off.
At sunrise, turn off all lights. (This used to be 3am until we had a baby, then it was annoying because, well, crying baby + preparing bottle + 3am + lights suddenly turning off = ..not good).
At some point I will also set up a motion sensor in the front hall (or maybe a door open sensor), so if the outside motion is triggered followed by the inside motion (or door opening), the inside front hall light turns on. A bit tricky, since I don't want to happen if I'm just walking around the house (or leaving).
Is any of this game-changing? Not really. It's interesting to me, it's not overly expensive (especially as I have built this up over time), and it's a nice albeit minor quality-of-life thing.
Btw, I can control this from a PC/phone, although I basically never do (the keypad/switch on the wall is always going to be faster). I could also set it up to work via internet, but I don't, because 1) there's an attack vector and extra security to worry about, 2) adjusting the lights while I'm not home is pointless, 3) I believe a key to home automation is the automation part. If I have to control it manually, it's by definition not automated.
I would point out that the three different switches on opposites sides of the kitchen sounds more like an issue of poor switch placement (admittedly, a common problem) than anything crying out for automation, but the ability to control sets of lights with one button is intriguing.
I think the take-away is this:
> Is any of this game-changing? Not really. It's interesting to me, it's not overly expensive (especially as I have built this up over time), and it's a nice albeit minor quality-of-life thing.
Which I contrast with: "Let's hook my toaster up to the internet because: Internet of Things!" which seems to be the prevailing attitude.
I built an automated heating system. It does all the right things at the right times. I never touch it; it has some graphs if I want to see what it's doing.
The shoddy consumer systems all have manual control and an app, because you just spent all that money, you want the warm fuzzy feeling of having an app to fiddle with.
Marketing is why everything has to be networked.
Too lazy to walk up to the light switch when I'm at home? Just no.
IoT is an amazing, awesome, innovative and entirely new concept. Just like "The Cloud" was.
If, however, by "Building Automation," you mean networked computers controlling your lights and every other aspect of your environment, this is not the norm now, never has been, and I would hazard a guess that it won't be any time soon because the cost and complexity is not worth the marginal advantages. Yes, some elements are creeping in: particularly systems to shut off lighting and environment control in office buildings at night because the power savings are worth it, but those systems are relatively simple and closed. There is no need to connect them to the sort of network that is featured in the article let alone the internet at large.
Building Automation is exactly what your describing and it is the norm. It's common for schools, hotels, and commercial buildings to be "smart", with something like Modbus or BACnet connecting lighting, HVAC equipment, smart meters.