Post reply

Securing the Things

  • June 14, 2017 at 8:27 pm

    #322052

    Comments posted to this topic are about the item Securing the Things

  • June 15, 2017 at 7:04 am

    #1946921

    Check out the UL's program:
    http://industries.ul.com/cybersecurity
    They have certified Electric Imp, and may have others in the pipeline. I'm an Imp & UL customer.

  • June 15, 2017 at 8:05 am

    #1946937

    I can see the potential of IoT for use in applications that really matter like: weather and traffic monitoring, law enforcement, or healthcare. However, there has yet to be made a strong and compelling case for embedding IoT technology within consumer products or households in general. I'm saying no one has explained to the public why all this IoT stuff benefits we the actual consumers, rather than just opening a port so the marketing departments of corporations who manufacture the products can data mine our private lives for profit.

    For example, it's a shame that IoT technology and data science has been wasted on such trivial pursuits as this:
    http://fortune.com/2017/03/10/sex-toy-maker-settlement-smart-vibrator-lawsuit/

    "Do not seek to follow in the footsteps of the wise. Instead, seek what they sought." - Matsuo Basho

  • June 15, 2017 at 8:47 am

    #1946954

    Almost all people don't understand the potential harm that the IoT or the virtual/connected world can have on their life. If they did, we wouldn't have the Wild West that is today's internet.

  • June 15, 2017 at 10:27 am

    #1946988

    There are some good consumer items, such as monitoring vehicles or appliances for potential failures. Individually this can be hard to determine, but across a large number of devices, this can provide good service. However, there need to be secure work, anonymization of data, etc.

    Fitness  trackers,  and by extension, medical monitoring equipment can be helpful, but there need to be again, more security and protection here. I'd prefer all of these be one-way, with inside-out access from a user, not a two-way, open port access.

    Security is a good one as well. Many people want some monitoring or the ability to check/change something at home. Turn on/off lights, close/lock doors in case they've forgotten, check video of kids/pets, etc. However, this data doesn't, and shouldn't, go to a company unless the service is monitoring. If this is my looking at data, then I should be the only one with access.

    I'm sure there are other uses, but just because you don't see a use, or want these, doesn't mean that others don't. Be careful of saying this shouldn't happen because you don't want it. Or because it's not secure. Address the real issue (engineering/architecture), not the concept.

  • June 15, 2017 at 12:14 pm

    #1947008

    This is a topic which is worth discussing. I don't understand the technical details (and I'm sure the typical consumer doesn't) but I'm glad I'm being alerted to the issue.

    We certainly want appropriate security on these things and I take Steve's point

    "...including removing older items that might be outdated. For example, DES shouldn't be allowed in any new deployments, and it really should be removed from old ones, though with some grace period..."


    but if we are talking about Iof _things_ don't we need to take account of our target for the life of the "things"?

    Already with some expensive consumer items, the life is being determined by the cost/feasibility of upgrading/maintaining the electronic elements. In some cases that means that the thing would still be able to do its job but the "control unit" says it is no longer serviceable. One example is the "ECUs" on engines, and I had an acquaintance who had a profitable sideline replacing digital control units on industrial equipment with sort-of analogue equivalents ("sort-of" because they provided significantly less function). I appreciate that has no "security implications", but it shows that when we mandate upgrades there is a risk of unintended consequences when people replace stuff with unapproved alternatives.

    It's a tough problem. There is a risk that "you are damned if you do and damned if you don't". A significant part of the problem may develop in the second-hand, and nearing end of life market where you may have a more cost-conscious, less risk-aware user.

    Tom Gillies LinkedIn Profilewww.DuhallowGreyGeek.com[/url]

  • June 15, 2017 at 1:14 pm

    #1947016

    If someone wants to shell out $3000 for an IoT enabled refrigerator, whether it be for their business or home, then that's their prerogative. However, the industry is very out of touch if they think most consumers (even Millennials) are interested. Not even if BestBuy is offering special 0 down and 0 interest for 24 months. The basic no-frills $800 model should always be an option, if the manufacturer wants to stay in business. If you want to check on the contents of your fridge using a phone app or have your toilet sample your poop every time you go potty, then you are a fringe over-payed geek living outside the mainstream of even IT society.

    "Do not seek to follow in the footsteps of the wise. Instead, seek what they sought." - Matsuo Basho

  • June 15, 2017 at 2:06 pm

    #1947023

    Eric M Russell - Thursday, June 15, 2017 1:14 PM

    If someone wants to shell out $3000 for an IoT enabled refrigerator, whether it be for their business or home, then that's their prerogative. However, the industry is very out of touch if they think most consumers (even Millennials) are interested. Not even if BestBuy is offering special 0 down and 0 interest for 24 months. The basic no-frills $800 model should always be an option, if the manufacturer wants to stay in business. If you want to check on the contents of your fridge using a phone app or have your toilet sample your poop every time you go potty, then you are a fringe over-payed geek living outside the mainstream of even IT society.

    But it won't be an option because most people either don't know or don't care and since it's being built into the basic features of new designs it's not easily ripped out.  For example there often is NO option for a top of the line model with everything but IoT.

  • June 15, 2017 at 2:31 pm

    #1947027

    ZZartin - Thursday, June 15, 2017 2:06 PM

    Eric M Russell - Thursday, June 15, 2017 1:14 PM

    If someone wants to shell out $3000 for an IoT enabled refrigerator, whether it be for their business or home, then that's their prerogative. However, the industry is very out of touch if they think most consumers (even Millennials) are interested. Not even if BestBuy is offering special 0 down and 0 interest for 24 months. The basic no-frills $800 model should always be an option, if the manufacturer wants to stay in business. If you want to check on the contents of your fridge using a phone app or have your toilet sample your poop every time you go potty, then you are a fringe over-payed geek living outside the mainstream of even IT society.

    But it won't be an option because most people either don't know or don't care and since it's being built into the basic features of new designs it's not easily ripped out.  For example there often is NO option for a top of the line model with everything but IoT.

    I guess if someone is locked into buying a "top of the line" model, then their choices are limited; they just get (and pay for) everything by default. There is always the option of not setting up the wifi connection when it's installed, but I guess that defeats the purpose of owning a $3000 fridge. Still, it's not as if the fridge will stop cooling when the internet is down. The only downside would be all the annoying emails and phone calls from Samsung customer service asking if everything is OK.

    There are plenty of refrigerators still manufactured without any digital controls or components at all. For $500, some even come in the larger 24 cu ft size with stainless steel finish that look just like a higher end model, so it holds enough food for a family of six and the neighbors are properly impressed by it's appearance. For $30 more, one could even mount an Android tablet on the front for watching TV in the kitchen, rather than paying the extra $1,000 Samsung would charge for building one in. It's all the same.

    "Do not seek to follow in the footsteps of the wise. Instead, seek what they sought." - Matsuo Basho

  • June 15, 2017 at 5:30 pm

    #1947037

    Tom Gillies - Thursday, June 15, 2017 12:14 PM

    This is a topic which is worth discussing. I don't understand the technical details (and I'm sure the typical consumer doesn't) but I'm glad I'm being alerted to the issue.
    ...
    but if we are talking about Iof _things_ don't we need to take account of our target for the life of the "things"?

    Already with some expensive consumer items, the life is being determined by the cost/feasibility of upgrading/maintaining the electronic elements.

    I agree with existing items there is an issue. Certainly some are built without any way to upgrade change. What I'd propose is that from this point forward, or at some point, we note that you can't sell products anymore if they don't have any way to be upgraded. Security is too big a deal to allow this.

  • June 15, 2017 at 5:32 pm

    #1947038

    I wouldn't get caught up on any particular market. I'm sure some people love the connected $3k (or more) fridge that lets them know what's in there. My only point is that if someones wants to build it, they need to accept some responsibility for implementing some sort of security and patching.

Viewing 11 posts - 1 through 10 (of 10 total)

You must be logged in to reply to this topic. Login to reply