back to article Security MadLibs: Your IoT electrical outlet can now pwn your smart TV

A security vulnerability in "smart" power plugs can be exploited to infiltrate local computer networks. The flaw, spotted in Belkin's Wemo Insight smartplugs, would potentially allow an attacker to not only manipulate the plug itself, but also allow hopping to other devices connected to the same Wi-Fi home network. …

  1. FlamingDeath Silver badge

    The S in IoT stands for security

    The Internet of Shit™ strikes again

    It seems no company is afraid of distributing shit and poorly tested code to their customers, be it Belkin, Samsung, Cisco, Draytek, my list could quite possibly be endless

    I bet their profits are looking great though, the CEO and shareholders enjoying huge payouts

    If only they invested more in testing and security, if only...

    Maybe a law is needed, am I being too preemptive here?

    1. Anonymous Coward
      Anonymous Coward

      Re: The S in IoT stands for security

      >> Maybe a law is needed

      The politicians are far too busy screwing up other things to worry about this.

    2. Someone Else Silver badge
      Alert

      @FlamingDeath -- Re: The S in IoT stands for security

      Maybe a law is needed, [...]

      Don't let the commentard with the provocative handle "thepenisyoulove" hear you say that...

    3. The Man Who Fell To Earth Silver badge
      FAIL

      Re: The S in IoT stands for security

      This is why if for some reason you have to have IoT devices around, you segregate them on a IoT-only VLAN that is behind a firewall and can only access the Internet. No "real computers" or peripherals on that VLAN. Better yet, if your router supports enough SSID's & VLANs, give each IoT device (or small groups of like-IoT devices) their own SSID & VLAN to use so they can't even see each other.

      1. John Sager

        Re: The S in IoT stands for security

        Well, you can do the VLAN/firewall stuff, and so can I and so can a lot of commentards on here. But Joe & Jane Public? It'll be a long time before manufacturers get around to plug & play VLAN/SSID/firewall configuration.

        1. Robert Helpmann??
          Childcatcher

          Re: The S in IoT stands for security

          Well, you can do the VLAN/firewall stuff.... But Joe & Jane Public?

          This! This is the heart of the problem with IoT. If only there were an easy to set up and use management system to secure and control all a home's IoT crap... Wouldn't take much technical expertise with a touch of scare tactic marketing to get a business up and running.

          1. Roland6 Silver badge

            Re: The S in IoT stands for security

            >If only there were an easy to set up and use management system to secure and control all a home's IoT crap...

            Unfortunately, I think this will most probably be a case of dream on...

            Why?

            I remember the 1980's when practically the same problem faced networking, yes we came up with SNMP (and it's ISO OSI equivalent) and MIB, which very quickly transformed into MIB2 with lots of proprietary extensions...

      2. Prst. V.Jeltz Silver badge

        Re: The S in IoT stands for security

        "IoT-only VLAN that is behind a firewall and can only access the Internet"

        How would that stop someone accessing your smart plug thing and turning off your granny iron lung?

    4. GnuTzu
      Trollface

      Re: The S in IoT stands for security

      Actually, the inevitability is that there will be disposable smart devices, which means our trash bins will be full of these things--many of which will be left on or unable to be turned off. So we really will have Internet of Trash. Also, we may well expect that someone will come up with smart decomposition trackers. And, what happens when the singularity happens and this stuff all becomes conscious. Then the Internet of Shit will really hit the Internet enabled smart fan.

    5. Fatman

      Re: The S in IoT stands for security

      $DEITY knows that I wish I could give you a lot more upvotes!!!

  2. Milton

    "shouldn't be on … network in the first place"

    "… new way to break thing that shouldn't be on your home network in the first place"

    I guess we're all a leetle tired of saying that just because you can do something doesn't mean you should. Personally I thought that even non-technical consumers would have developed some healthy scepticism by now, rather than continuing to swallow the endless drivel spouted by marketurds. But the Internet of Shyte tide just keeps on coming in, bringing at best utterly pointless and at worst positively dangerous connectivity to a Useless Device Near You.

    But it's not only about personally inconveniencing twits with more money than sense, is it? It's potentially way bigger than that.

