They lock down everything and you will not be able to program it.
I don't see that going down well with developers and hobbyists.
Mikko Hypponen, chief research officer at Finnish security company F-Secure, spoke to The Reg at the launch of Sense, a consumer firewall device that aims to "secure your connected things". Hypponen says IoT is unavoidable. "If it uses electricity, it will become a computer. If it uses electricity, it will be online. In future …
Correct, but an end user who only cares about email, browsing the web and watching some videos will be happy their files aren't getting encrypted by ransomware and their online banking credentials stolen. Meanwhile, the hobbyists & developers will avoid those devices and stick with full blown Windows, Linux or Macs.
I think Chromebooks are a good example of this model, actually. They can't be programmed by the average end user. There's a "developer mode" that allows programming, but getting into it requires some specific steps (well documented) and a data wipe, and it warns you each time you boot that you're in an insecure developer mode. So hobbyists still have the ability to tinker, but end users can't be easily tricked into unlocking their devices for malware.
One possibility is blocking the VPN server IP addresses at the ISP's for any that don't play well with law enforcement. The way around that is a personal VPS providing your own VPN service. I'm seriously consiering that in replacement for my VPN and "Cloud Storage" currently provided by other companies. Even work out a bit cheaper here.
Come now, the snooper's charter was only ever about catching the dumb and technically ignorant out there. Admittedly, that is most people.
As for trying to crack down on VPN services that would end up as another pointless whack-a-mole game and seriously piss of business users. Of course the gov often dances to the red-top paper's stupid suggestions so there is a fair chance they would try, but again I suspect the real experts know your biggest risk are the local muppets who can buy knifes and rent a van, as we have seen recently.
Except that he is saying that in the future such devices won't use your network. Presumably they will have some sort of wireless radio for 2g/3g/4g/5g data, with eSIM and monthly costs...
The only hope is not paying the monthly payments or somehow deaktivating the chip - and hoping that a lack of signal doesn't brick the device...
My other half won't let anything IoT in the house (useless toys) and won't let anything (other than telephone or laptop) into the house with a microphone.
Good luck with that. I can imagine that in five years max high end TVs which come with a microphone either in the TV or the remote will trickle down to all models.
And it's difficult to tell before you buy because manufacturers don't make it clear it's got a microphone, they just say it does whatever their fantastic speech recognition thing is called, and that might cover an an app on a mobile paired with the TV too.
I can imagine that in five years max high end TVs which come with a microphone either in the TV or the remote will trickle down to all models
I agree, and I believe for that reason, (although not exclusively) a Neo-Luddite subculture will pop up everywhere, de-smarting your devices for a fee. I can also predict that there'll be some sort of alternative Tor-alike Internet connected via Mesh devices.
The best current analogy to this I can think of is On*Star in GM cars. And while there are people who disconnect the On*Star module, it's not a particularly common practice. In many cars it also triggers a check engine light, which is an automatic emissions test fail in some places, so it's more complicated than just cutting a wire.
"My other half won't let anything IoT in the house (useless toys) and won't let anything (other than telephone or laptop) into the house with a microphone."
So what happens when the inevitable happens and you need a new fridge and ALL of them are IoT-FORCED that brick if you disable or cage them?
Since we already refuse to pay a subscription for cable TV, it's not a big change in attitude for us refuse to buy products that come with a monthly subscription fee to use them. I'll find another way to make a couple of slices of bread crispy if it comes to the point that commercially available toasters need to phone home on my dime.
"Er, my router, my firewall rules..."
BZZT! Their network chips, their rules, and they trump you because they're up the chain. And since it's a cartel up there, with plenty of network technologies covered by patents (and they're genuine hardware-based patents), good luck trying to roll your own network chips from scratch to get around them.
> with plenty of network technologies covered by patents (and they're genuine hardware-based patents),
Patents are intended to _stop_ other companies from competing. If one company holds a patent then no other company can use that mechanism without buying a licence and paying a royalty. You cannot force a company to use a patented mechanism.
> good luck trying to roll your own network chips from scratch to get around them.
If there is a market for devices that do not use those patented mechanisms then someone will build them, or import them from India.
"Since you can't secure the devices with software then you have to secure them from the network. I don't see any other way of doing it."
I can: just don't connect them to the network. That will work for now.
