Story 2014-07-10 3Q9 The Internet of Things has already been rooted

The Internet of Things has already been rooted

by
in hardware on (#3Q9)
story imageManufacturers and the easily-excited tech media are more excited than ever to push us into the world of the "Internet of Things," in which common appliances can all communicate with us over (presumably) TCP/IP. I have yet to see why this is useful for anyone other than appliance manufacturers, who will have a reason to sell us new versions of everything we already own.

But here's another reason to be suspect: the folks building out the latest smart devices seem to have avoided learning any lessons from the security flaws we have been working out of the last wave of devices (computers, phones, routers). This article asks, "How many security researchers does it take to hack a [smart] lightbulb?" and concludes: not very many at all.
Routers are an obvious target for hackers as they are intrinsically linked to the Internet making it possible for hackers to compromise them from a distance, but less attention has been given to some of the other network-enabled devices cropping up in people’s homes. Once a hacker has access to a person’s home network they have access to any device connected to it, and with an increasingly diverse suite of devices coming online the potential to break down the barrier between the cyber and the physical worlds is getting ever greater.

To demonstrate the concept, Context’s senior managers bought a case of beer and five network-enabled consumer devices from a mixture of start-ups and established vendors, configured them with the recommended security settings, set up a secure wi-fi network and set their best and brightest cyber-security researchers to the task of hacking this mock smart home.
Don't feel bad though that the new Internet of Things has been delivered pre-rooted. Your new Android Wear watch just got rooted too. Hopefully they'll invent "smart underwear" too so that can get rooted upon arrival: then we'll really be vulnerable.

[Ed. note: Kudos to this research team, by the way, for ensuring their study was accompanied by a case of beer - an important part of any tech research, in my opinion.]

Reply 3 comments

Warning: Cannot modify header information - headers already sent by (output started at /var/www/pipedot.org/lib/tools/tools.php:2702) in /var/www/pipedot.org/lib/tools/tools.php on line 1524

Warning: Cannot modify header information - headers already sent by (output started at /var/www/pipedot.org/lib/tools/tools.php:2702) in /var/www/pipedot.org/lib/tools/tools.php on line 1533

Warning: Cannot modify header information - headers already sent by (output started at /var/www/pipedot.org/lib/tools/tools.php:2702) in /var/www/pipedot.org/include/common.php on line 80

Warning: Cannot modify header information - headers already sent by (output started at /var/www/pipedot.org/lib/tools/tools.php:2702) in /var/www/pipedot.org/include/common.php on line 82
Fatal Error - sql [select reason, count(reason) as reason_count, value from comment_vote where comment_id = ? group by reason order by reason_count desc] arg [2507] msg [SQLSTATE[42000]: Syntax error or access violation: 1055 Expression #3 of SELECT list is not in GROUP BY clause and contains nonaggregated column 'pipedot.comment_vote.value' which is not functionally dependent on columns in GROUP BY clause; this is incompatible with sql_mode=only_full_group_by] - Pipedot
Fatal Error
sql [select reason, count(reason) as reason_count, value from comment_vote where comment_id = ? group by reason order by reason_count desc] arg [2507] msg [SQLSTATE[42000]: Syntax error or access violation: 1055 Expression #3 of SELECT list is not in GROUP BY clause and contains nonaggregated column 'pipedot.comment_vote.value' which is not functionally dependent on columns in GROUP BY clause; this is incompatible with sql_mode=only_full_group_by]