    Given the recent article about research into how abuse of connected devices could be used to bring down regional power grids, and the never-ending news about Russia's GRU hacking, invading and weaponising every damn thing in sight, you could be forgiven for wondering why western governments aren't taking control of this. If it was common knowledge that hostile Crotobaltislavonian intelligence was planting remote-controllable demolition charges around UK or US strategic infrastructure like power grids, water and gas pipelines, reservoirs, railways, motorway bridges ... why, there would be massive bloody uproar. If gullible consumers were buying those cute imported Crotobalti Slobberpups, unaware that, upon receiving a broadcast command in years to come, these seemingly inoffensive canines would tear their owners' throats out before causing mayhem on the streets, there would be swift and decisive action.

    Yet, as something very similar but intangible is happening right now in the field of internet technology, nothing effective is done at all.

    One of the few things worse than Brexit would be if Vlad The Emailer switched off Britain's lights for a week. The cost of the chaos is almost unimaginable. Is it a good idea to keep doing things that make this easier for him?

    Incomprehensible, to imbecile politicians.

    1. Anonymous Coward
      Anonymous Coward

      Re: "shouldn't be on … network in the first place"

      "One of the few things worse than Brexit would be if Vlad The Emailer switched off Britain's lights for a week."

      Since you're obviously a fan of the EU why not ask them why they haven't written up one of their famous directives to control this particular piece of tech.

      Or is it simply a case that almost all politicians are technical and scientific illterates who barely grasp the terminology , never mind the ideas and issues behind it. The fact that we keep electing people who, if they even have qualifications they're utterly useless for running a 21st century state. Perhaps a few more BSc's** and a few less MA's and MBA's in parliaments around the world might improve things immensely.

      ** Yes, Thatcher, but to be fair she was actually quite good when it came to supporting new tech industries back in the day.

      1. GSTZ

        Re: Hoping for help from politicians ...

        One of the important things that people need to learn is that you cannot fix fundamental technology problems just by issuing new laws, rules, certificates and other boring paperwork.

        So why should one ask politicians and civil servants who typically have rather limited insigth into the problems to produce even more laws and rules ? At best, that would lead to a false impression of improvements in security and also to more lenghty, pointless and expensive lawsuits.

        Help can only come from experts and a shift in paradigm - leaving behind that currently prevailing messy IT infrastructure which is pretty unreliable and vulnerable beyond repair, and coming up with something new that has been designed for reliability and security from day one.

        1. trydk

          Re: Hoping for help from politicians ...

          @ GSTZ: The technology sector as a whole (more or less) has shown that they cannot fathom that security should be more important than money, thus we need some appropriate paragraphs to push them in the right direction.

          A simple and rather non-intrusive law could state that the producer of a thingamading* is entirely responsible for the damage (direct and indirect as well as collateral) a hack causes in all aspects from money over property damage to reputation where applicable. Add some punitive damages to that, say 1% of worldwide yearly turnover (not profit as that can be fiddled with), and I think even the big multinationals would sit up and listen!

          * Yes, there are a few corner cases like software installed on a computer but I'm pretty sure that some nice people on here can sort that out othewise there'll be plenty of opportunity to downvote me.

          1. GSTZ

            Re: Hoping for help from politicians ...

            @ trydk: That call for stricter IT security laws sounds good, but won't help very much. Such legislation might cause tiny startups to improve their IoT product's password protection from "hilarious" or "none" to "very basic", but that does not solve the much wider and much older fundamental problems in IT security.

            We run IT infrastructure that is utterly vulnerable, offering myriads of holes making nasty attacks like WannaCry possible. When taken to court, Microsoft will certainly be able to prove that they are doing the best they can and are not neglecting their duties. In the WannaCry example, they had published a related Windows patch two month before the malware outbreak.

            Other cases are even more difficult, it will often be hard to determine who should be held responsible at all - like in the Heartbleed case, which was caused by a bug in Open Source code.

            Who is to blame for the fact that practically all of our IT gear is based on the vulnerable Von Neumann computer architecture ? In contrast, the Harvard architecture features solid seperation beween data and code, thus providing much better protection. But can vendors be sued for not investing many billions into something entirely different that would be extremely hard to bring to market ?

            Legislation can help to create awareness, as shown in the GDPR case (it will take some time until the positive effects will prevail over the initial difficulties). However, politicians and lawyers cannot fix fundamental shortcomings in technology.

