The Internet of Things has already been rooted

by
in hardware on (#3Q9)
story imageManufacturers and the easily-excited tech media are more excited than ever to push us into the world of the "Internet of Things," in which common appliances can all communicate with us over (presumably) TCP/IP. I have yet to see why this is useful for anyone other than appliance manufacturers, who will have a reason to sell us new versions of everything we already own.

But here's another reason to be suspect: the folks building out the latest smart devices seem to have avoided learning any lessons from the security flaws we have been working out of the last wave of devices (computers, phones, routers). This article asks, "How many security researchers does it take to hack a [smart] lightbulb?" and concludes: not very many at all.
Routers are an obvious target for hackers as they are intrinsically linked to the Internet making it possible for hackers to compromise them from a distance, but less attention has been given to some of the other network-enabled devices cropping up in people's homes. Once a hacker has access to a person's home network they have access to any device connected to it, and with an increasingly diverse suite of devices coming online the potential to break down the barrier between the cyber and the physical worlds is getting ever greater.

To demonstrate the concept, Context's senior managers bought a case of beer and five network-enabled consumer devices from a mixture of start-ups and established vendors, configured them with the recommended security settings, set up a secure wi-fi network and set their best and brightest cyber-security researchers to the task of hacking this mock smart home.
Don't feel bad though that the new Internet of Things has been delivered pre-rooted. Your new Android Wear watch just got rooted too. Hopefully they'll invent "smart underwear" too so that can get rooted upon arrival: then we'll really be vulnerable.

[Ed. note: Kudos to this research team, by the way, for ensuring their study was accompanied by a case of beer - an important part of any tech research, in my opinion.]

Got root? (Score: 1)

by bryan@pipedot.org on 2014-07-10 18:45 (#2EK)

Being able to root your tablet or smart watch is often a good thing. You gain more control over the device that the manufacturer greedily stole from you whilst trying to cage you in their walled garden. Of course, these devices almost always act as clients and do not have server-like services "listening" on a network port.

A router or light bulb, however, do listen to a port on the network. Being able to remotely root these types of devices are definitively a bad thing and an obvious security vulnerability that needs to be patched.
Post Comment
Subject
Comment
Captcha
Enter the number twenty one thousand three hundred and twenty nine in digits: