The internet era of fun and games is over
November 23, 2016 6:52 AM Subscribe
Network security expert Bruce Schneier notes that if everything has a computer in it, then everything IS a computer. That has serious implications for security.
"Our computers are secure for a bunch of reasons. The engineers at Google, Apple, Microsoft spent a lot of time on this. But that doesn’t happen for these cheaper devices. … These devices are a lower price margin, they’re offshore, there’s no teams. And a lot of them cannot be patched. Those DVRs are going to be vulnerable until someone throws them away. And that takes a while. We get security [for phones] because I get a new one every 18 months. Your DVR lasts for five years, your car for 10, your refrigerator for 25. I’m going to replace my thermostat approximately never. So the market really can’t fix this."
"Our computers are secure for a bunch of reasons. The engineers at Google, Apple, Microsoft spent a lot of time on this. But that doesn’t happen for these cheaper devices. … These devices are a lower price margin, they’re offshore, there’s no teams. And a lot of them cannot be patched. Those DVRs are going to be vulnerable until someone throws them away. And that takes a while. We get security [for phones] because I get a new one every 18 months. Your DVR lasts for five years, your car for 10, your refrigerator for 25. I’m going to replace my thermostat approximately never. So the market really can’t fix this."
Why do I need a refrigerator that shows me the daily weather report
Well, you don't. But it is useful for your refrigerator to know when your solar panels are producing excess juice, because using it in-house makes you more money than selling it at a low rate and having to buy it later at night at a higher rate.
I agree that a lot of these things are frivolous, but as Schneier can readliy point out, anything with a CPU and TCP/IP capability is useful for intruders, whether its actual purpose is frivolous or not.
Apropos that, your fridge doesn't actually need TCP/IP to have a chat with your solar inverter. In fact, a Zigbee or other protocol that is not TCP routable is probably a better idea, because then neither device is available for remote misuse.
posted by ocschwar at 7:41 AM on November 23, 2016 [10 favorites]
Well, you don't. But it is useful for your refrigerator to know when your solar panels are producing excess juice, because using it in-house makes you more money than selling it at a low rate and having to buy it later at night at a higher rate.
I agree that a lot of these things are frivolous, but as Schneier can readliy point out, anything with a CPU and TCP/IP capability is useful for intruders, whether its actual purpose is frivolous or not.
Apropos that, your fridge doesn't actually need TCP/IP to have a chat with your solar inverter. In fact, a Zigbee or other protocol that is not TCP routable is probably a better idea, because then neither device is available for remote misuse.
posted by ocschwar at 7:41 AM on November 23, 2016 [10 favorites]
Why do I need...X?
What we need isn't just better IoT security, but less frivolous IoT use cases.
Why inexorably leads to paradox.
-- Frank Herbert, The Heretics of Dune, 1984
Who/What/How decides frivolous?
"Smart" devices were described by computer innovators in the 1950s. I wish I had a cite, but I'm drawing from memories of the older books and magazines I was reading in the early 80s. Hell, Popular Mechanics likely. It was an extrapolation of miniaturization. What surprised many (opinion) was the relative chasm between big iron and the desk-top. I'm too young to know the cultures of workstations, but am old enough to know the slow, initial inertia of an assembled device and the "killer app". For quite a while...hobbyists. I've always been fascinated by how predominate games were compared to the slow appearance of a "useful" application like Quicken. (Ignoring the geeky interim of spreadsheet users).
It's a sticky problem and the devil's in the architecture and good post.
posted by lazycomputerkids at 7:46 AM on November 23, 2016 [2 favorites]
What we need isn't just better IoT security, but less frivolous IoT use cases.
Why inexorably leads to paradox.
-- Frank Herbert, The Heretics of Dune, 1984
Who/What/How decides frivolous?
"Smart" devices were described by computer innovators in the 1950s. I wish I had a cite, but I'm drawing from memories of the older books and magazines I was reading in the early 80s. Hell, Popular Mechanics likely. It was an extrapolation of miniaturization. What surprised many (opinion) was the relative chasm between big iron and the desk-top. I'm too young to know the cultures of workstations, but am old enough to know the slow, initial inertia of an assembled device and the "killer app". For quite a while...hobbyists. I've always been fascinated by how predominate games were compared to the slow appearance of a "useful" application like Quicken. (Ignoring the geeky interim of spreadsheet users).
It's a sticky problem and the devil's in the architecture and good post.
posted by lazycomputerkids at 7:46 AM on November 23, 2016 [2 favorites]
Strange Interlude: Why do I need a refrigerator that shows me the daily weather report when it's already there on my phone or tablet?
For the same reason that you need a daily weather report on your phone or tablet when it's right there in your daily newspaper.
IoT isn't a bad idea. Very intelligent people are doing this, and not because they think it's awesome to connect a toaster to the Internet and no other reason. But the benefits won't be as pronounced or obvious until the full power of what will be possible once this level of connectivity and processing power is more widely available. The same way that we had to deal with years of "why would I want to shop from my computer when I get a catalog in the mail" and "why would I want to send a message to someone on the computer when I can pick up the phone or write them a letter", we are now dealing with "why would I want my lights to be programmable" and "do my fridge and stove really need to be able to send each other emoji".
There are a few glimmers of what can happen as things get more connected. This can benefit the environment: appliances that are aware of both your usage patterns as well as the weather, so they can adjust themselves to use the most energy when it's available via solar from a bright sunny day or even not run as much (or at all) when you're on vacation. It can provide health benefits: kitchen appliances might notice when an elderly relative hasn't used them recently but is still home, letting you know that they might not be capable of getting up off the floor. The benefit of vehicles being aware of their environment to avoid accidents seems immediately obvious, but with those same sensors and interconnectivity they can report on road conditions so that maintenance can be carried out before the rough spot in the road becomes a pothole big enough to swallow a hippopotamus.
Honestly, nobody knows exactly what will happen because the best uses won't become obvious until the means to create them are already in place. It was the same with the Internet, telephone, electricity, even steam. A ridiculous curiosity today becomes a crucial piece of infrastructure tomorrow.
This doesn't mean we don't need to take the security implications seriously, of course. But declaring an entire technology to be useless because of growing pains is throwing the baby out with the bathwater.
(Sorry for the rant; I just get a bit fed up with the inverse of so-called "Engineer's Disease", where people unthinkingly believe that engineers are short-sighted and push technology without thought about society. I call this knee-jerk hatred for anything involving engineering "Metafilter Disease".)
posted by fader at 7:46 AM on November 23, 2016 [33 favorites]
For the same reason that you need a daily weather report on your phone or tablet when it's right there in your daily newspaper.
IoT isn't a bad idea. Very intelligent people are doing this, and not because they think it's awesome to connect a toaster to the Internet and no other reason. But the benefits won't be as pronounced or obvious until the full power of what will be possible once this level of connectivity and processing power is more widely available. The same way that we had to deal with years of "why would I want to shop from my computer when I get a catalog in the mail" and "why would I want to send a message to someone on the computer when I can pick up the phone or write them a letter", we are now dealing with "why would I want my lights to be programmable" and "do my fridge and stove really need to be able to send each other emoji".
There are a few glimmers of what can happen as things get more connected. This can benefit the environment: appliances that are aware of both your usage patterns as well as the weather, so they can adjust themselves to use the most energy when it's available via solar from a bright sunny day or even not run as much (or at all) when you're on vacation. It can provide health benefits: kitchen appliances might notice when an elderly relative hasn't used them recently but is still home, letting you know that they might not be capable of getting up off the floor. The benefit of vehicles being aware of their environment to avoid accidents seems immediately obvious, but with those same sensors and interconnectivity they can report on road conditions so that maintenance can be carried out before the rough spot in the road becomes a pothole big enough to swallow a hippopotamus.
Honestly, nobody knows exactly what will happen because the best uses won't become obvious until the means to create them are already in place. It was the same with the Internet, telephone, electricity, even steam. A ridiculous curiosity today becomes a crucial piece of infrastructure tomorrow.
This doesn't mean we don't need to take the security implications seriously, of course. But declaring an entire technology to be useless because of growing pains is throwing the baby out with the bathwater.
(Sorry for the rant; I just get a bit fed up with the inverse of so-called "Engineer's Disease", where people unthinkingly believe that engineers are short-sighted and push technology without thought about society. I call this knee-jerk hatred for anything involving engineering "Metafilter Disease".)
posted by fader at 7:46 AM on November 23, 2016 [33 favorites]
why would i want to open the fridge to see what's in it when i can just have a nutrient-rich slurry pumped directly into my stomach as i recline in my vr pod
posted by entropicamericana at 7:48 AM on November 23, 2016 [15 favorites]
posted by entropicamericana at 7:48 AM on November 23, 2016 [15 favorites]
I'm sorry, what did you say? I was 'batin'...
posted by lazycomputerkids at 7:53 AM on November 23, 2016 [5 favorites]
posted by lazycomputerkids at 7:53 AM on November 23, 2016 [5 favorites]
What we need isn't just better IoT security, but less frivolous IoT use cases.