    2. Roland6 Silver badge

      Re: "shouldn't be on … network in the first place"

      Coming at this from a slightly different angle...

      Just been reading/researching Cat6a and PoE and one article was about using Cat6e PoE for smart lighting systems. I can envision the logic that leads to the implementation convergence, so that things that shouldn't being on the data network, being put on the data network because it makes things so much easier...

  3. Doctor Syntax Silver badge

    No problem. Those are two of the many devices I wouldn't have been buying anyway.

    1. Prst. V.Jeltz Silver badge

      What the fuck is it

      I propose all reg articles titled "IOT device X is shit , pointless and insecure" should start with a paragraph explaining what it is and what possible benefit the manufactures are claiming it is to anyone.

      Other wise we're just left gussing why the fuck would anyone connect a X to the internet.

  4. Little Mouse

    "enabling the owner to ... turn the plugs on and off with a smartphone or PC"

    Shoot me now. Please, someone. Just end it before it gets any worse.

    1. Wellyboot Silver badge

      I forsee a new Darwin Award category - Fatalities resulting from interplay of IoT devices.

    2. Kernel

      "Shoot me now. Please, someone. Just end it before it gets any worse."

      I see you suffer from a common internet problem - the assumption that because you have no use case for such a device nobody else can possibly have a valid reason for wanting one.

      Most of the use cases I've heard of for these involve controlling stuff from a little further away that the other side of the room - although personally I'd only ever connect one at home behind the VPN server.

      1. Prst. V.Jeltz Silver badge

        " although personally I'd only ever connect one at home behind the VPN server."

        and what would that do? it either isolates it so its no use to you , or its still insecure.

    3. sweh

      It's Christmas!

      "Shoot me now. Please, someone. Just end it before it gets any worse."

      At Christmas time I plan on putting the tree lights on a smart switch and programming the echo so I can say "Alexa, it's Christmas!" and the tree lights will turn on and Slade will start playing.

      Now that's smart :-)

      1. Chronos
        Mushroom

        Re: It's Christmas!

        Now that's smart :-)

        Not exactly the adjective I would have chosen. It does begin with "S," though.

        Perhaps tie it in with isitchristmas.com's public API? For the authentic feel, have it randomly turn the lights off until you fiddle with the fuse bulb...

      2. Phil O'Sophical Silver badge
        Happy

        Re: It's Christmas!

        so I can say "Alexa, it's Christmas!" and the tree lights will turn on and Slade will start playing.

        Interesting demographic niche there: old enough to like "Merry Christmas Everybody", young enough to think Alexa is a good idea.

        1. jake Silver badge

          Re: It's Christmas!

          A stopped clock is correct twice per day ;-)

        2. Flywheel

          Re: It's Christmas!

          old enough to like "Merry Christmas Everybody"

          Nobody mentioned "like" - I'm old enough to remember that accursed ballad the first time round, but "like" is not a word I'd voluntarily use :)

          1. Rich 11

            Re: It's Christmas!

            I'm old enough to remember that accursed ballad the first time round

            Ditto. The novelty wore off the Christmas before my balls dropped.

        3. sweh

          Re: It's Christmas!

          Interesting demographic niche there: old enough to like "Merry Christmas Everybody", young enough to think Alexa is a good idea.

          Or maybe old enough to be able to decide for themselves the pros and cons of Alexa and feel that the "fun" factor outweighs the minimal risk.

          https://www.sweharris.org/post/2017-01-02-always-listening/

          BTW, I'm 50 this year. Hardly a youngster.

    4. Robert Helpmann??
      Joke

      Shoot me now. Please, someone.

      With my IoT wireless connected smart gun?

  5. Wellyboot Silver badge
    WTF?

    Low Impact - Really?

    "A smart plug by itself has a low impact. An attacker could turn off the switch or at worst possibly overload the switch" !!!

    Overloading electrical devices rarely ends well.

    1. Anonymous Coward
      Anonymous Coward

      Re: Low Impact - Really?

      The only way you could possibly overload the switch is if you had plugged in more things than it can handle, assuming you'd never turn them all on at once.

      If you have multiple electric kettles on the same switch assuming "I'll never turn on more than one at once", and have old wiring so a breaker isn't going to trip and save you, I can't say I'm going to feel too sorry for you if your house burns down...

      1. This post has been deleted by its author

      2. John H Woods Silver badge

        Re: Low Impact - Really?

        "The only way you could possibly overload the switch is if you had plugged in more things than it can handle,"

        IANASparky but couldn't rapid switching of some devices also cause problems?

        1. Adrian 4

          Re: Low Impact - Really?

          Yes.

          But only if they're even more poorly designed than the leaky wifi power switch.

          1. Long John Brass
            Flame

            Re: Low Impact - Really?

            Surge current is a thing. You may well damage the "smart" switch, the device that connected to it and possibly trip the breaker. Depending on the design I wouldn't put it past the "smart" switch to catch fire either :(

          2. Wellyboot Silver badge

            Re: Low Impact - Really?

            But only if they're even more poorly designed than the leaky wifi power switch.

            That's not a comforting thought when most modern consumer electrical stuff is designed down to a price. Sometimes I think CE rating just means 'don't run a bare wires outside the box'

            1. AS1

              Re: Low Impact - Really?

              "Sometimes I think CE rating just means 'don't run a bare wires outside the box'."

              Bob: We were going for an industrial design, inspired by the Lloyd's Building in London, with all the utilities on the outside.

              BOFH: Can we put you on the inside? In small chunks.

  6. Borg.King

    So long Grandma, thanks for all the fish

    1. Overload the switch.

    2. Trip the GFCI on the main distribution panel.

    3*. Powers down the automatic defibrillator, and the WiFi connected panic switch.

    4. Anyone want Grandmas cat?

    5. Donations to the RSPCA please.

    * At this point you could switch the movie script to mix alien and human DNA to create whomsowhatever.

    1. Adrian 4

      Re: So long Grandma, thanks for all the fish

      an .. automatic defibrillator ?

      That's an interesting idea. I think there's probably a law against it though. Internet-connected or not.

      1. Cuddles

        Re: So long Grandma, thanks for all the fish

        "an .. automatic defibrillator ?

        That's an interesting idea. I think there's probably a law against it though. Internet-connected or not."

        Why would there be a law against them? They're common and very useful medical devices. Usually they're small implants, so unlikely to be affected by anyone messing around with "smart" house electrics, although I wouldn't be at all surprised if they're started connecting them to the internet with all the vulnerabilities that tends to bring.

        Aside from that, the big automated defibrillators are probably the most common form available, since they're usable by pretty much anyone without needing training. Again, they're generally self-contained units so wouldn't be affected by electrics, and in any case you only take them out and attach them to someone when actually needed. But they're very much a real thing, and making laws against them would be incredibly stupid.

      2. Alister

        Re: So long Grandma, thanks for all the fish

        an .. automatic defibrillator ?

        That's an interesting idea. I think there's probably a law against it though.

        What a stupid comment!

        Nearly all defibrillators - even those used in hospitals or by paramedics, have software which automatically determines if the patient is in a shockable rhythm.

        Some, like the LifePak 20, which combine proper 12-lead ECG monitoring, are capable of being switched to manual mode, but they usually default to the AED setting.

  7. Mayday
    Alert

    I have a "Smart TV"

    And guess what? The wireless in it is turned off and it has never had any passwords in it. Solves that problem.

    When I was shopping around all I wanted was a dumb panel but finding a 4k screen which is not "Smart" proved difficult.

    1. This post has been deleted by its author

    2. This post has been deleted by its author

    3. Sampler

      Re: I have a "Smart TV"

      I found a "dumb" version of the 4k smart tv I wanted right on the same website, in the same section, handily for sixty bucks less, seemed like a "no brainer" ; )

      TV doesn't have to have smarts, why build something in that a $30 dongle can do just as adequately and can be replaced/upgraded when the time comes rather than wiping out the whole set, never mind IoT paranoia (whether it's deserved or not).

      1. H in The Hague

        Re: I have a "Smart TV"

        "I found a "dumb" version of the 4k smart tv I wanted"

        Could you let us know the make and model? There might be quite a few of us out here interested in something like that.

      2. Anonymous Coward
        Anonymous Coward

        Re: I have a "Smart TV"

        "I found a "dumb" version of the 4k smart tv I wanted right on the same website, in the same section, handily for sixty bucks less, seemed like a "no brainer" ; )"

        Lucky you. When I purchased my TV the total number of non-smart 4k TVs offered by Samsung, Panasonic, Sony, and LG (as in listed on their web site) was zero. Not one. I think the very basic HD models might possibly have been not smart, but they lacked features (sound/image quality) I wanted.

      3. onefang

        Re: I have a "Smart TV"

        "TV doesn't have to have smarts, why build something in that a $30 dongle can do just as adequately and can be replaced/upgraded when the time comes rather than wiping out the whole set,"

        So that when the time comes that it needs to be replaced/upgraded, they can sell you a new expensive smart TV, instead of only selling you a new cheap dongle.

    4. Anonymous Coward
      Anonymous Coward

      'Solves that problem'

      There's still a few non-Smart TV's around but they're harder to find...

      If we've learned anything about tech ethics, assumption is the mother of all fuckups. First up, no one has proven that certain brands of Smart-TV's don't probe nearby neighbor's Wi-Fi and then phone-home! Routers without passwords in apartment complexes are common, and even more common are unsecured tethered Wi-Fi connections from cell phones etc.

      Cases such as this have been documented as well. Take a busy family home where the neighbor's kid comes over one day and links your Smart-TV to their Wi-Fi router without permission / knowledge. You end up finding out 6 months later etc.

      This is such big business now, expect some micro-antenna comms between nearby Smart-TV's, or undocumented 4G-sim feature, or just some general inescapable embedded micro-network tech coming soon to a Smart TV near you (on sale).

      Don't think any of this is possible? Maybe you just haven't seen Vizio's ethics in action. Remember, if the GDPR / Cali fine is less than the profit, then it only makes good business sense to continue. Think chemical spill fine versus clean-up costs etc...

      ~~~~

      https://www.forbes.com/sites/bernardmarr/2017/02/08/shocking-smart-tv-manufacturer-vizio-spies-on-customers-using-advanced-big-data-analytics/2/

      https://adexchanger.com/digital-tv/vizios-data-business-back-updated-privacy-policy-expanded-partnership-ispot-tv/

  8. jake Silver badge

    ::hrrumpf::

    "Your IoT electrical outlet can now pwn your smart TV"

    Yours maybe, but not mine. I do not and will not ever own either.

    1. Allan George Dyer

      Re: ::hrrumpf::

      What are you going to do when you need to replace your current appliances, and the only available replacements are all "smart"?

      It's getting to the point where adding "smart" is minimal cost, and it allows the device to collect (possibly anonymised) marketing data, benefiting the vendor. Economics will make "dumb" disappear, unless we do more than passively say, "don't care, I'm not buying one".

      1. Chronos

        Re: ::hrrumpf::

        What are you going to do when you need to replace your current appliances, and the only available replacements are all "smart"?

        Lobotomise the buggers by connecting them to a fake AP. I already have an ESP8266 pretending to be an access point with nothing but 3V3 connected to it for such devices.

      2. jake Silver badge

        Re: ::hrrumpf::

        "What are you going to do when you need to replace your current appliances, and the only available replacements are all "smart"?"

        What is this thing called "replace", lad? I repair my broken kit.

        Seriously, though, this house has over 100 wall outlets. When one dies (so rare that it hasn't happened yet), I'll replace it with one of the spares that I bought when I built the place (the contractor (me) over estimated). If I run out, I'll go down to the hardware store and purchase what I need. There will ALWAYS be "dumb" power outlets available for sale. As for the TV, I watch it so rarely that if it fails to the point where I can't fix it anymore, I'll probably do without; it's not like there is anything important on.

        As a side note, I helped a friend select a new fridge the other day[0]. Not seeing any in the showroom, I jokingly asked about "smart" fridges. The sales droid said they didn't have any in stock, because after the initial flurry of "new, shiny" a couple years ago they stopped selling. Not dwindled down, stopped. As in nobody had bought one from him in years.

        [0] For values of "helped select" that equals "I have a pickup truck, he doesn't".

        1. Allan George Dyer

          Re: ::hrrumpf::

          "(the contractor (me) over estimated)" - I hope you gave yourself a good deal, you know what these contractors are like with overcharging ;-)

          'There will ALWAYS be "dumb" power outlets available for sale.' - Always is a long time. Sooner or later, every standard becomes obsolete. Do you know anyone still manufacturing Wylex Plugs, for example?

