Forum menu
Surely anything operating on a home network is more like the Intranet of Things?
Well if it is using IFTT then his doorbell is calling an [i]Internet[/i] service which is signalling a public port on his lightbulb controller. So yeah, it's beyond the home intranet, so Internet of Things.
Being able to control your house over the internet only becomes the IoT if there's some kind of big data learning going on that uses the internet.
Disagree. Big data learning has nothing to do with it.
Well if it is using IFTT then his doorbell is calling an Internet service which is signalling a public port on his lightbulb controller. So yeah, it's beyond the home intranet, so Internet of Things.
Extranet of Things :). Still doesn't qualify in my book as a) we had that tech back in '97 (probably before but that was my first experience of it) and b) it's not using it's interconnectedness to the world's other devices for anything useful.
The example of the kettle taking longer because it is using data from the electricity supplier is a good one. Simply turning your kettle on with your phone via 3G isn't imo.
we had that tech back in '97
If you were suitably geeky you could certainly hook something together yourself on 97.
The difference these days is there are readily available consumer IoT devices and commercial web services like IfThisThenThat that let you hook them together with little or no programming.
In '97 we (I designed veterinary software interfaces) installed a load of these:
http://www.digicammuseum.com/en/cameras/item/axis-neteye-200
Worked flawlessly. We gave some talks on behalf of Axis and Java too although I don't think I realised it was so unique at the time.
Reading that article, it actually says "Remarks: First internet of Things device", so I guess you're right!
So they'd need to connect to a kettle, which is presumably behind a router firewall
This one sentence pretty much sums up the sillyness of the IoT. Kettles behind firewalls? It really is incredible that trillions of pounds/dollars in investment and the collective knowledge and intelligence of some of the finest minds in human history has resulted in an IoT kettle.
This one sentence pretty much sums up the sillyness of the IoT. Kettles behind firewalls?
My point was more that the kettle, and any other IoT devices on your network [i]should[/i] be protected by the same firewall (possibly with different settings) that the rest of your network is protected by.
Maybe. If they can connect to your kettle.
The kettle in the video creates it's own wifi network, with no security, so that you can easily configure it - you load the app on your phone, connect to the kettle_wifi network, and give it your 'real' wifi details so that it can connect to the internet.
The problem is that kettle_wifi network stays there afterwards for anyone to connect to. And once connected, you can telnet into the kettle with a static admin user/password combination. Then you can read the wifi key for the 'real' network which is conveniently stored in plain text.
As for the 'kettle will be running a microprocessor' - pretty much all the IoT devices run stripped down linux - so if you can get onto them you can do quite a lot - eg. Mirai botnet running on compromised IP CCTV cameras...
kettle_wifi network stays there afterwards for anyone to connect to.
That is very poor, especially if they have also left a telnet port open. They [i]should[/i] only need a single port with a bespoke process behind it for the app to connect to. Surprised they leave it running too as doing that while also connected to the house wifi presumably means the kettle needs two separate wifi chipset or at least a more advanced chipset capable of handling that.
I've got a couple of things that have had similar setup routines (Alexa, robot dog, MiRobot car) and they always shutdown their local setup wifi once they can connect to the main network.
Still potential hackers would actually need to visit your house and get in range on the kettles wifi, so I don't suppose it is a huge risk.
pretty much all the IoT devices run stripped down linux
Depends. There is no real need to do that for simple devices, you can do quite a lot with just a little ESP8266 for instance, no OS required.
A lot of the current 'internet of things' devices are either churned out by high tech far eastern factories with no cares about IT security, or are churned out by western appliance designers who have no concept of IT security
This needs stressing more than it has so far here.
Security around IoT devices is shocking. Default passwords of "password", anyone?
Moreover, a lot of the firmware is common between devices, so once you've compromised one DVR (say), you've potentially compromised over a [url= https://www.shodan.io/search?query=dvr ]quarter of a million[/url] of them.