I agree with you on this, but the problem is that reasonable people can disagree on what's frivolous. For example:
Why do I need in-dash computer navigation when I can just plug in my phone?
In-dash GPS navigation screens are better positioned and safer, IMHO than looking at a phone screen (unless the consumer has purchased some kind of mount to keep the phone closer to the windshield).
I think the best solution would be some kind of standardized plug-in that allows any phone to drive what should be a relatively "dumb" screen built-in to the car, but we can't even get Apple to use USB properly (let alone getting all the android manufacturers to put the connection ports in a standard place).
But given the choice of two not great options, I can see why some people choose in-dash nav, even though I totally just wing it with my phone and an aux cord (because god forbid bluetooth not be standard in new cars in 2012).
Also: what fader said.
posted by sparklemotion at 7:56 AM on November 23, 2016 [3 favorites]
I agree with you on this, but the problem is that reasonable people can disagree on what's frivolous. For example:
Why do I need in-dash computer navigation when I can just plug in my phone?
In-dash GPS navigation screens are better positioned and safer, IMHO than looking at a phone screen (unless the consumer has purchased some kind of mount to keep the phone closer to the windshield).
I think the best solution would be some kind of standardized plug-in that allows any phone to drive what should be a relatively "dumb" screen built-in to the car, but we can't even get Apple to use USB properly (let alone getting all the android manufacturers to put the connection ports in a standard place).
But given the choice of two not great options, I can see why some people choose in-dash nav, even though I totally just wing it with my phone and an aux cord (because god forbid bluetooth not be standard in new cars in 2012).
Also: what fader said.
posted by sparklemotion at 7:56 AM on November 23, 2016 [3 favorites]
The benefit of vehicles being aware of their environment to avoid accidents seems immediately obvious, but with those same sensors and interconnectivity they can report on road conditions so that maintenance can be carried out before the rough spot in the road becomes a pothole big enough to swallow a hippopotamus.
All the same, I don't see why those functions can't just be subsumed into my phone through a standardized, secure car-to-device interface. The only things I require from my car are that it move at least 65 MPH, get decent gas mileage, and be safe to operate. I don't need a redundant, insecure computer system in my car when I'm already carrying a powerful, reasonably secure pocket computer around with me all the time.
In-dash GPS navigation screens are better positioned and safer, IMHO than looking at a phone screen (unless the consumer has purchased some kind of mount to keep the phone closer to the windshield).
That's what I use. It wouldn't be too hard to imagine car manufacturers adding a standardized device-mount positioned under the rear-view mirror. I think of mine as the "droid socket" for my car, a la R2-D2 in Star Wars.
posted by Strange Interlude at 8:11 AM on November 23, 2016 [1 favorite]
All the same, I don't see why those functions can't just be subsumed into my phone through a standardized, secure car-to-device interface. The only things I require from my car are that it move at least 65 MPH, get decent gas mileage, and be safe to operate. I don't need a redundant, insecure computer system in my car when I'm already carrying a powerful, reasonably secure pocket computer around with me all the time.
In-dash GPS navigation screens are better positioned and safer, IMHO than looking at a phone screen (unless the consumer has purchased some kind of mount to keep the phone closer to the windshield).
That's what I use. It wouldn't be too hard to imagine car manufacturers adding a standardized device-mount positioned under the rear-view mirror. I think of mine as the "droid socket" for my car, a la R2-D2 in Star Wars.
posted by Strange Interlude at 8:11 AM on November 23, 2016 [1 favorite]
and pee in and drink all day!
Remind me never to ask for a glass of water at Greg Nog's house.
posted by briank at 8:36 AM on November 23, 2016 [23 favorites]
Remind me never to ask for a glass of water at Greg Nog's house.
posted by briank at 8:36 AM on November 23, 2016 [23 favorites]
I recently gave a talk at Intel about Privacy and Security for the Internet of Things, and have a lot of similar as well as new points to Bruce Schneier. Slides are here if people want to see, as well as a white paper I wrote up for the think tank New America.
Some of my main points:
A lot of people have focused on the recent DDoS attacks from the Mirai botnet. To some extent, this will be a recurring problem, but it's one that we mostly know how to deal with.
In the long-term, we'll probably see a lot more ransomware. Criminals might lock you out of your house and demand payment. Or they might threaten to make videos of you at home public (think of your most intimate or most embarrassing moments).
We'll also likely see a lot of attacks for the "lulz", that is anonymous or 4chan script kiddies. For example, turning off people's thermostat during winter and leading to burst pipes.
The scariest scenario is non-state actors. Imagine a terrorist group holding people virtually hostage, either by taking over autonomous vehicles that they are in, or by putting in fake data into people's smartphone-connected insulin pumps.
There are also a lot of structural reasons why IoT privacy and security will be incredibly hard. Most developers have little knowledge of cybersecurity. About half of developers today don't have a CS degree. Furthermore, only 3 of the top 50 CS programs in the US require any kind of cybersecurity course.
There's also the market forces, as Bruce Schneier mentions. In my slides and in the white paper, I break down IoT into a pyramid, with top-tier, middle-tier, and bottom-tier devices. At the top-tier, we have just a few devices per person, like laptops, smartphones, smart glasses, etc. These are the ones manufactured by the big companies that understand software and cybersecurity. But the middle and bottom tier will have dozens or hundreds of devices per person. And, they will be made primarily by hardware manufacturers who don't really understand software, or by small Kickstarter campaigns who are focused on getting things out there, with privacy and security barely an afterthought.
Scalability also makes everything hard. Managing passwords, or locking down a device to prevent theft, or installing software updates for one device is easy. Doing it for dozens or hundreds is a nightmare.
Diversity also makes things painful. A lot of devices will be running different operating systems, wireless networking, configuration software, log formats, etc, and all have different user interfaces.
Some devices will be around for decades, but we've never had to maintain cybersecurity for old devices for that long. People don't update their HVAC as quickly as they do their smartphones.
Lots of emergent behaviors makes IoT hard to predict. A friend told me that a person once annoyed a bunch of people wearing Google Glass by shouting out "Ok Glass, take a picture," causing everyone’s wearable to take a picture. Not a huge security problem, but goes to show how it's easy to subvert things in unexpected ways. The example I use in the talk and in the white paper is an attacker exploiting a smart toaster to overload, which activates a smart smoke alarm, which opens up your windows, which allows a thief to enter.
I also point out some possible long-term solutions, both technical and policy-wise. Better education, better tools and resources for developers (most developers know nothing about privacy and cybersecurity, so have to improve this), better programming abstractions, IoT hubs to block unusual behavior, and so on.
Let me know what you all think, this is a really active area of computer science research for me and my colleagues, and we're committed to making sure privacy and security is baked in as much as possible.
posted by jasonhong at 8:36 AM on November 23, 2016 [46 favorites]
Some of my main points:
A lot of people have focused on the recent DDoS attacks from the Mirai botnet. To some extent, this will be a recurring problem, but it's one that we mostly know how to deal with.
In the long-term, we'll probably see a lot more ransomware. Criminals might lock you out of your house and demand payment. Or they might threaten to make videos of you at home public (think of your most intimate or most embarrassing moments).
We'll also likely see a lot of attacks for the "lulz", that is anonymous or 4chan script kiddies. For example, turning off people's thermostat during winter and leading to burst pipes.
The scariest scenario is non-state actors. Imagine a terrorist group holding people virtually hostage, either by taking over autonomous vehicles that they are in, or by putting in fake data into people's smartphone-connected insulin pumps.
There are also a lot of structural reasons why IoT privacy and security will be incredibly hard. Most developers have little knowledge of cybersecurity. About half of developers today don't have a CS degree. Furthermore, only 3 of the top 50 CS programs in the US require any kind of cybersecurity course.
There's also the market forces, as Bruce Schneier mentions. In my slides and in the white paper, I break down IoT into a pyramid, with top-tier, middle-tier, and bottom-tier devices. At the top-tier, we have just a few devices per person, like laptops, smartphones, smart glasses, etc. These are the ones manufactured by the big companies that understand software and cybersecurity. But the middle and bottom tier will have dozens or hundreds of devices per person. And, they will be made primarily by hardware manufacturers who don't really understand software, or by small Kickstarter campaigns who are focused on getting things out there, with privacy and security barely an afterthought.
Scalability also makes everything hard. Managing passwords, or locking down a device to prevent theft, or installing software updates for one device is easy. Doing it for dozens or hundreds is a nightmare.
Diversity also makes things painful. A lot of devices will be running different operating systems, wireless networking, configuration software, log formats, etc, and all have different user interfaces.
Some devices will be around for decades, but we've never had to maintain cybersecurity for old devices for that long. People don't update their HVAC as quickly as they do their smartphones.
Lots of emergent behaviors makes IoT hard to predict. A friend told me that a person once annoyed a bunch of people wearing Google Glass by shouting out "Ok Glass, take a picture," causing everyone’s wearable to take a picture. Not a huge security problem, but goes to show how it's easy to subvert things in unexpected ways. The example I use in the talk and in the white paper is an attacker exploiting a smart toaster to overload, which activates a smart smoke alarm, which opens up your windows, which allows a thief to enter.