          1. jake Silver badge

            Re: ::hrrumpf::

            I went one better ... I gave me a good talking to. Over a pint. I was so contrite I didn't even talk back, so I had mercy on me and bought myself another pint.

            Concur on "always" being a long time. But for the duration of this conversation, I suspect we can agree that "always" means "as long as either one of us is alive enough to need said part".

            The last time I saw a Wylex plug was in roughly 1980, at Kings College. Wylex is still in existence, they make breakers and distribution panels and attendant hardware. If you have an actual need, call and ask ... I'll bet they have plenty of NOS (new old stock) and will happily sell it to you. Squeaky wheel and all that.

  9. sweh

    UPnP? Ugh. That's just asking for remote attacks. Let's expose my IOT device to the whole internet. We've never seen that cause a problem before.

    The other option is to have the devices reach out to a central server (which is what things like TP-Link Kasa, Frigidaire, Hue, Echo, TiVo...) all do. Now we're dependent on the central server keeping running! We've never seen those companies stop supporting devices or shutdown servers...

    At least Kasa devices and Hue hub expose local network endpoints (unauthenticated so anyone on the local network can reach them) so if the central server does go away then at least freeware alternatives can be written.

    There is no win... just various shades of lose.

  10. Donn Bly

    This bug cannot be used to infiltrate a network

    This bug cannot be used to infiltrate a network, because the only way to trigger the bug is is you are ALREADY on the same network of the device.

    If you are already on the same network you could just as easily send the commands to turn the TV on or off directly, or deliver any other payload, and with that level of penetration then hacking the Wemo switch is superfluous.

    1. sitta_europea Silver badge

      Re: This bug cannot be used to infiltrate a network

      "This bug cannot be used to ..."

      Yeah, sure. Of course it can't. Impossible.

      There's a company in Israel I'd like you to talk to...

      1. Donn Bly

        Re: This bug cannot be used to infiltrate a network

        The reason it cannot be used to infiltrate the network is, by the nature of the bug, that you have to ALREADY be on the network in order to trigger it. Can it be used to make things worse? Sure, but it can't be used for the initial infiltration.

  11. John Smith 19 Gold badge
    WTF?

    "exploit stems from a buffer overflow in the Universal Plug and Play (UPnP) software"

    It's August 2018 and stilllllll this s**t.

    F**king code monkeys, slinging more software s**t.

    I tell myself "You shouldn't get so upset. It's no worse than most other s**t"

    Somehow being no worse than other s**t, is not making me feel better.

    1. Prst. V.Jeltz Silver badge

      Re: "exploit stems from a buffer overflow in the Universal Plug and Play (UPnP) software"

      I've always wondered why "buffer overflow" results in something as technical as code executing .

      When my 240v mains breaker overflows , or my toilet , or the turbo in my car - nothing magical happens.

      just damage , or at best - nothing

      1. jake Silver badge

        Re: "exploit stems from a buffer overflow in the Universal Plug and Play (UPnP) software"

        Prst. V.Jeltz, this oldie should answer your question:

        http://insecure.org/stf/smashstack.html

        The tldr version: If you put 10 pounds of sugar into a 5 pound bag, you'll be able to stand on the resulting pile and reach the cookies on top of the fridge.

        1. Prst. V.Jeltz Silver badge

          Re: "exploit stems from a buffer overflow in the Universal Plug and Play (UPnP) software"

          Thanks Jake

          Good god that is an oldie!

          .

          .

          oO Phrack 49 Oo.

          Volume Seven, Issue Forty-Nine

          File 14 of 16

          BugTraq, r00t, and Underground.Org

          .

          .

          Had to sidestep the company's ridiculously feeble content mgmt / access system to see it .

  12. Mage Silver badge

    Universal Plug and Play (UPnP) software

    I've said from the BEGINNING that Autoplay, UPnP etc are inherently stupid. Making use too simple at price of security.

    I've always disabled uPnP on routers and it and SSSD (sp?) on Windows Services, as well as all other silent automatic code running except USB.

    USB HID is another issue. Maybe use USB cables carefully opened and the Data wires cut? Esp. when travelling, though sadly DC voltages/resistors on the D+ & D- in the charger tell the appliance what the maximum charging current is, so you might only get 500mA instead of 1A or 2A.

  13. sitta_europea Silver badge

    Somebody bought something from Belkin?

