There aren't any that I am aware of. In order to get these things working in a fairly secure manner you have to build the system yourself. Everything I have seen for sale has required connection to the company's servers.
Easy. No Cloud. Why does your smart shoe need a cloud to communicate with your phone? Bluetooth is enough. Why doesn't your wlan lightbulb talk to your router as accesspoint, which can communicate with your mobile phone (some manufactures offer free dyndns with one click)? Why does it always need to use a cloud? One Cloud? At least two! The lightbuld talks with its manufacturer, which sends pings to google, which sends it to your phone as push message.
Secure IoTs? Depends on what you mean by that. Standards like Z-Wave and Zigbee are already somewhat safer from remote tampering than WiFi-enabled devices since they operate on their own network. Hacking into them remotely or making them send data to a 3rd party involves hacking the central controller (if that controller even is connected to the Internet, though it often is). Certainly possible but it's a considerable extra hurdle. The networks themselves are fairly easy to hack, though the new version
The real problem with the IoT is that everyone and their brother is trying to be the One True Provider of All Home Automation, and they want to do it in the cloud so they can charge you for integrating with everyone else's clouds. Nest has the whole Nest-Certified thing, running in the cloud. Samsung has the Samsung Smart Home, running your washers, dryers, and air conditioners in their cloud. AssureLink will happily run your garage door openers in their cloud. Honeywell has their thermostat system, in their cloud. Rheem has their EcoNet for running hot water heaters, in their cloud. LG has a cloud service for their TVs. Schlage has a cloud for running door locks. D-Link has a cloud for viewing their security cameras. Fitbit cloud-enables your health data. Philips' cloud runs your Hue lights. And so on.
Cloud solves some thorny problems. It enables easier configuration of the home user's environment by removing most of the barriers, which is critical to commercial success. Ordinary people don't know they need to poke a hole in their firewalls, and they also know they don't want to know all those technical details. But they still want to remotely access their IoThings from their iPhones. Having the IoThings phone home to the cloud means there's a central point to discover and communicate with them, making the consumer's installation woes less painful - ease of use is critical to driving sales. And the cloud can back up those configurations, allowing you to replace your old device 1.0 with new device 2.0, all without pain.
Clouds can also improve end user security - from a certain kind of threat. If your home device is connecting to the cloud and never listening for input on its own, its attack surface is much smaller than if it has opened a port on your firewall. And when your home device needs a security patch, the cloud can push it. Obviously, that means your home devices place their trust in the cloud to be secure, which is the point of TFA.
But the main problem cloud solves is that clouds provide an ongoing "service" for which the device provider can charge $9.99/month. And it's all about the continual extraction of money from the consumers. Why sell an overpriced sprinkler system only once when you can have that wealthy sprinkler system owner send your cloud service a check every single month? That's really why everyone wants to be the company that sells you the One True System, so they are the ones you're willing to pay on a monthly basis.
What I want (and have) is a server in my house that handles the home automation communications and executes rules without requiring a cloud. Unfortunately, most of the commercial hubs come needlessly saddled with clouds. There is no technical reason for an Iris hub or a Wink hub to connect to a cloud, yet they do. Amazon Echo runs everything to the cloud, including your voice. Better systems make the cloud optional.
There are also better choices on the horizon. OpenHAB is making great progress on providing an open source Java package that can handle a wide variety of home automation devices; GUI control is getting there, but setup and configuration is still a complex problem that's out of reach of the average homeowner.
OpenHAB is one option, with a Z-Wave/Zigbee USB stick it might be able to replace a SmartThings/Nest kind of set up - if you don't mind a lot of work getting it all working (kinda like using Linux in the early days)
Also look for devices that don't need the cloud but use it for additional features. Philips Hue lights talk to a hub that does talk to the cloud for remote control, but that hub has a simple REST API for local control. If you wanted to, you could block the hub from talking to the internet and use
Yeah, I looked at OpenHAB for a while, but their grandly named "OpenHAB Designer" turned out to be nothing more a copy of Eclipse running a text editor to modify the necessary half-dozen configuration files and check them for syntax errors. It is definitely not ready for an advanced installation professional, let alone the average homeowner.