C'mon, that internet-controlled butt plug looks pretty good!
I went to a security conference recently and this talk was particularly, ahem, eye-opening.
https://www.steelcon.info/the-event/talk-schedule/#12
EDIT: it's here if you want to watch it:
This is from the same con a couple of years ago (disclaimer, I've not watched this yet):
[quote=GrahamS ]
kettle_wifi network stays there afterwards for anyone to connect to.
That is very poor, especially if they have also left a telnet port open. They should only need a single port with a bespoke process behind it for the app to connect to.
Agreed - that is rubbish and truly dangerous, I'd missed that point as presumably it was one of the things which wasn't supposed to be public and cut from the video (it goes from kettle in a box to kettle out of box with no mention of the kettle!) TBH what they do once they leave an unsecured WiFi network running is almost irrelevant - at best it's security through obscurity, with the obscure stuff being publicly available. I suppose if they switched off the SSID broadcast that would help a lot, but then I doubt they have!
Surprised they leave it running too as doing that while also connected to the house wifi presumably means the kettle needs two separate wifi chipset or at least a more advanced chipset capable of handling that.
It seems to be a fairly common feature in modern chipsets (I'd be very surprised if it wasn't a single WiFi chipset) - logically it shouldn't make it significantly more expensive as it's just an added feature at the firmware rather than hardware level. I suspect your devices which switch off the host WiFi probably work that way because they're forced to by the hardware rather than because they've thought about security though!
Still potential hackers would actually need to visit your house and get in range on the kettles wifi
Visit your road, I'd be surprised if they needed to be inside your house given typical WiFi range I've seen with cheap devices. Maybe with IoT things like that around I should start scanning for unsecured WiFi again ๐
I really can't get excited about this stuff yet - I'm sure that over the next few years, the IoT in the domestic environment will have found something really useful to do - but until then, it's almost the definition of a solution looking for a problem.
I'm absolutely not a naysayer - just that I haven't seen any domestic application yet which is worth the investment/hassle. Maybe that will change as things get cheaper/more robust.
The exception is the Ring doorbell.... that's kinda useful.
Any other domestic IoT products that offer a significant benefit over the current gold standard?
I suppose if they switched off the SSID broadcast that would help a lot, but then I doubt they have!
Masking the SSID is no security really.
Any other domestic IoT products that offer a significant benefit over the current gold standard?
Well Alexa (or Google / Apple equivalents) seem to be pretty well regarded and probably meet the fairly flexible definition of an IoT device, as well as providing a nice way to interact with other IoT devices such as lights.
Another good example of IOT is maersk who need to monitor 300,000 refrigerated containers. Each one is fitted with an iot sensor device which sends back data about the performance of the container.[url= https://internetofbusiness.com/maersk-ericsson-iot-success/ ]Link[/url]
Visit your road, I'd be surprised if they needed to be inside your house given typical WiFi range I've seen with cheap devices. Maybe with IoT things like that around I should start scanning for unsecured WiFi again
When I saw him give the talk in person, he talked about the security flaws in it, how to connect to it, and had figured out a way to geolocate active kettles with a google maps overlay, so you knew exactly which end of the street to park...
Might be going on a course about the internet of tat, so just curious to see what all the fuss is about.
Might watch Terminator for a refresher on Skynet.
I expect well see continuously variable pricing sometime soon and more smart devices to take advantage.
This is indeed on the horizon. The company I work for does a lot of the backend infrastructure for smart metering (although not a project I'm involved with personally). One of the guys on the project was stressing about the PKI required to enable client certs to be changed multiple times a day (to allow the homeowner to switch provider) - I have nightmares about annual renewal certs let alone multiple times a day...
Thread Resurrection!
Some interesting stuff in this IoT competition:
https://www.hackster.io/contests/ESP8266
A really interesting topic - just done some coursework on this so if anyone fancies reading some academic papers then I might be able to dig something out.