I also point out some possible long-term solutions, both technical and policy-wise. Better education, better tools and resources for developers (most developers know nothing about privacy and cybersecurity, so have to improve this), better programming abstractions, IoT hubs to block unusual behavior, and so on.
Let me know what you all think, this is a really active area of computer science research for me and my colleagues, and we're committed to making sure privacy and security is baked in as much as possible.
posted by jasonhong at 8:36 AM on November 23, 2016 [46 favorites]
I think the best solution would be some kind of standardized plug-in that allows any phone to drive what should be a relatively "dumb" screen built-in to the car,
My new Hyundai came equipped with Android Auto, which does exactly that. It uses the phone's navigation apps on the car's touch screen, plays my phone's music and podcasts through the car stereo, reads me incoming text messages, and lets me send texts by speech.
posted by rocket88 at 8:39 AM on November 23, 2016 [3 favorites]
My new Hyundai came equipped with Android Auto, which does exactly that. It uses the phone's navigation apps on the car's touch screen, plays my phone's music and podcasts through the car stereo, reads me incoming text messages, and lets me send texts by speech.
posted by rocket88 at 8:39 AM on November 23, 2016 [3 favorites]
Why do I need in-dash computer navigation when I can just plug in my phone?
Because a phone is a shitty device for displaying a map. Maps are meant to be large and high-contrast, phones are meant to be small and power-efficient. By trying to unify phones and maps we have made both worse: we have ended up with small maps and ridiculously big, power-hungry phones.
posted by splitpeasoup at 8:45 AM on November 23, 2016 [7 favorites]
Because a phone is a shitty device for displaying a map. Maps are meant to be large and high-contrast, phones are meant to be small and power-efficient. By trying to unify phones and maps we have made both worse: we have ended up with small maps and ridiculously big, power-hungry phones.
posted by splitpeasoup at 8:45 AM on November 23, 2016 [7 favorites]
Android Auto is fine, but in the Subaru I used it in I actually preferred the car's native UI and Bluetooth for everything except navigation. Being forced to use a slow-charge USB socket instead of BT or WiDi and a quick charger kinda sucks. So does having your phone hijacked such that it is difficult to do anything unsupported in Auto while stopped/parked. As does it disconnecting if the USB lead comes loose.
It's a fine idea, but it needs work. SYNC is better for the moment.
posted by wierdo at 8:48 AM on November 23, 2016
It's a fine idea, but it needs work. SYNC is better for the moment.
posted by wierdo at 8:48 AM on November 23, 2016
(unless the consumer has purchased some kind of mount to keep the phone closer to the windshield)
You mean like the one I got at the dollar store? (Much better than its two predecessors that cost more than 10 times as much. Both of them broke, in the same way. This one is made differently, and even if it does break, it's only a dollar.)
posted by Kirth Gerson at 8:48 AM on November 23, 2016
You mean like the one I got at the dollar store? (Much better than its two predecessors that cost more than 10 times as much. Both of them broke, in the same way. This one is made differently, and even if it does break, it's only a dollar.)
posted by Kirth Gerson at 8:48 AM on November 23, 2016
Honestly, nobody knows exactly what will happen because the best uses won't become obvious until the means to create them are already in place. It was the same with the Internet, telephone, electricity, even steam. A ridiculous curiosity today becomes a crucial piece of infrastructure tomorrow.
This doesn't mean we don't need to take the security implications seriously, of course. But declaring an entire technology to be useless because of growing pains is throwing the baby out with the bathwater.
Sure, there will be some real benefits, and even more "benefits" like that old favorite, convenience, but there will also be other consequences around these devices as there almost always are, and being concerned about that is something we might have thought more about earlier.
If there is a way to profit off of a device and its connections, beyond the stated purpose of the device, someone will do it and take money from your pocket or sell your information. If there is a way to gain even a little extra control over another via these devices, someone will find it and use it. If there is any way to make the devices act in ways that are unintented by the owners and potentially hazardous to privacy, health, or capital of the owners and could bring gain or even just lols to another someone will abuse it, maybe not in all cases, but certainly some.
Will these devices increase prosperity for many or for the few as the internet has helped do? It's not good enough to just tell us what the upside is or the intended purpose when creating a device, tell us what the downside is, what can go wrong, who can benefit beyond the purchaser or user. These things are as important as any potential gain, and we've been largely ignoring them or minimizing that in the race to keep developing new items.
For every household gadget being made those same technologies are being used to develop better surveillance, control, and kill methods for the state. It isn't that many of these devices and technologies don't have some benefits or advantage of some sort for their users, it's just that the tradeoffs aren't always in the favor of a free society. We can't expect governments or individual actors to respect any claim of rights and benefits if there is any potential for them to gain further control over the populace. It appears we may be entering an era of increased authoritarianism and it's important to know whether all this new technology will be helping us more than they help those who want to rule.
posted by gusottertrout at 8:50 AM on November 23, 2016 [9 favorites]
This doesn't mean we don't need to take the security implications seriously, of course. But declaring an entire technology to be useless because of growing pains is throwing the baby out with the bathwater.
Sure, there will be some real benefits, and even more "benefits" like that old favorite, convenience, but there will also be other consequences around these devices as there almost always are, and being concerned about that is something we might have thought more about earlier.
If there is a way to profit off of a device and its connections, beyond the stated purpose of the device, someone will do it and take money from your pocket or sell your information. If there is a way to gain even a little extra control over another via these devices, someone will find it and use it. If there is any way to make the devices act in ways that are unintented by the owners and potentially hazardous to privacy, health, or capital of the owners and could bring gain or even just lols to another someone will abuse it, maybe not in all cases, but certainly some.
Will these devices increase prosperity for many or for the few as the internet has helped do? It's not good enough to just tell us what the upside is or the intended purpose when creating a device, tell us what the downside is, what can go wrong, who can benefit beyond the purchaser or user. These things are as important as any potential gain, and we've been largely ignoring them or minimizing that in the race to keep developing new items.
For every household gadget being made those same technologies are being used to develop better surveillance, control, and kill methods for the state. It isn't that many of these devices and technologies don't have some benefits or advantage of some sort for their users, it's just that the tradeoffs aren't always in the favor of a free society. We can't expect governments or individual actors to respect any claim of rights and benefits if there is any potential for them to gain further control over the populace. It appears we may be entering an era of increased authoritarianism and it's important to know whether all this new technology will be helping us more than they help those who want to rule.
posted by gusottertrout at 8:50 AM on November 23, 2016 [9 favorites]
I wonder if, with enough devices being connected and operating smoothly and securely, we might be able to stop carrying a phone around all the time.
Maybe so, but the challenge of securing everyone's single-user personal device seems much less daunting than the challenge of securing a massively networked multi-user environment where I could theoretically walk up to a fire hydrant and ask it to order me a pizza.
We might get devices that are further miniaturized into wearables, but there still needs to be something to tie in to personal security, and binding that functionality up into a discrete object that you carry around still seems like the most practical solution.
posted by Strange Interlude at 8:50 AM on November 23, 2016 [2 favorites]
Maybe so, but the challenge of securing everyone's single-user personal device seems much less daunting than the challenge of securing a massively networked multi-user environment where I could theoretically walk up to a fire hydrant and ask it to order me a pizza.
We might get devices that are further miniaturized into wearables, but there still needs to be something to tie in to personal security, and binding that functionality up into a discrete object that you carry around still seems like the most practical solution.
posted by Strange Interlude at 8:50 AM on November 23, 2016 [2 favorites]
6 words: MR ROBOT SEASON TWO EPISODE ONE.
Bam. Argument over.
posted by signal at 8:53 AM on November 23, 2016 [2 favorites]
Bam. Argument over.
posted by signal at 8:53 AM on November 23, 2016 [2 favorites]
Related:
On December 1, a new rule will likely go into effect at the Justice Department that may expand law enforcement agencies’ authority to remotely hack into computers and take what data they find there during an investigation. Lawmakers have been pressing the DOJ for more information on the rule, specifically why the agency wants this authority, and what it plans to do with it, but they now say the folks in Justice are only providing non-answers.posted by Kirth Gerson at 8:53 AM on November 23, 2016 [5 favorites]
IoT isn't a bad idea.
It wouldn't have been stupid if it in any way took into account the game that people were embedded in. If people had been content to figure out real use cases and real security practices, we'd be in IoT utopia. But the game hasn't rewarded that. There was a gold rush to implement stupid shit that I don't want but will still manage to amplify the botnet power of bad guys everywhere. So, whether or not IoT in the abstract could have been great, as it stands right now it's a net negative.
(Sorry for the rant; I just get a bit fed up with the inverse of so-called "Engineer's Disease", where people unthinkingly believe that engineers are short-sighted and push technology without thought about society. I call this knee-jerk hatred for anything involving engineering "Metafilter Disease".)
As someone who studied engineering and then switched to software development, it pains me to say this. But ignoring the social context (here, the incentives surrounding the sloppy haste in developing IoT devices) around technology is textbook Engineer's Disease.
posted by a snickering nuthatch at 8:56 AM on November 23, 2016 [14 favorites]
It wouldn't have been stupid if it in any way took into account the game that people were embedded in. If people had been content to figure out real use cases and real security practices, we'd be in IoT utopia. But the game hasn't rewarded that. There was a gold rush to implement stupid shit that I don't want but will still manage to amplify the botnet power of bad guys everywhere. So, whether or not IoT in the abstract could have been great, as it stands right now it's a net negative.
(Sorry for the rant; I just get a bit fed up with the inverse of so-called "Engineer's Disease", where people unthinkingly believe that engineers are short-sighted and push technology without thought about society. I call this knee-jerk hatred for anything involving engineering "Metafilter Disease".)
As someone who studied engineering and then switched to software development, it pains me to say this. But ignoring the social context (here, the incentives surrounding the sloppy haste in developing IoT devices) around technology is textbook Engineer's Disease.
posted by a snickering nuthatch at 8:56 AM on November 23, 2016 [14 favorites]
Why inexorably leads to paradox.
-- Frank Herbert, The Heretics of Dune, 1984
didn't Dune have a fairly extreme solution to problems of over-reliance on computers? Maybe the Butlerian Jihad was just a response to shitty IoT devices
posted by crocomancer at 8:56 AM on November 23, 2016 [11 favorites]
-- Frank Herbert, The Heretics of Dune, 1984
didn't Dune have a fairly extreme solution to problems of over-reliance on computers? Maybe the Butlerian Jihad was just a response to shitty IoT devices
posted by crocomancer at 8:56 AM on November 23, 2016 [11 favorites]
It can provide health benefits: kitchen appliances might notice when an elderly relative hasn't used them recently but is still home, letting you know that they might not be capable of getting up off the floor.
Just breaking this down, so the fridge knows:
Whether or not it's been opened and when.
What a house is.
What a front door is.
Whether or not the front door's been opened recently.
Whether or not there have been other signs of human presence in the home-space and when those signs ceased.
All to come up with the equation: If occupant is present within home, but fridge has not been opened in X hours, call 911 for a wellness check.
It seems to me a terrible idea to turn make my fridge practically omniscient merely in order to make it capable of serving a rare need which is it not designed to serve. Because once the information is collected it can be used for other things.
The thing about technology is that it gives you new capacities. What gets done by a new tool is never merely the thing it was designed to do. It's all the things it's capable of doing. The monkey may have intended that stick help dig out termites from their mound. It is also now a monkey with a melee weapon suitable for eye-gouging.
posted by Diablevert at 8:57 AM on November 23, 2016 [11 favorites]
Just breaking this down, so the fridge knows:
Whether or not it's been opened and when.
What a house is.
What a front door is.
Whether or not the front door's been opened recently.
Whether or not there have been other signs of human presence in the home-space and when those signs ceased.
All to come up with the equation: If occupant is present within home, but fridge has not been opened in X hours, call 911 for a wellness check.
It seems to me a terrible idea to turn make my fridge practically omniscient merely in order to make it capable of serving a rare need which is it not designed to serve. Because once the information is collected it can be used for other things.
The thing about technology is that it gives you new capacities. What gets done by a new tool is never merely the thing it was designed to do. It's all the things it's capable of doing. The monkey may have intended that stick help dig out termites from their mound. It is also now a monkey with a melee weapon suitable for eye-gouging.
posted by Diablevert at 8:57 AM on November 23, 2016 [11 favorites]
I don't really want all my devices to be that secure, to be quite honest. When the IoT has the equivalent security of a luggage lock; then I can still ensure that *I* can make the device do my bidding, or have my bidding done to via third-party tools. When my devices are "secure", they do not effectively belong to me, and they only do what I want by consent of the manufacturer.
So, yeah, I want terrible IoT security and better perimeter firewalls to "patch" the "problem".
posted by Xyanthilous P. Harrierstick at 8:59 AM on November 23, 2016 [1 favorite]
So, yeah, I want terrible IoT security and better perimeter firewalls to "patch" the "problem".
posted by Xyanthilous P. Harrierstick at 8:59 AM on November 23, 2016 [1 favorite]
(Sorry for the rant; I just get a bit fed up with the inverse of so-called "Engineer's Disease", where people unthinkingly believe that engineers are short-sighted and push technology without thought about society. I call this knee-jerk hatred for anything involving engineering "Metafilter Disease".)
Whether "Metafilter Disease" exists or not has literally nothing to do with whether Engineer's Disease and its related issues are real things. Which they are.
posted by Celsius1414 at 9:01 AM on November 23, 2016 [2 favorites]
Whether "Metafilter Disease" exists or not has literally nothing to do with whether Engineer's Disease and its related issues are real things. Which they are.
posted by Celsius1414 at 9:01 AM on November 23, 2016 [2 favorites]
I agree with the potential of this technology, as fader eloquently stated, above. I even have some HomeKit-connected lights in my home.
But I must point out the hilarious overreaches and not-ready-for-prime-time devices out there right now. Many are collected at Internet of Shit - here are some recent faves: 1 2 3 4
posted by borborygmi at 9:05 AM on November 23, 2016 [2 favorites]
But I must point out the hilarious overreaches and not-ready-for-prime-time devices out there right now. Many are collected at Internet of Shit - here are some recent faves: 1 2 3 4
posted by borborygmi at 9:05 AM on November 23, 2016 [2 favorites]
And with the price of computers tending towards zero, you may have no choice in buying insecure IoT-enabled devices, or even no knowledge of doing so. A few years ago in Russia, electric kettles on the market were found to have tiny embedded computers which connected to WiFi access points. It was apparently worth someone's while to infiltrate a kettle factory, add these computers to the design, and send them into the market in the hope that some of them would find stuff to steal/targets to pwn and others could be monetised as spam relays. And this was in 2013; computers are even smaller and cheaper (and easier to conceal) now.
Basically, if it can consume electric power and connect to networks, it's probably a threat, even if it nominally doesn't contain a computer. (A port-scanning Linux box that fits inside, say, a power connector is certainly technically feasible.)
Perhaps the solution is to, upon buying a dumb electrical device like a kettle, bathe it in enough electromagnetic energy to fry anything more sensitive than a 240V induction coil.
posted by acb at 9:15 AM on November 23, 2016 [9 favorites]
Basically, if it can consume electric power and connect to networks, it's probably a threat, even if it nominally doesn't contain a computer. (A port-scanning Linux box that fits inside, say, a power connector is certainly technically feasible.)
Perhaps the solution is to, upon buying a dumb electrical device like a kettle, bathe it in enough electromagnetic energy to fry anything more sensitive than a 240V induction coil.
posted by acb at 9:15 AM on November 23, 2016 [9 favorites]
Roslin: It tells people things like where the restroom is, and-
Adama: It's an integrated computer network, and I will not have it aboard this ship.
Roslin: I heard you're one of those people. You're actually afraid of computers.
Adama: No, there are many computers on this ship. But they're not networked.
Roslin: A computerized network would simply make it faster and easier for the teachers to be able to teach-
Adama: Let me explain something to you. Many good men and women lost their lives aboard this ship because someone wanted a faster computer to make life easier. I'm sorry that I'm inconveniencing you or the teachers, but I will not allow a networked computerized system to be placed on this ship while I'm in command. Is that clear?
Anyway, I've been slowly building out some home-automation stuff, but most of it doesn't run on WiFi. The products that do run on WiFi are firewalled from *ever* talking to the outside world and will soon be firewalled off from any other network traffic in the house. Sure, that means I can't easily control my thermostat (which runs its own local API, not some cloud stuff) from outside the house, but I can VPN in if I need to adjust it.
posted by Nonsteroidal Anti-Inflammatory Drug at 9:15 AM on November 23, 2016 [6 favorites]
The two problems I have with most IoT devices, aside from the security risk, is how little benefit most of them seem to have over their dumb equivalents, and what happens when you have to pack up and move.
For the first one, people have mentioned stuff like map apps on phones, vs in-car navigation, which isn't what I'm getting at. It's more like... Let's say I bought a whole bunch of Hue lights for my apartment, my light switches will still work to turn them off and on, but all the important stuff comes from Wifi and my phone. If I have these smart lights all hooked up to crazy stuff to wake me up in the morning, but I, or my partner, flip the switch, because that is how we've controlled the lights since Time Immemorial, all the smart stuff is useless.
Plus, smart home stuff just seems fragile. A physical switch on the kettle is much more reliable than a Smart Kettle App on my phone.
As for two: I live in an apartment. If I put in all these smart gadgets, and I move house, I'm going to have to take my smart light bulbs out, uninstall my Smart Door Lock, etc. etc. Anything I can't take with me, I'll have to log out of my account, and eat the cost of when I get set up in my new place. Forgive me, but I see things like refrigerators, washing machines, and door locks as semi-permanent installations.
posted by SansPoint at 9:20 AM on November 23, 2016 [6 favorites]
For the first one, people have mentioned stuff like map apps on phones, vs in-car navigation, which isn't what I'm getting at. It's more like... Let's say I bought a whole bunch of Hue lights for my apartment, my light switches will still work to turn them off and on, but all the important stuff comes from Wifi and my phone. If I have these smart lights all hooked up to crazy stuff to wake me up in the morning, but I, or my partner, flip the switch, because that is how we've controlled the lights since Time Immemorial, all the smart stuff is useless.
Plus, smart home stuff just seems fragile. A physical switch on the kettle is much more reliable than a Smart Kettle App on my phone.
As for two: I live in an apartment. If I put in all these smart gadgets, and I move house, I'm going to have to take my smart light bulbs out, uninstall my Smart Door Lock, etc. etc. Anything I can't take with me, I'll have to log out of my account, and eat the cost of when I get set up in my new place. Forgive me, but I see things like refrigerators, washing machines, and door locks as semi-permanent installations.
posted by SansPoint at 9:20 AM on November 23, 2016 [6 favorites]
In the long-term, we'll probably see a lot more ransomware. Criminals might lock you out of your house and demand payment.
I am less concerned about criminals doing this than the companies that sold me the product in the first place. You want your IoT integrated fridge to continue working? Then we need money to keep our website backend for it up and running. And money for updating the firmware. And money for our shareholders. Or we just decide to kill your product line off so you have to upgrade.
The other best argument against stuff like IoT lighting systems is that if you have guests in your house you have to set them up with apps and accounts so they can control the lights. Which would quickly become a really stupid hassle where you could have 'friends' remotely fucking with your lights because you forget to remove their access.
posted by srboisvert at 9:20 AM on November 23, 2016 [10 favorites]
I am less concerned about criminals doing this than the companies that sold me the product in the first place. You want your IoT integrated fridge to continue working? Then we need money to keep our website backend for it up and running. And money for updating the firmware. And money for our shareholders. Or we just decide to kill your product line off so you have to upgrade.
The other best argument against stuff like IoT lighting systems is that if you have guests in your house you have to set them up with apps and accounts so they can control the lights. Which would quickly become a really stupid hassle where you could have 'friends' remotely fucking with your lights because you forget to remove their access.
posted by srboisvert at 9:20 AM on November 23, 2016 [10 favorites]
I'm hoping these will be the least of my worries in the next 4 years.
posted by MtDewd at 9:27 AM on November 23, 2016 [2 favorites]
posted by MtDewd at 9:27 AM on November 23, 2016 [2 favorites]
I'm hoping my friends "pranking" me by remote controlling my smartlights (until I unplug them) is the most of my worries for the next 4 years (2 months, and 27 days). (Unfortunately, that's already false.)
posted by fragmede at 9:37 AM on November 23, 2016 [1 favorite]
posted by fragmede at 9:37 AM on November 23, 2016 [1 favorite]
srboisvert That's another aspect of IoT Fragility I forgot about. If the company that makes my DumbFridge or my DumbCoffeeMaker goes out of business, my fridge keeps working and my coffee maker keeps me caffeinated. So many IoT devices have an Internet backend, and should that go away---either permanently because the company's out of business---or temporarily, because my ISP shat the bed, suddenly, I have to buy a Styrofoam cooler and ice like an animal.
posted by SansPoint at 9:39 AM on November 23, 2016 [7 favorites]
posted by SansPoint at 9:39 AM on November 23, 2016 [7 favorites]
I am less concerned about criminals doing this than the companies that sold me the product in the first place. You want your IoT integrated fridge to continue working? Then we need money to keep our website backend for it up and running. And money for updating the firmware. And money for our shareholders. Or we just decide to kill your product line off so you have to upgrade.
And if you look at the EULA you clicked Agree on (page 67/123), you'll note that the company reserves the right to do as it pleases with your behavioural analytics data (i.e., the logs of the fridge's contents, usage patterns, and so on). Of course, the company's first duty is to maximise shareholder value, so it's not going to leave money on the table by fighting for the privacy of your fridge contents. (If customers start getting anxious about privacy, there'll be a comforting statement about how “Frydj LLC cares about your privacy” and how your data is completely anonymised, whilst making sure that it's sufficiently easily deanonymisable to be of market value.) So the fridge maker (or whoever bought them once the seed capital ran out) gets three streams of income: sales revenue, API usage fees, and user-data sales; and at some point you might find that your bacon consumption results in your web ads looking slightly more bro-ish and your health insurance premiums being slightly higher.
posted by acb at 9:43 AM on November 23, 2016 [14 favorites]
And if you look at the EULA you clicked Agree on (page 67/123), you'll note that the company reserves the right to do as it pleases with your behavioural analytics data (i.e., the logs of the fridge's contents, usage patterns, and so on). Of course, the company's first duty is to maximise shareholder value, so it's not going to leave money on the table by fighting for the privacy of your fridge contents. (If customers start getting anxious about privacy, there'll be a comforting statement about how “Frydj LLC cares about your privacy” and how your data is completely anonymised, whilst making sure that it's sufficiently easily deanonymisable to be of market value.) So the fridge maker (or whoever bought them once the seed capital ran out) gets three streams of income: sales revenue, API usage fees, and user-data sales; and at some point you might find that your bacon consumption results in your web ads looking slightly more bro-ish and your health insurance premiums being slightly higher.
posted by acb at 9:43 AM on November 23, 2016 [14 favorites]
a smart toaster to overload, which activates a smart smoke alarm, which opens up your windows
Programmers: please don't program a system to open the windows while a fire is burning.
posted by achrise at 9:51 AM on November 23, 2016 [12 favorites]
Programmers: please don't program a system to open the windows while a fire is burning.
posted by achrise at 9:51 AM on November 23, 2016 [12 favorites]
Mulling this over, would a regulatory requirement of "disable-ability" help with some of these issues? Like yeah, you can sell a SmartWhatever, but you must construct it so the item still functions with all Smarts disabled. So if my fridge maker goes out of business or updates its EULA or a fridge-virus comes around that's a real PiTA, I can disable the "text me about my milk status" feature yet be ensured I have a working fridge.
Obviously, Opt-in security is by its nature much worse security that Opt-out security. But if we make the Smarts brickable while keeping the dumbs, then that solves a lot of the ransom ware issues, no? Bit like having an actual metal backup key embedded in the car key dongle.
posted by Diablevert at 9:56 AM on November 23, 2016 [1 favorite]
Obviously, Opt-in security is by its nature much worse security that Opt-out security. But if we make the Smarts brickable while keeping the dumbs, then that solves a lot of the ransom ware issues, no? Bit like having an actual metal backup key embedded in the car key dongle.
posted by Diablevert at 9:56 AM on November 23, 2016 [1 favorite]
Diablevert: Yeah, that would help, somewhat. But that means redundancy: a physical, non-smart control for the basic functions that has to link to the smarts, but can function without them. That's going to add overhead costs, and cut into profits, and the shareholders will grumble that the 60% margin on your new Smart Toaster that can work offline is worse than the 65% margin for the one that can be bricked.
posted by SansPoint at 10:03 AM on November 23, 2016
posted by SansPoint at 10:03 AM on November 23, 2016
Are there really smart fridges that can turn themselves on and off? Because that's a feature almost nobody needs and doesn't make sense as a designed-in functionality. Smart fridges tell you what is and isn't inside them, and there's not much a hacker can do with that other than make it report false information.
This idea of people remotely turning your fridge off doesn't make sense.
posted by rocket88 at 10:07 AM on November 23, 2016 [1 favorite]
This idea of people remotely turning your fridge off doesn't make sense.
posted by rocket88 at 10:07 AM on November 23, 2016 [1 favorite]
rocket88: Smart fridges tell you what is and isn't inside them, and there's not much a hacker can do with that other than make it report false information.
Except that they can't do that, until every grocery product has an RFID or some other chip in them. So, the idea has moved from a Smart Fridge being able to tell you when you need milk to being a sort of kitchen hub thing with a screen to show you the weather and email, but also to control the temperature, and customize the water and ice dispenser, and whatever.
This idea of people remotely turning your fridge off doesn't make sense.
Right, but because those screens are so tied in with the electronics of the fridge, if someone can get it to execute arbitrary code that accesses the controls, you can wake up to find your milk's gone off and your butter's melted because the fridge is at the lowest possible setting.
posted by SansPoint at 10:13 AM on November 23, 2016
Except that they can't do that, until every grocery product has an RFID or some other chip in them. So, the idea has moved from a Smart Fridge being able to tell you when you need milk to being a sort of kitchen hub thing with a screen to show you the weather and email, but also to control the temperature, and customize the water and ice dispenser, and whatever.
This idea of people remotely turning your fridge off doesn't make sense.
Right, but because those screens are so tied in with the electronics of the fridge, if someone can get it to execute arbitrary code that accesses the controls, you can wake up to find your milk's gone off and your butter's melted because the fridge is at the lowest possible setting.
posted by SansPoint at 10:13 AM on November 23, 2016
That's going to add overhead costs, and cut into profits, and the shareholders will grumble
Yeah, that's why I think it would have to be a broad, strong regulation. It's obviously not in their self interest, but neither was keeping sawdust out of the sausage back in the Chicago stockyards. We're back in The Jungle, we just haven't groked it yet.
It seems to me that given the vast complex ecosystem of operating systems out there being used for this stuff, trying to get manufacturers to coalesce on one, then getting them to agree to some sort of security protocol for it and enforcing that, is a mug's game. Simple rules are better: "If I can't brick it and use it, you can't sell it in this country." Leave it to the manufacturers to figure out how to design it.
posted by Diablevert at 10:24 AM on November 23, 2016
Yeah, that's why I think it would have to be a broad, strong regulation. It's obviously not in their self interest, but neither was keeping sawdust out of the sausage back in the Chicago stockyards. We're back in The Jungle, we just haven't groked it yet.
It seems to me that given the vast complex ecosystem of operating systems out there being used for this stuff, trying to get manufacturers to coalesce on one, then getting them to agree to some sort of security protocol for it and enforcing that, is a mug's game. Simple rules are better: "If I can't brick it and use it, you can't sell it in this country." Leave it to the manufacturers to figure out how to design it.
posted by Diablevert at 10:24 AM on November 23, 2016
Except that they can't do that, until every grocery product has an RFID or some other chip in them.
This might not be true. Computer vision is getting pretty good; a few years ago I remember seeing some apps in action that could take a photo of a product or packaging and recognize it. No bar code required.
Not sure what the bar is for the number and quality of cameras to do this well inside of a fridge.
posted by wildblueyonder at 10:25 AM on November 23, 2016
This might not be true. Computer vision is getting pretty good; a few years ago I remember seeing some apps in action that could take a photo of a product or packaging and recognize it. No bar code required.
Not sure what the bar is for the number and quality of cameras to do this well inside of a fridge.
posted by wildblueyonder at 10:25 AM on November 23, 2016
wildblueyonder Not sure what the bar is for the number and quality of cameras to do this well inside of a fridge.
Or, for that matter, the amount of free space in the fridge to get a clear view of everything. My parents keep their fridge packed to the gills.
posted by SansPoint at 10:35 AM on November 23, 2016
Or, for that matter, the amount of free space in the fridge to get a clear view of everything. My parents keep their fridge packed to the gills.
posted by SansPoint at 10:35 AM on November 23, 2016
There are smart fridges that allow you to control the temperature remotely via an app, so getting foodhacked could be in the realm of possibility. There are also fridges that can order groceries for you with your credit card, which seems like a really, really bad idea.
posted by rodlymight at 10:44 AM on November 23, 2016 [1 favorite]
posted by rodlymight at 10:44 AM on November 23, 2016 [1 favorite]
Very intelligent people are doing this
Yes but less-intelligent-than-they-think people are also doing it
source - am a software engineer
posted by atoxyl at 11:02 AM on November 23, 2016 [9 favorites]
Yes but less-intelligent-than-they-think people are also doing it
source - am a software engineer
posted by atoxyl at 11:02 AM on November 23, 2016 [9 favorites]
This is why we can't have a nice Internet of Things.
posted by SPrintF at 11:29 AM on November 23, 2016 [2 favorites]
posted by SPrintF at 11:29 AM on November 23, 2016 [2 favorites]
Very intelligent people are doing this
"Everyone knows that debugging is twice as hard as writing a program in the first place. So if you're as clever as you can be when you write it, how will you ever debug it?" -Brian Kernighan.
posted by srboisvert at 11:33 AM on November 23, 2016 [5 favorites]
"Everyone knows that debugging is twice as hard as writing a program in the first place. So if you're as clever as you can be when you write it, how will you ever debug it?" -Brian Kernighan.
posted by srboisvert at 11:33 AM on November 23, 2016 [5 favorites]
The two problems I have with most IoT devices, aside from the security risk, is how little benefit most of them seem to have over their dumb equivalents, and what happens when you have to pack up and move.
You don't even need to have Internet of Things for moving problems to kick in. Regular internet of non-existent things is bad enough at it. Move to different countries and see how well major net companies like Amazon, Google or Paypal handle it. For the most part their solution is : Create a completely new online identity in each country.
posted by srboisvert at 11:39 AM on November 23, 2016 [5 favorites]
You don't even need to have Internet of Things for moving problems to kick in. Regular internet of non-existent things is bad enough at it. Move to different countries and see how well major net companies like Amazon, Google or Paypal handle it. For the most part their solution is : Create a completely new online identity in each country.
posted by srboisvert at 11:39 AM on November 23, 2016 [5 favorites]
Why would you ever need to change your fridge temperature remotely?!? I haven't changed mine more than once in the eight years I've owned my fridge. Being able to change it remotely is just asking for trouble.
posted by dellsolace at 11:40 AM on November 23, 2016 [4 favorites]
posted by dellsolace at 11:40 AM on November 23, 2016 [4 favorites]
Why would you ever need to change your fridge temperature remotely?!?
Because you're an absentee landlord and just got word that your tenants aren't renewing their lease and it's going to be a month or two before the home is occupied again and you want to save utility costs?
Obviously, that hypo has a variety of problems with it, but as established very early in this thread "why's" happen. Often, they are stupid. Often, you or I or any particular individual might get annoyed at not being able to purchase a "normal" version of a product. But, there's probably out there that thinks that X is a good idea for some reason. So we will always get products with X (and then Y, and then Z).
So the solution can't be to stop making IoT devices (because that will never happen). A solution could exist that involves a combination of regulations and market pressure that make major manufacturers of IoT devices pay attention to security issues.
But I am skeptical that market pressure will work for consumer grade products, since most consumers simply don't care about security that much.* I am also skeptical that a regulatory solution in the U.S. will see the light of day in the next few years. The EU could maybe do something, but they are also facing their own anti-regulatory backlash, and in the light of EU security/privacy based hamfistedness (right to be forgotten, etc.) it might be better if they stayed silent on this one. Either way, between the U.S. and China, skipping the EU for certain flavors of consumer devices is probably not a terrible business decision.
*has there been a single recall of a Mirai-vulnerable IoT device yet? Would you go dig up your receipt for your Samsung Web Cam to try to make an out of warranty return? Would your grandfather?
posted by sparklemotion at 12:27 PM on November 23, 2016
Because you're an absentee landlord and just got word that your tenants aren't renewing their lease and it's going to be a month or two before the home is occupied again and you want to save utility costs?
Obviously, that hypo has a variety of problems with it, but as established very early in this thread "why's" happen. Often, they are stupid. Often, you or I or any particular individual might get annoyed at not being able to purchase a "normal" version of a product. But, there's probably out there that thinks that X is a good idea for some reason. So we will always get products with X (and then Y, and then Z).
So the solution can't be to stop making IoT devices (because that will never happen). A solution could exist that involves a combination of regulations and market pressure that make major manufacturers of IoT devices pay attention to security issues.
But I am skeptical that market pressure will work for consumer grade products, since most consumers simply don't care about security that much.* I am also skeptical that a regulatory solution in the U.S. will see the light of day in the next few years. The EU could maybe do something, but they are also facing their own anti-regulatory backlash, and in the light of EU security/privacy based hamfistedness (right to be forgotten, etc.) it might be better if they stayed silent on this one. Either way, between the U.S. and China, skipping the EU for certain flavors of consumer devices is probably not a terrible business decision.
*has there been a single recall of a Mirai-vulnerable IoT device yet? Would you go dig up your receipt for your Samsung Web Cam to try to make an out of warranty return? Would your grandfather?
posted by sparklemotion at 12:27 PM on November 23, 2016
There are reasonable categories of smart devices to reduce your power usage, etc. that function by communicating only with devices you own. An internet of shit device depends upon the manufacturer's servers.
You imagine an IoS fridge would save you money by optimizing its usage around power costs, especially if you've solar panels installed? You do not imagine the power company would buy the fridge company and subtly make you spend more?
We should outlaw closed source software, including microcode, so that, even if you they only sell smart fridges, you can still turn it into a much safer, if maybe dumber fridge.
posted by jeffburdges at 1:44 PM on November 23, 2016 [2 favorites]
You imagine an IoS fridge would save you money by optimizing its usage around power costs, especially if you've solar panels installed? You do not imagine the power company would buy the fridge company and subtly make you spend more?
We should outlaw closed source software, including microcode, so that, even if you they only sell smart fridges, you can still turn it into a much safer, if maybe dumber fridge.
posted by jeffburdges at 1:44 PM on November 23, 2016 [2 favorites]
We should outlaw closed source software, including microcode, so that, even if you they only sell smart fridges, you can still turn it into a much safer, if maybe dumber fridge.
'I think otherwise,' the door said. 'Look in the purchase contract you signed when you bought this conapt.'
posted by Celsius1414 at 2:00 PM on November 23, 2016 [2 favorites]
'I think otherwise,' the door said. 'Look in the purchase contract you signed when you bought this conapt.'
posted by Celsius1414 at 2:00 PM on November 23, 2016 [2 favorites]
I am not afraid of technology but this hard-on for wired refrigerators and kitchen appliances (backward-justified with "what if it saves Grandma by calilng the EMTs?" that is some bullshit right there) is both mystifying and enraging. Not every human activity needs to feed us into the web. Just let me keep my fucking food cold in peace.
You know what I want tech geniuses working on? Cleaning up our fucking planet and maybe finding ways to slow down and remediate global warming. A fridge that's my Metallic Pal That's Fun to Be With is not going to do shit for me.
posted by emjaybee at 2:28 PM on November 23, 2016 [10 favorites]
You know what I want tech geniuses working on? Cleaning up our fucking planet and maybe finding ways to slow down and remediate global warming. A fridge that's my Metallic Pal That's Fun to Be With is not going to do shit for me.
posted by emjaybee at 2:28 PM on November 23, 2016 [10 favorites]
"what if it saves Grandma by calilng the EMTs?"
Like this? Or this?
posted by me & my monkey at 2:41 PM on November 23, 2016 [1 favorite]
Like this? Or this?
posted by me & my monkey at 2:41 PM on November 23, 2016 [1 favorite]
We should outlaw closed source software, including microcode, so that, even if you they only sell smart fridges, you can still turn it into a much safer, if maybe dumber fridge.
In a hypothetical world where this regulation is in effect, how many consumers would actually go through the effort to make their fridge "safer"? And wouldn't most of those consumers be the types who have the skills and motivation to secure their IoT devices now?
You know what I want tech geniuses working on? Cleaning up our fucking planet and maybe finding ways to slow down and remediate global warming. A fridge that's my Metallic Pal That's Fun to Be With is not going to do shit for me.
There are a lot of tech geniuses, the fact that some choose to spend some of their time working on IoS stuff because that's what people actually pay for doesn't stop the ones who are working on environmental problems from doing their thing. In some cases, the two goals can align (see, e.g., smart thermostats that you can buy right now that can help manage the tradeoffs between human comfort and energy use, and smart washing machines that might, say, communicate with a grid controller to determine off peak times to run).
posted by sparklemotion at 2:54 PM on November 23, 2016 [1 favorite]
In a hypothetical world where this regulation is in effect, how many consumers would actually go through the effort to make their fridge "safer"? And wouldn't most of those consumers be the types who have the skills and motivation to secure their IoT devices now?
You know what I want tech geniuses working on? Cleaning up our fucking planet and maybe finding ways to slow down and remediate global warming. A fridge that's my Metallic Pal That's Fun to Be With is not going to do shit for me.
There are a lot of tech geniuses, the fact that some choose to spend some of their time working on IoS stuff because that's what people actually pay for doesn't stop the ones who are working on environmental problems from doing their thing. In some cases, the two goals can align (see, e.g., smart thermostats that you can buy right now that can help manage the tradeoffs between human comfort and energy use, and smart washing machines that might, say, communicate with a grid controller to determine off peak times to run).
posted by sparklemotion at 2:54 PM on November 23, 2016 [1 favorite]
has there been a single recall of a Mirai-vulnerable IoT device yet?
Only one, as far as I know (info also from Brian Krebs). But I don't know how successful the recall has actually been.
posted by cynical pinnacle at 3:07 PM on November 23, 2016 [2 favorites]
Only one, as far as I know (info also from Brian Krebs). But I don't know how successful the recall has actually been.
posted by cynical pinnacle at 3:07 PM on November 23, 2016 [2 favorites]
These IoT products are also mostly in the category where you don't replace them often enough for manufacturers to have a strong incentive for consistent quality, but they're not so expensive (like cars) that you do a ton of research. Then they further obscure which one you're buying with a wide range of product numbers and version, often per retailer, to make it harder to research and compare.
I have a Nest thermostat and I love it. It solves a problem for me. But I would like to buy a MUCH DUMBER toaster with a mechanical fucking timer instead of electronic timing chips, because the chips malfunction and break and I have the worst fucking luck with toasters and the way manufacturers constantly re-source parts and move manufacturing around there's just no way to tell which ones are good and which ones suck and that's BEFORE they try to connect my toaster to the internet so it can fail at making toast in more expensive and complicated ways that require more frequent and expensive replacements.
Some of these IoT products will be well-made but more of them will be cheap crappy knockoffs, or products made at the lowest cost with constantly shifting suppliers of variable quality, and you won't be able to get "dumb" appliances that just fucking work and don't have 4700 parts to break plus rapidly obsolete electronics AND are part of a global botnet that incidentally is sending you V1agr@ spam.
posted by Eyebrows McGee at 3:27 PM on November 23, 2016 [2 favorites]
I have a Nest thermostat and I love it. It solves a problem for me. But I would like to buy a MUCH DUMBER toaster with a mechanical fucking timer instead of electronic timing chips, because the chips malfunction and break and I have the worst fucking luck with toasters and the way manufacturers constantly re-source parts and move manufacturing around there's just no way to tell which ones are good and which ones suck and that's BEFORE they try to connect my toaster to the internet so it can fail at making toast in more expensive and complicated ways that require more frequent and expensive replacements.
Some of these IoT products will be well-made but more of them will be cheap crappy knockoffs, or products made at the lowest cost with constantly shifting suppliers of variable quality, and you won't be able to get "dumb" appliances that just fucking work and don't have 4700 parts to break plus rapidly obsolete electronics AND are part of a global botnet that incidentally is sending you V1agr@ spam.
posted by Eyebrows McGee at 3:27 PM on November 23, 2016 [2 favorites]
I want terrible IoT security and better perimeter firewalls to "patch" the "problem".
Those that forget computer security history are doomed to implement it poorly. Firewalls made corporate network security crunchy on the outside and chewy on the inside and it turns out that it's not that hard to get a beachhead on the inside. Terrible IoT security means that if a malicious device gets inside the network (and with IoT, it's likely that they will), it can wreck havoc.
And frankly, most people can only mostly manage to use a computer, let alone manage a firewall. Devices have to be designed to be safe for the general public, not computer experts.
Zigbee or other protocol that is not TCP routable is probably a better idea, because then neither device is available for remote misuse.
A lot of what people want to do with IoT does require an internet bridge (control the thermostat remotely, for example) and those have not historically been made all that secure. Zigbee also wasn't designed with great security in mind.
posted by Candleman at 4:20 PM on November 23, 2016
Those that forget computer security history are doomed to implement it poorly. Firewalls made corporate network security crunchy on the outside and chewy on the inside and it turns out that it's not that hard to get a beachhead on the inside. Terrible IoT security means that if a malicious device gets inside the network (and with IoT, it's likely that they will), it can wreck havoc.
And frankly, most people can only mostly manage to use a computer, let alone manage a firewall. Devices have to be designed to be safe for the general public, not computer experts.
Zigbee or other protocol that is not TCP routable is probably a better idea, because then neither device is available for remote misuse.
A lot of what people want to do with IoT does require an internet bridge (control the thermostat remotely, for example) and those have not historically been made all that secure. Zigbee also wasn't designed with great security in mind.
posted by Candleman at 4:20 PM on November 23, 2016
Metafilter: a monkey with a melee weapon suitable for eye-gouging
(Couldn't let that one pass, sorry!)
posted by comealongpole at 4:33 PM on November 23, 2016 [1 favorite]
(Couldn't let that one pass, sorry!)
posted by comealongpole at 4:33 PM on November 23, 2016 [1 favorite]
> Anyway, I've been slowly building out some home-automation stuff, but most of it doesn't run on WiFi. The products that do run on WiFi are firewalled from *ever* talking to the outside world and will soon be firewalled off from any other network traffic in the house. Sure, that means I can't easily control my thermostat (which runs its own local API, not some cloud stuff) from outside the house, but I can VPN in if I need to adjust it.
Consider housing each of these devices in appropriate toy robot bodies and placing them in various offensive and defensive poses in relation to each other.
posted by christopherious at 12:31 AM on November 24, 2016 [2 favorites]
Consider housing each of these devices in appropriate toy robot bodies and placing them in various offensive and defensive poses in relation to each other.
posted by christopherious at 12:31 AM on November 24, 2016 [2 favorites]
It can provide health benefits: kitchen appliances might notice when an elderly relative hasn't used them recently but is still home, letting you know that they might not be capable of getting up off the floor.
All of them. The fridge, the juicer, the microwave, the dishwasher, the washer-drier, the smart lights, the thermostat, and the crockpot will be a fucking DNS on our ass. All of them except for the coffeemaker which will half-ass it because it only listens to an east european cybercriminals' command-and-control twitter feed.
Sure, it's good to have a single electric teapot pinging you because the grandfolks haven't used it in 18 hours. (Or their phone.) But we don't need to take a dozen fully-functioning appliances that have worked perfectly for 50 years and connect them to the internet just because we can.
posted by sebastienbailard at 12:46 AM on November 24, 2016
All of them. The fridge, the juicer, the microwave, the dishwasher, the washer-drier, the smart lights, the thermostat, and the crockpot will be a fucking DNS on our ass. All of them except for the coffeemaker which will half-ass it because it only listens to an east european cybercriminals' command-and-control twitter feed.