I've had great luck so far with Vera (getvera.com). It can use the cloud if you let it, but everything is configured and run locally. Configuration is not quite plugT
Very similar to my experiences with SmartThings - despite being sold here in the UK in a major high street store, it's not really ready for primetime, but you can work around the limitations. I haven't gone beyond lights and a plug socket yet, plus the motion/door sensors that come in the starter kit. It's been a bit of fun, I like playing with gadgets, but I wouldn't recommend it to anyone just yet
Sounds like the big difference, when compared with Vera, is that ST is cloud based and the development options
Laugh if you want, but I really do have two "clouds" controlled by my smart house. They're ultrasonic mist emitters that fill our orchid-growing cabinets with fog, three times a day. It keeps the humidity inside the glass cases above 95%, which is ideal for some of the equatorial cloud-forest species.
And yes, the electrical plug is kept safely outside of the cabinets. Condensing humidity is a very bad environment for electrical appliances.
We (OpenTRV) are building IoT devices that are decentralised and will work (well) without an Internet connection, smartphone or hideously complex instruction manual.
Some of our target users don't have Internet connections or smartphones, for a start.
Our devices can be connected up beyond a local hub (eg to control your heating better) if you wish, but making it possible to do without makes them inherently safer and more reliable IMHO.
Yes, we're keen on OpenHAB integration, but Open Energy Monitor and MQTT a
... most of the commercial hubs come needlessly saddled with clouds.
DHCP means a computer can send out an unaddressed command "give me an IP address". We need IoThings to send out a "give me a cloud URI" command, although it can be addressed to the router. Routers will be updated to provide cloud-type storage on-site. Ideally, the router will access a database of cloud server addresses, just like email software uses a database of email server addresses. Then the router can ask the appropriate server for a firmware update.
for controlling lights I think you need alot of security at the protocol level, I mean yeah I just broadcast my living room lights turned on.. but if you are in range of picking up my switch's transmission then you already knew that.
stuff like thermostats and stuff have hard set minimums and maximums that would not do more than make you a bit uncomfortable.
the z-wave on my washer/dryer just measure energy to tell me when they are done, worst you could do is shut off a load in the middle and make me a bit co
Zigbee is old and crusty, the newest version is just strange and bloated and no one has really adopted it. It may die off except that big companies keep demanding Zigbee as a check-off box. The standards of this are new and evolving, and security isn't always there but the device makers are adding it anyway (and if you insist on alliance led standards for security then you'll get crap like WPA as a result when a manufacturer might actually have something better).
Actually, as consumers, they (mostly) do have options - lots of them.
In my case, I avoid the whole IoT thing like it were some virulent form of radioactive space herpes. It's not out of paranoia, but because my rural Satellite ISP has a bandwidth cap during most of any given 24-hour cycle. This means not bothering with the cute little automated/networked thermometers, televisions, refrigerators, etc...
To be honest, I don't see much value in them anyway - at least not at this time; I'm perfectly capable of setting a thermostat (or throwing another log into the wood stove), and keeping a mental inventory of what's in my refrigerator. There are promising technologies/devices out (e.g. the Amazon Echo thingy), but in all honesty, they're nice-to-have things, not need-to-have (and unless you're severely disabled, nearly all of them are not much more than glorified monetization opportunities for whoever sells the thing to you - again, see also the Amazon Echo thingy).
Anyrate, yes the consumer (that is, you and I) have the ultimate power over how much these things influence and potentially control our lives and out stuff.
Now there may be exceptions (say you bought some swanky condo or rented an apartment that has all this stuff in it), but they can be disabled to an extent (or even hijacked by you if you know how and see a use for doing so.) It ultimately depends on you.
Eventually, I can see where you'd have no choice but to buy such things because alternatives would cease to exist... but even there, you can simply, say, assign them to an SSID that you've throttled down to 14.4k or some obscenely low rate, then take the extra step of firewalling the shit out of that network to allow only established/related ports. Or, just hack the thing to taste (after all, phones can be jailbroken fairly quickly, so...)
I'm in the same boat. Due to numerous other Wi-Fi links around where I live, at best, I get reliable signal in one room, but that pretty much it. Because there are just so many devices yakking on Wi-Fi, even the 5Ghz band, where devices are supposedly to find the channel that is used the least, are saturated.
As for IoT devices, I do watch occasionally the Fiver channel on YT, which always has some new IoT item. Some are cool, others... why bother? If I were to spend the price premium for a "smart" fridg
I've never understood why IoT devices don't move to a hub/spoke model. A hardened, central hub that does the Internet communicating, and the devices use Bluetooth and are paired with the hub (or hubs).
Many do: Philips Hue, SmartThings, Iris (Lowes), VeraLite, and others do, except it's Z-Wave and/or ZigBee rather than Bluetooth that does the communicating. (Low-energy Bluetooth wasn't around when these standards were created, and Z-Wave and ZigBee also have the ability to form a mesh network rather than each needing to connect to the central bridge/hub.) WeMo is a notable one that doesn't work like this, as are Nest and several AppleHome Kit-capable products that connect directly to WiFi. I don't like th
my rural Satellite ISP has a bandwidth cap during most of any given 24-hour cycle.... I'm perfectly capable of setting a thermostat
Thought experiment: what if you didn't have the cap, and you were at work and wanted to know what the thermostat was currently set to. (Maybe you brainfarted and can't remember if you set it when you left this morning; maybe you want to know if The Three Bears have come into your house and have fiddled with it, etc.) Would you do it then?
What is the cost of mis-setting a thermostat? I make $120k/year, I'm not going to give myself more stress worrying over $2. If it's really a problem I'll call my next door neighbor and have her go check it out.
In my case, I avoid the whole IoT thing like it were some virulent form of radioactive space herpes. It's not out of paranoia, but because my rural Satellite ISP has a bandwidth cap during most of any given 24-hour cycle.
For me, it is because IoT is another way of saying "recurring monthly bill" or "forced obsolescence"
Oh, look, I have a nice alarm clock that is connected to the internet, has an app store, collects data about me and will stop functioning when the manufacturer doesn't feel like supporting it any more.... what a deal!
How do you know your connected thingy doesn't try to connect to your neighbor's Wifi? Unless it's in a remote area, the thingy is likely to find a couple of WLANs, easily three dozen or more. While it may not have much CPU power, it's got all the time in the world to try to crack WEP and even WPA.
"In my case, I avoid the whole IoT thing like it were some virulent form of radioactive space herpes."
Exactly! IoT devices WILL be abused to collect what should be private information on their owners. And what about ransom-ware attacks? What happens when a hacker or group of hackers takes over your home via these devices, turning off your fridge or your heat/air conditioning, and wants a ransom to turn them back on? I can see these devices being designed to not work without being connected to the intern
I dont use stupid "cloud" crap for my IOT devices they talk to the server in my home, and the ones in the vacation home talk over an encrypted VPN to my home.
it's the consumer crap designed to spy on you that are the problem, not IOT.
"Once it starts going mainstream, what do you think most people will be using?"
Once it start going? Where have you been? Hundreds of thousands of people GLEEFULLY pay amazon to put microphones in their home to listen to them 24/7... It's called Alexia. Smart Things, and others connect all the doors and other sensors in.. all a nice database to sell to whoever wants to pay for it. Buy your data in multiple sources, add in Lexus Nexus data that has everything else including your SSN, your Drivers lic
You can make IoT secure. Devices can be put on separate network segments that can't see each other, are firewalled, with an IDS/IPS in place to minimize damage if compromised. Logs can be exported one way via syslog to a secure server, which can be searched by Splunk or an elk stack machine. Warnings can be handled by an application running locally that can do email or SMS. Hub/spoke architectures can be used with low bandwidth devices using Bluetooth. Heck, most IoT devices could be hardwired. The de
This seems like it could be done fairly easily in software right inside even consumer-grade routers, and would at least help in mitigating some of the security threats of these devices. These routers already offer "guest networks" on most newer models, so this seems like the next logical step. Just create a simple way at router setup/configuration time to create an "IoT network" as well which is isolated from anything else on the router for safety.
Certainly. You don't buy 'IoT' devices in the first place. Most of them are solutions in search of a problem, not the other way around, just ways to get tech-enthused people to spend their money on more toys that they didn't need until someone convinced them they did.
You can blame the consumer in the same vein that a judge can tell someone 'ignorance of the law is no excuse'. The average consumer is about as security-savvy with things like this as they are about their Facebook posts. It's the whole 'I have nothing to hide therefore I have nothing to fear' attitude, which of course is utter and complete nonsense. Some consumers might hear and even understand that their Nest thermostat is accessible by hackers, but they don't really care. Of course imagine their faces in
"Don't blame the consumer when the mfgr is putting out shit product."
Of course you can blame the customer.
The only thing you can't blame the customer is for the thingie being there (I wanted X but X came with a, b and c tied to it) as soon as they buy something on purpose, customers are the ones to blame.