    A curse on all their houses.

  14. Potemkine! Silver badge

    Oh yes manipulate my big plug

    What's the point to connect this (kind of) plug to the Net, except searching for problems?

  15. MJI Silver badge

    My mains stuff

    Is staying basic BS1363 except for a couple of surge protectors.

    None of this smart nonsense

  16. Pascal Monett Silver badge

    So this is the future we're to expect ?

    People configuring their house from their phone ? All wall outlets, every single power plug, the doors, the drapes, the shutters, each room and every single electrical thing in it ? From a phone ?

    Used by people who, by and large, weren't capable of setting the time on their VCR when they had one ?

    Is this really where we're going ?

    This is no longer a handbasket, we're going to Hell in a rusty bucket.

    1. tiggity Silver badge

      Re: So this is the future we're to expect ?

      Even with the level of IoT pointlessness, an IoT socket is really WTF level. Is there a competition for the most ludicrous thing to add IoT functionality to?

  17. Timmy B

    Some of this IoT Automation does have uses

    Live with an elderly, disabled person and see how much use it is to be able to turn things off and on for them at a distance or check on them when you're not there. Or check they haven't left things on, without going up and down stairs a dozen times a day...

    I agree the security should be better and testing done to a sufficient level. But when you need help for these things and you don't want to be chained down then it's darn handy.

    Smart TVs, though. They are terrible at being "smart". Dongles do all they can, and more, with ease and cheapness.

    1. jake Silver badge

      Re: Some of this IoT Automation does have uses

      I agree, Timmy B. In fact, I've been doing all that you suggest (and more) with X10 kit since the mid 1980s. No IntraWebTubes required.

      1. H in The Hague

        Re: Some of this IoT Automation does have uses

        "X10 kit since the mid 1980s"

        Fond memories, though I never used it.

        Now using something very similar for where cables are difficult to run: easy to set up, fits into standard Dutch wiring boxes and the Internet gateway is entirely optional.

  18. fredj

    How about about some friendly hacking if IOT devices to send emails to the s.b's. promoting simplistic smart meters in the UK. A couple of million emails a day might do some good. ( "might")

  19. Anonymous Coward
    Anonymous Coward

    Friends don't let friends belk

    "The flaw, spotted in Belkin's"....

    ....aaaand that's your problem right there.

    1. defiler

      Re: Friends don't let friends belk

      One day I was wearing a T-shirt that read "no I will not fix your computer" when a guy (clearly thinking he was clever) asked if I'd fix his wireless network instead.

      "Does any of it say Belkin anywhere?"

      "Yes, how did you know?"

      "Funny that..."

      Next time I saw him (climbing centre) he said it was working since he'd binned the Belkin...

  20. DuncanLarge Silver badge

    What the flying F**K

    Really?

    Do these things really exist?

    Why?

    Why do they exist?

    Who thinks they need to exist?

    WHY DOES MY EXTENSION LEAD NEED WIFI FFS?

    I'm assuming diy stores will start selling IOT self tapping screws next.

    What about door hinges? Use an app to see which doors are ajar in your home when you are skiving at work. Get home to find your door hinge was used to infect your PC with cryptolocker, taken over your toaster to have it mine monero and installed a backdoor in your front door lock to allow access to your home for anyone with the magic key they bought off the dark web.

    Jesus.

    1. defiler

      Re: What the flying F**K

      WHY DOES MY EXTENSION LEAD NEED WIFI FFS?

      Read this and my immediate thought was "yes, why can't it just run on powerline Ethernet?"

      On the other hand, remote power sockets can be handy in a strange. Used them before, and whilst in that case they never actually paid for themselves they did did me a lot of hassle. Around the house, though? Not feeling it.

  21. spellucci

    Help from America

    Americans,

    You are big consumers of this IoT stuff. And big producers of law firms. Can we arrange for you to create a class action lawsuit or two? Lawsuits that hold individual IoT owners liable for their unpatched devices contributing to, say, the DDOS attacks that those devices take part in.

    "If you own device X, and you cannot show it was fully patched, you are hereby assessed $50,000 for damages your device caused." When said device cost $50. That will slow down sales. And have the manufacturers make sure their devices can be patched so we can at least have a chance at keeping them secure.

    Sincerely,

    Well, everybody

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like