Unfortunately, you can already buy a complete system for under $10 which includes a 2G GSM modem:
http://www.orangepi.org/OrangePi2GIOT/
https://www.aliexpress.com/store/product/Orange-Pi-2G-IOT-ARM-Cortex-A5-32bit-Support-ubuntu-linux-and-android-mini-PC-Beyond/1553371_32802458477.html
(and just for fun, it has an onboard microphone too. Not just a microphone input, an actual microphone)
If your fridge comes with one of these, there's not much you can do, other than opening it up and chopping wires or taking out the SIM. F-Secure's firewall box will make no difference unless it comes with a mobile jammer.
Of course, your home *network* is not at risk, but your *home* is - e.g. from people being able to work out from fridge door opening info whether you are on holiday and therefore safe to be burgled.
I don't understand his statement of
<quote>
Hypponen says IoT is unavoidable. "If it uses electricity, it will become a computer. If it uses electricity, it will be online. In future, you will only buy IoT appliances, whether you like it or not, whether you know it or not.
</quote>
It either needs a connection, i.e. through my router which I will not allow, or it comes with its own communication method such as 3G/4G etc in which case his software is pointless. Either way no sale.
According to CCFKAC*, isn't that for "The Market" to decide (mythical as it may be)?
Or is the New Credo now that "The Market" := What The Corp.s deign to supply and the Buyer has to buy?
* the Current Credo Formerly Known As Capitalism
Mixed bag of bullshit by the sound of it.
Not sure how "future-IoT" devices are going to be net-connected without going through the owner's home network so that part makes no sense. Is a cheap toaster going to come with an embedded satellite phone and airtime contract so it can talk to base? The fact he's hawking a product that categorically can't work against these phantom connected toasters (according to his own logic) makes even less sense.
Also, the security of locked-down systems is far from perfect and I'm not holding my breath that MS will be able to do it properly. Most likely the'll succeed in crippling the ability for users to administrate their device properly while leaving enough security holes for priviledge escalation that an attacker can gain complete control.
That's easy. A software 'sim card' connecting to a 5g network. 5G has some stuff designed in for IOT, presumably those sims would be locked to only talking to a specific set of servers and the devices only send small relatively infrequent messages and so the manufacturer just buys 'bundle' of messages to support the number of devices they have. In bulk this will just be a few pennies per year per device.
Nothing new. Recall the original Amazon Kindle and its "Whispernet" which ran on top of the AT&T Wireless network? Same idea here. If it can reach the air, it can connect whether you like it or not, and you can bet these devices will brick if you try to Cage them or destroy their chips and/or antennae. And if ALL the manufacturers are doing it, you'll be left with a Hobson's Choice: either bend over or start living backwoods-style cooking with an open flame and storing cold stuff with a self-built icebox.
It'll never happen. I get fuck-all mobile reception at home because of the local geography, plenty of people are in areas of poor/no coverage and sometimes networks are unavailable.
One or two companies may make devices that auto-brick if they can't connect but the level of backlash they'd receive would mean everyone else steps away from that particular model.
Additionally, there will be loads of companies that don't want to add a 5G + SIM + allowance into whatever tat they're peddling.
I can't see this working in practice, although plenty of gullible twats will buy such devices, just not enough for it to mean everything with a plug gets all this crap bundled with it.
Whispernets are more tolerant. If you can do SMS, a whispernet should be fine. 5G low-bandwidth can use lower frequencies for greater range.
The companies will act in cartel with the government's support. Any that try to break rank won't last long as that data represents repeat business, and there's no business like repeat business. Especially when the costs to add drops rapidly toward nil.
> The automotive market appears to disagree with your optimism.
I am not sure what you are thinking of. I can buy new cars that do not have 'connectivity', do not 'call home', do not have GPS even. I don't know of any car that limits what petrol it can use, nor where it is allowed to go.
John Deere did produce tractors which could only be serviced by their agents, but there is a lot of push back on that, through the courts even.
Not sure how "future-IoT" devices are going to be net-connected without going through the owner's home network
They'll use something like this:
https://www.silverspringnet.com/solutions/smart-cities/smart-cities-street-lights/
I can imagine cash-strapped Councils climbing over each other to get these installed for a small fee and a chance to monitor their council tax payers.