http://iwantch4.com/ <-apparently this is a real thing
Rei is really scraping the bottom of the barrel for technologies to be angry at.
No kidding. The Ch4 guy is some wacky engineer/wannabe artist enrolled in the equally wacky ITP program at NYU. He thesis talk is must see TV.
Whilst the fridge implements SSL, it FAILS to validate SSL certificates, thereby enabling man-in-the-middle attacks against most connections. This includes those made to Google’s servers to download Gmail calendar information for the on-screen display.
I can’t say I ever expected to see “the fridge implements SSL” as part of a coherent sentence, but such is our connected world!
The IoT is not going to happen in this generation, no matter how much Gartner and IDC dollars are poured into reports about it. Utility of the products is far too low to justify the cost, but more importantly there is no security at all. The whole approach needs to be rethought from scratch using new network protocols and new hardware architectures to provide much stronger security.
I think it would be amusing to use the CH4 in reverse, to isolate the foods that make you fart, and then maximize your intake of those foods.
I’ve been doing that for years before long car rides with the family. Knowing which foods to eat to maximize the effect is a family secret passed down from father to son for generations.
The answer to those insecure IoT devices opening holes into your network is to setup a separate VLAN specifically for untrusted devices. Many SOHO routers support this as a “guest” network, but they often don’t allow authentication, which allows your neighbors to use your wifi to download what I colloquially refer to as “dark stuff”. So you need to flash a new firmware and figure out how to do all that on your own right now.
Or buy a separate cheap router, plug it into your primary one, and put that port into the DMZ I guess. That would work too. Clunky though.
All of this will be sorted out soon enough; home routers will support an authenticated yet separate wifi network or home automation fabric that doesn’t expose your primary network to intrusion. Just, not yet.
You just said about eight things that go over any layman’s head, which is a huge barrier to home security. IoT is coming faster than the home networking it will operate on is keeping up. Very curious if the big SOHO brands are indeed looking at this and coming up with ways to release and brand ‘1-click’ deployments of this kind of security. Windows 10 taking bullshit liberties in expanding my security trust zone by potentially sharing wifi network access to acquaintances in my local or social media contacts lists (with no fucking way to opt-out beyond altering MY FUCKING SSID), is just as troublesome and another driver for locked down guest access.
I’m sure they are. It’s as simple as changing the standard “guest” network to require authentication, and boom you’re done. Until then, people actually concerned about it (who will be tech savvy by definition, I would think) can easily pick up an el-cheapo router and create a separate network on the DMZ. Your crusty old WRT54G from 2003 would do.
That doesn’t mean your IoT stuff couldn’t be used for DoS attacks, though. The Lizard Squad’s DDOS service actually used hacked SOHO routers. But at least it doesn’t open up your network to whoever hacked the completely unmaintained server that your wifi lightbulbs download updates from.
Is the “internet of things” really necessary, or is it just a neat side-show that some techies have got a bee in their bonnet about?
As with all these gee-whizz inventions, the reality is usually less glowing than the prophecies would have predicted - it has a place, but it doesn’t supplant the other two levels of tech (low and mid) entirely. There’s always a trade-off - just as there was a trade-off in the master/slave dialectic (master bound by tethers to slaves, master loses self-reliance, slaves gain it). Anyone who’s lived through the hi tech revolutions gets a canny sense of the costs, and is more judicious about these things, less ready to throw all the low and mid stuff into the dumpster.
It’s not necessary in the same way as water or shelter, no. Thing is, it makes these products better.
Your front door automatically opens when you walk up with a bag of groceries. You can grant access to your cleaning lady on mondays between noon and 4 without giving her a key, and all the time, and the key can’t be copied. The camera records the UPS guy delivering a package, so you know your new licorice slippers arrived on time.
Lights come on when you walk into a room, and turn off when you leave, conserving energy. They’re sensitive to ambient light, so they don’t run unnecessarily during the day and aren’t too bright at night. They change color warmth to soothe your circadian rhythms. They talk to your media center, know when you’re watching a movie, and dim to just the right levels.
Your fridge sends out notifications when it’s time to throw out that old chinese food. It never runs out of ice, because it knows how much is in the hopper. When your bananas go bad, or you eat the last one, it adds bananas to your amazon fresh shopping list.
Your bed measures your movement while sleeping, and wakes you up not at exactly 7:15AM but when you’re in an interval between REM sleep. It listens to you breathe, and alerts if you have sleep apnea. It knows when your sleep patterns are irregular and makes recommendations.
All these things work together. If you’re having trouble sleeping, the fridge suggests maybe you should have seltzer rather than a caffeinated soda at 11PM. Your lights dim a bit earlier. Your A/C knows you like to sleep in a cold room, so it drops to 68F.
Smart devices have real value. They can improve our quality of life. They need to be protected from external penetration, and the extensive data they collect secured.
I can see the possibility, but unless some quite sophisticated AI is running the show without too much input from you, it could also be more fetters (stuff to think about, make choices about, get stupidly obsessed with, etc.)
Those are actually a thing. Go figure.
WTF, fridge ice makers have already been able to do this for decades.
Although this being stusser, he’s probably envisioning some scenario where there’s a mapping radar in your freezer that keeps track of the ice level and when it drops too low automatically sends an email to the ice delivery man who brings a fresh block around which is then lasered into cubes by your household atomic-powered robot.
Remember, someone who is 10 times more obsessive and detailed than you regarding specific aspect X of the internet of things will have figured out a way to allow you to easily and readily take advantage of their level of detail without having to make all the decisions yourself. That won’t work everywhere, but it will work in some places. In others, good UI will guide you through your own naturally inclinations to set these things up (and bad UI will make it a chore to do this as well, yes). I am a “make it cold while I sleep please” kind of guy myself. I don’t have a fancy thermostat currently, so I can’t program it to do anything. But I wouldn’t want it on a set schedule either. More like “start changing the temp when I go to bed [the time for which can vary from night to night]. Only start changing it after I wake up if it’s after a certain time in the morning or I manually make it so [because I do sometimes get driven from sleep to wakefulness and need to putter about before I can fall back asleep]”.
Exactly. That stuff will improve your quality of life, once it’s mature, and cheap, and works properly every time.
Once/if this stuff is ever secured from attack and standardized.
Right now the mass produced web server chip they use is so cheap that it has perma-backdoors and there’s no incentive for them to allow for, much less actively update or patch.
Your front door automatically opens when you walk up with a bag of groceries. You can grant access to your cleaning lady on mondays between noon and 4 without giving her a key, and all the time, and the key can’t be copied
Your insurance company is going to love that.