Sure, it's good to have a single electric teapot pinging you because the grandfolks haven't used it in 18 hours. (Or their phone.) But we don't need to take a dozen fully-functioning appliances that have worked perfectly for 50 years and connect them to the internet just because we can.
posted by sebastienbailard at 12:46 AM on November 24, 2016
People who didn't have this problem
posted by sebastienbailard at 12:55 AM on November 24, 2016 [1 favorite]
posted by sebastienbailard at 12:55 AM on November 24, 2016 [1 favorite]
On the car side, the rapid obsolescence of in-dash systems is one of the big reasons I'm still avoiding cars made any later than the late 90s. I'd rather have nothing. And I've watched these systems evolve in rental cars, and frankly, they still really suck a lot. SYNC and its competitors barely work. Bluetooth is forever flaky.
The Android auto thing is a step in the right direction, but would be better would be for the navigation/entertainment/communications computer to be fully replaceable, based on an industry standard , and mounted somewhere accessible.
The in-dash display and controls should be just that, and should connect to the computer via mini-HDMI or mini-DP and USB, or some automotive variant. There should be ports and pigtail connectors behind those components, rather than having them hard wired, making the connections easily re-usable. Ideally, the in-dash screens should conform to industry standards for form factor and resolution too, like car stereo bay sizes, so they can be easily upgraded.
posted by snuffleupagus at 8:52 AM on November 24, 2016 [3 favorites]
The Android auto thing is a step in the right direction, but would be better would be for the navigation/entertainment/communications computer to be fully replaceable, based on an industry standard , and mounted somewhere accessible.
The in-dash display and controls should be just that, and should connect to the computer via mini-HDMI or mini-DP and USB, or some automotive variant. There should be ports and pigtail connectors behind those components, rather than having them hard wired, making the connections easily re-usable. Ideally, the in-dash screens should conform to industry standards for form factor and resolution too, like car stereo bay sizes, so they can be easily upgraded.
posted by snuffleupagus at 8:52 AM on November 24, 2016 [3 favorites]
There are a lot of tech geniuses, the fact that some choose to spend some of their time working on IoS stuff because that's what people actually pay for doesn't stop the ones who are working on environmental problems from doing their thing. In some cases, the two goals can align (see, e.g., smart thermostats that you can buy right now that can help manage the tradeoffs between human comfort and energy use, and smart washing machines that might, say, communicate with a grid controller to determine off peak times to run).
I understand that engineers gotta eat like everyone else but we are not going to save the planet with wired refrigerators and Nest thermometers. Things are going pear-shaped and it would help if the smart people (or at least the rich people that hired them) coming up with great new ideas were taking this shit seriously if only so that their private islands weren't drowned by rising seawater.
posted by emjaybee at 5:49 PM on November 24, 2016 [2 favorites]
I understand that engineers gotta eat like everyone else but we are not going to save the planet with wired refrigerators and Nest thermometers. Things are going pear-shaped and it would help if the smart people (or at least the rich people that hired them) coming up with great new ideas were taking this shit seriously if only so that their private islands weren't drowned by rising seawater.
posted by emjaybee at 5:49 PM on November 24, 2016 [2 favorites]
I've got really left-field way to fix this... we use FPGAs to gate information to/from sections of the chip in such a way that each lookup gate is locked into a specific function. Thus if you have a portion of the FPGA which is handling video from a camera, a wrapper around it makes sure that the LED is turned on (via hardware) and the I/O stream is only routed to specific other tasks.
Sure, programming non-Von Neumann code is something of a challenge, but you would physically be partitioning security concerns, and there would actually be no way around it.
This can also be done logically with capability based operating systems such as Genode, where the OS kernel is the only trusted code base, and everything else isn't trusted, ever.
posted by MikeWarot at 5:59 PM on November 24, 2016 [1 favorite]
Sure, programming non-Von Neumann code is something of a challenge, but you would physically be partitioning security concerns, and there would actually be no way around it.
This can also be done logically with capability based operating systems such as Genode, where the OS kernel is the only trusted code base, and everything else isn't trusted, ever.
posted by MikeWarot at 5:59 PM on November 24, 2016 [1 favorite]
Is that really non-VonNeumann? Or more surrounding the traditional architecture with extra stuff that's monitoring what the VonNeumann machine is doing, through channels that it can't access or interfere with?
posted by snuffleupagus at 9:47 PM on November 24, 2016
posted by snuffleupagus at 9:47 PM on November 24, 2016
There are also a lot of structural reasons why IoT privacy and security will be incredibly hard. Most developers have little knowledge of cybersecurity. About half of developers today don't have a CS degree. Furthermore, only 3 of the top 50 CS programs in the US require any kind of cybersecurity course.
Perhaps more to say in this thread, but regarding this point, what's harder to teach than the concepts of security is the paranoid mindset. Continually asking "how can this go wrong?" is an attitude that you need to develop and practice, not something you can cram into 10 lectures. And it's not the average, garden-variety looking out for one's self, either... it's the ability to imagine weirdness and impossibility. I'd submit that most people can develop that ability, but it requires being in the specific situation of being either an attacker or a defender for real, and not just discussing the concepts. Obvious solution: make cybersecurity a mandatory part of software engineering and CS courses, and as part of this force people to both attack and defend something, and have real-world benefits for winning and costs for losing. That's what it would take. Make the incentive like $50 a person for the winners, and the losers have to pay. Or something, but real-world consequences, because these people will go on to build things that matter in the real world, and they need to get used to it. That idea needs work of course, but without the incentives in place, the attitude won't be developed.
Interestingly, one other class of professionals who have this paranoid mindset are pilots. Aviation has made a comprehensive study of how many damn things can go wrong, how interacting systems can create problems, and how to minimize risk. So pilots now study risks and fuckups. (And the incentive is a good one: they get to stay alive.) There are an enormous number of lessons to draw from the aviation industry here, I might work up an FPP if anyone is interested.
posted by iffthen at 9:35 PM on November 25, 2016 [3 favorites]
Perhaps more to say in this thread, but regarding this point, what's harder to teach than the concepts of security is the paranoid mindset. Continually asking "how can this go wrong?" is an attitude that you need to develop and practice, not something you can cram into 10 lectures. And it's not the average, garden-variety looking out for one's self, either... it's the ability to imagine weirdness and impossibility. I'd submit that most people can develop that ability, but it requires being in the specific situation of being either an attacker or a defender for real, and not just discussing the concepts. Obvious solution: make cybersecurity a mandatory part of software engineering and CS courses, and as part of this force people to both attack and defend something, and have real-world benefits for winning and costs for losing. That's what it would take. Make the incentive like $50 a person for the winners, and the losers have to pay. Or something, but real-world consequences, because these people will go on to build things that matter in the real world, and they need to get used to it. That idea needs work of course, but without the incentives in place, the attitude won't be developed.
Interestingly, one other class of professionals who have this paranoid mindset are pilots. Aviation has made a comprehensive study of how many damn things can go wrong, how interacting systems can create problems, and how to minimize risk. So pilots now study risks and fuckups. (And the incentive is a good one: they get to stay alive.) There are an enormous number of lessons to draw from the aviation industry here, I might work up an FPP if anyone is interested.
posted by iffthen at 9:35 PM on November 25, 2016 [3 favorites]
Any electronic product you sell has to pass electromagnetic compatibility certification. This is basically a bunch of tests to see that the device doesn't produce radio interference and doesn't break in the presence radio interference. There's a legal requirement to ensure devices are compliant because before the legislation was brought in badly designed electronics were knocking out TV signals and interfering with other devices.
It strikes me that in the brave new world of TCP connected devices something similar is needed. Rather than bombard the device with radio signals, we bombard it with common attack vectors, brute force SSH attacks, all known IoT worms etc. Make it a legislative requirement and security will stop being an afterthought.
posted by leo_r at 3:00 AM on November 26, 2016
It strikes me that in the brave new world of TCP connected devices something similar is needed. Rather than bombard the device with radio signals, we bombard it with common attack vectors, brute force SSH attacks, all known IoT worms etc. Make it a legislative requirement and security will stop being an afterthought.
posted by leo_r at 3:00 AM on November 26, 2016
« Older Theater Was Anything but Polite | The 100 Most Influential Photos of All Time Newer »
This thread has been archived and is closed to new comments
This is also why I've never seen the point to embedding networked computer systems into mundane household appliances. Why do I need in-dash computer navigation when I can just plug in my phone? Why do I need a refrigerator that shows me the daily weather report when it's already there on my phone or tablet? Why do I need wi-fi controllable lightbulbs when I can just set a mechanical timer? What we need isn't just better IoT security, but less frivolous IoT use cases.
posted by Strange Interlude at 7:17 AM on November 23, 2016 [57 favorites]