back to article The Internet of Stuff is a gigantic ultra-perv robbery network – study

IoT devices facilitate robbery, stalking and cybercrime. That's the downbeat conclusion of a new study by app security firm Veracode into the insecurity of connected devices. Veracode reached its conclusion after looking into a variety of IoT kit, finding they are often designed without data security or privacy in mind. The …

  1. Zog_but_not_the_first
    Thumb Up

    Yep!

    Pretty much my take on it.

  2. Graham Marsden
    FAIL

    That security stuff...

    ... is just too much hassle to bother with, isn't it?

  3. nematoad
    Stop

    Wait a minute.

    "Among the issues found were: open debugging interfaces that could allow remote attackers to run arbitrary code on a device itself, such as spyware; serious protocol weaknesses that could allow passive observers to access sensitive data; and lack of adherence to best practices.."

    Perhaps we would all be better off waiting for SP2.

    Seriously, this whole thing is starting to look like a solution in search of a problem. I'm going to stay away from this stuff.

    1. Crazy Operations Guy

      Re: Wait a minute.

      Too bad that in this day and age that "SP2" = "buying a new device with the previous model's security bugs patched but new ones of its own".

    2. Oninoshiko

      Re: Wait a minute.

      Starting to?

      It ALWAYS looked like a solution in search of a problem to some of us.

  4. This post has been deleted by its author

    1. Warm Braw

      Then just hold on for the next generation of badly designed and implemented devices that will be even more hastily and cheaply conceived in an attempt to reach the only lucrative market (users without technical ability) before the competition. They'll be even more scarily intertwined with your life and even more scarily insecure.

    2. Al Black

      It isn't stupidly targeted: they have money!

  5. chivo243 Silver badge
    FAIL

    any IoT will be blocked on my home premises. No access to the internet period!

    1. Dr Paul Taylor

      What about when you move house?

      It's all very well for us smug Reg readers to say that we will never install IoT equipment in our existing houses, but what about when you move house? Recently I moved from an old house (with minor structural problems such as loose plaster) to a modern one (with problems created by its previous owner, such as a leaky shower). In future, we will have to re-fit the IT/IoT in a house when we buy it, but in some cases (eg "smart" meters), this may not be allowed.

      1. Tom Foale 1

        Re: What about when you move house?

        And what about when I get rid of my unwanted clothes to the jumble? Does the new owner get my carefully-targeted advertising?

  6. Mystic Megabyte
    Unhappy

    That's another fine mess etc.

    Damn those interweb thieves! I've never locked my front door before and now I'll have to.

  7. regadpellagru
    Joke

    Time to play Watch Dogs

    Just to have an idea of what to do with IoT.

  8. This post has been deleted by its author

  9. adnim
    Joke

    My fridge

    places an order with local supermarket if I run out of milk and my smart door lets in the delivery man droid in to place the milk in said fridge. My smart car lets my smart TV know that I am going to be late home due to traffic conditions so it can record that which I would normally watch and my TV tells my smart beer cooler to wait a while before starting its task to save electricity. The beer cooler notifies the smart cat feeder to feed the cat. The feeder of course chatted with the smart food cupboard to check that there was indeed cat food after first checking with the fridge that there wasn't any left over chicken or fish for the cat.

    My smart phone automatically sends a request to a greeting card company, a florist, a chocolatier or toy company dependant on which celebratory anniversary it is. It also intercepts the thank you messages and replies to the recipient that they are welcome and I love them, just in case I remain unaware of the action and embarrass myself by saying was it your birthday/anniversary/ etc.

    My smart clothes make their own way to my smart washing machine, just after my smart utility cupboard as informed said washing machine that it has ordered detergent and indeed the detergent has been delivered by the same droid that delivered the milk.... My smart cupboard is smart enough to check with my other smart devices before placing an order.

    As for me I never have to worry or think about anything any more. I have so much more free time to search for the latest labour/thought saving device. Perhaps there is an app for that?

    IoT what's not to like?

    1. auburnman
      Joke

      Re: My fridge

      There is the small matter of the house being robbed by a yob who stood on the back of the Smart Droid and got carried into the house, but that's a small price to pay for such convenience surely?

    2. Rich 11

      Re: My fridge

      All told, it's probably easier, safer and more reliable to train the cat to feed itself and to put a can of beer in the fridge for you if you're not home by 6pm.

    3. Crazy Operations Guy

      Re: My fridge

      With something like that set up, how long would it take for someone to noticed you've died?

      But then that why you bought that Smart Coffin that take you to the Smart Undertaker who then places you into a smart grave and automatically informs all your smart stuff to sell sell themselves while your Smart Home is sold by a Smart Realtor that sells it and have a Smart Mover to bring in another person's stuff before you family is even aware of your passing.

      1. Blofeld's Cat
        Mushroom

        Re: My fridge

        "With something like that set up, how long would it take for someone to noticed you've died?"

        Ray Bradbury touched on this in his 1950 short story "There Will Come Soft Rains".

    4. John Brown (no body) Silver badge

      Re: My fridge

      @Adnim.

      You must be wealthy enough to afford to buy all that IoT stuff from the same manufacture and be able afford to replace it all when one item breaks and the v2.0 replacement isn't compatible with the existing stuff. What we really need is a new standard.

      On a slightly more serious note, if this IoT kerfuffle is to take off in any meaningful way there really are going to have to be some mandated and enforced interoperability standards. Currently I can buy pretty much any electrical item in the UK and it will come with a plug that fits the power point in any house and will work with the standard delivered voltage. There's no patent problem and if anything isn't compatible with the power system then it's probably illegal to sell it retail anyway.

      IoT devices really ought to be able to detect the local home server/hub, pair with it and say "here are the codes I can send/receive and this is what they mean" and then self configure with minimal user interaction other than authorising the pairing/setting of passwords. Computing power is supposed to make things easier for the user, not harder.

      Oh, and of course there has to be a home server/hub because this information exchange between your home IoT devices should NOT be going via some manufactures cloud-based server system where it can be stored and analysed to "improve the user experience", ie target more ads at you.

    5. Pascal Monett Silver badge
      Coat

      Re: My fridge

      During your ride home, you get an angry call from the girl you just dumped who is furious about the chocolates she just received and assures you in no uncertain terms that there isn't a snowball's chance in Hell that you'll get her back.

      After that call, you get a notification from your landlord about a problem in your kitchen that made him call for security and a repairman. The smart cat feeder had a blockage which caused a freak current feedback that sparked your smart coffee maker which just happened to overload and cause a loopback to your smart cupboard which went haywire and filled its order queue for cat food, billing it automatically to your account. You now have a year's worth of cat food to be delivered tomorrow, order non-rescindable due to contract clause about encryption keys and digital signatures perfectly in order. You also have a $7500 bill for the repairs, payable by next Monday.

      Also, there is cat food all over the kitchen floor.

      You get home to find a patrol car waiting for you. The investigation will demonstrate that it is the electrical surcharge from your smart coffee maker and the subsequent order activity from your smart cupboard that triggered an obscure unpatched bug in your social profile's agenda organizer which caused an inordinate amount of meeting emails to be resent with today's date. In all, seven of your previous girlfriends, and some of your mates, have received invitations and messages from your stored message archive - some of which have salacious content that was, at the time, perfectly understood. Five of your exes have filed a complaint for harassment and are pressing charges.

      The policeman tiredly listens to your explanations for a minute, then cuts it short with a curt "You'll tell us that at the station, sir" before moving you to the rear of the patrol car.

      Finally, you realize that the cat will gorge itself during the night, meaning that when you get back there will not only be the remaining cat food to clean up, but probably also an unknown amount of cat vomit and maybe worse.

      IoT - what's not to like?

  10. Anonymous Coward
    Stop

    Considering the problems securing the IT devices and infrastructure we already have...

    I have to wonder why society is rushing to snap up tens of billions of new endpoints, made by such IT security luminaries as home appliance manufacturers, fly-by-night phone manufacturers and toy companies. We're actively checking off ingredients to the next IT security disaster with all the long-range thought usually associated with baking a batch of chocolate chip cookies.

    1. Irongut

      Re: Considering the problems securing the IT devices and infrastructure we already have...

      Why? Because most of society doesn't realise the problems we have securing our IT infrastructure.

      Most people have never heard of Snowdon, don't know what Heartbleed is and have no idea how to get rid of that annoying message that Norton / McAffee (delete as appropriate) is three years out of date every time they boot their computer. It's ok though because they don't use the computer as much since they bought a tablet from Tesco for 50 quid that has no AV at all.

      1. Anonymous Coward
        Anonymous Coward

        Re: Considering the problems securing the IT devices and infrastructure we already have...

        Of course the extra-stupid thing is that now companies have to look at previously innocuous puchases of breakroom appliances and other formerly trivial items as potential information security risks. For example, we have a several-years-old refrigerator in our boardroom, stocked with drinks. Is there now some scenario where if we replaced that fridge with an internet-enabled version it might potentially leak information on meetings that we have taking place?

        Ridiculous, I know, but who wants to risk being "that guy" who got his product development plans or a merger/joint venture leaked because the meeting room fridge was capturing images of what was being whiteboarded or who from company A was meeting with who from company B in the room?

        1. Terry Cloth
          Unhappy

          Not at all ridiculous

          All it takes is a competitor to take a leaf from NSA's book on Oracle...

  11. Tikimon
    FAIL

    Same Sh** Different Vendor

    Those who ignore history are doomed to repeat it. Precedents for ALL tech innovations in the last 20 years. Nobody has learned a thing.

    Always a rush to new "features" such as allowing a web page to silently install software, never thinking of how that can possibly be misused. Vendors open gaping holes and spend the rest of the product life ignoring, denying, admitting, and finally trying to close them. It feels like Groundhog Day in that respect, it's always the same.

  12. Tom Foale 1

    Internet of Services

    This stuff only works if the Things are not accessible to anyone except their owner (why would the owner want anyone else to use their wireless communications bandwidth or interfere with their access?), AND the useful information derived from the humungous amounts of data these Things will produce is made available as services - because the owner can earn more money that way than by making the Things accessible.

    In the film Battleship the Japanese captain suggests using a network of tsunami buoys distributed across the pacific to detect the alien spaceships through water displacement, a tactic that the Japanese had been using to detect American submarines for twenty years. The Things which were installed in the ocean to provide one service turn out to be useful to others too, in ways that the original business case did not anticipate. This will happen with sensor data too, though it probably mostly won't be saving the planet from aliens.

  13. WalterAlter
    Childcatcher

    Welcome to William Gibson's World

    Let's pretend...I'll be Johnny Mnemonic and you can be a short-lived, angry replicant.

  14. Anonymous Coward
    Anonymous Coward

    but don't forget the upside!

    granular control and monitoring of your life and living conditions by the device manufacturer, the advertisers "monetizing" this info, and the government that wants to find some politically or environmentally correct reason to control and monitor your stuff.

    and you might even be allowed some control of these devices thru your iPhone when allowed, too!

    1. Mark 85
      Coat

      Re: but don't forget the upside!

      Ah... that lends new meaning to "a well-regulated life" where everything will be optimized for your enjoyment and personal comfort.

      Coat because I'm looking for my personally connected controller for my IoT lifestyle. I thought it was in the pocket.....

  15. ecofeco Silver badge

    IoT and the cloud

    What could possibly go wrong? It's not like anyone is stealing MILLIONS of on-line identities almost every month, is it?

  16. Kev99 Silver badge

    I've been saying the IoT was just a joke, scam, threat, etc since we all know how safe and secure the internet is. Only fools would ever buy into this idiocy.

    1. Anonymous Coward
      Holmes

      As P.T. Barnum said, "There's a sucker born every minute.". And that was in the 19th century, when there were A lot fewer sucke.....er, people being born.

  17. dan1980

    But, but . . . you can control your heater through an app on your phone while you're on the train on the way home or set your television to record the latest episode of Master Renovation Survivalist Wants a Wife when you are running late! What could be cooler or more mind-blowingly revolutionary than that?!?!?!?

    Oh, right.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like