What you can't do is just the opposite, blame the vendor. You know for sure the vendor will try to sell you the cheapest shit that maximizes their revenue. Heck, it's their damn job to do so! And the ven
Blame the consumer for not asking about security options. If their thermostat is unsecure as an IoT device because it connects to their wifi router, then I wouldn't put any bets about the security of their laptop or smart TV either. The rise of security problems is not necessarily because of IoT security but because there are not so many more things all on the same internet. The security needs to be added even when the consumer is not asking for those features, even if it raises the cost of the products.
Part of a recent project has been to make an IoT-friendly really robust secure link from device to hub or Internet server, all liberally licensed and open:
"OpenTRV conf / Saturday November 29th" - Would be helpful if you added the YEAR to your event dates, so the audience knows whether there's an upcoming event, or if your web presence is yet another ancient one-hit wonder.
Yes there are secure IoTs. Problem is with generic devices using generic operating systems with no security added or added as a late afterthought. Ie, "consumer" devices are the ones to beware of. Breaking into the coffee maker isn't giving you any access to your thermostat as they're not connected to each other except for using the same air space. A lot of these are relatively big and bulky devices, full android or linux maybe, with wi-fi networking and all its problems. Cheap devices made by companie
The convenience would be worth the risk if it was convenient. Trouble is : it's not. The biggest problem is the lack of standardization. You can't buy any AC unit and expect it to be able to connect to any smart thermostat. You can't expect your IoT alarm clock to be able to turn on your IoT coffee machine without buying a specific machine, which, incidentally, makes poor coffee. And that's the problem, I buy things based on cost and how well they perform as things : I want a washing machine that washes well,
The "dumb-ass majority" will quickly change their tune when their home gets p0wned, badly. i.e. Devices stay on consuming electricity, fridge constantly shuts off so they are forced to rebuy all their groceries, little Johnny's lights keep switching on/off all day, etc.
I'm actually waiting for the hackers to have a field day with this; then maybe the dumb-ass majority will actually learn their lesson:
* Just because you _can_ hook a device up to the internet, doesn't mean you _should_.
The "dumb-ass majority" will quickly change their tune when their home gets p0wned,
The same "dumb-ass majority" that happily runs malware Infested Windows machines and doesn't care until they slow down too much.
The same majority that thinks getting pwned is a hardware problem and buys a whole new computer.
The same majority who, after having someone capable clean out their computer, bring it back within weeks because they refuse to learn and it's riddled with crap again?
I'm actually waiting for the hackers to have a field day with this; then maybe the dumb-ass majority will actually learn their lesson
We are already knee deep in a malware swamp beyond the dreams of bad SF, yet it just keeps on getting worse and there are plenty that have not learned the lesson (or even smirk at those who have).
Maybe worth it to SOME. I've boycotted iOT devices and will continue to do so until high security has been adopted as industry standard. No, I'm not holding my breath. Where I live we've got a lot of tech-savvy criminals and I won't give them the iOT edge.
Too late (Score:5, Insightful)
The convenience is worth the risk. The dumb-ass majority has spoken.
Re:Too late (Score:5, Insightful)
Fair point. But did they have any other options?
Are there secure IoTs?
Maybe, just maybe, the developers/manufacturers are at some fault.
Re: (Score:1, Insightful)
Yes, they could have said "no". Your scale does not need to talk to the fridge. Your thermostat does not need to talk to Google.
Re: (Score:0)
No is always an answer. But the question I was asking was what other manufacturing options are there which are secure?
Your snide comment didn't really help anything.
Re: (Score:1)
Re: (Score:2)
Easy. No Cloud. Why does your smart shoe need a cloud to communicate with your phone? Bluetooth is enough. Why doesn't your wlan lightbulb talk to your router as accesspoint, which can communicate with your mobile phone (some manufactures offer free dyndns with one click)? Why does it always need to use a cloud? One Cloud? At least two! The lightbuld talks with its manufacturer, which sends pings to google, which sends it to your phone as push message.
Re: (Score:2)
Re:Too late (Score:5, Informative)
The real problem with the IoT is that everyone and their brother is trying to be the One True Provider of All Home Automation, and they want to do it in the cloud so they can charge you for integrating with everyone else's clouds. Nest has the whole Nest-Certified thing, running in the cloud. Samsung has the Samsung Smart Home, running your washers, dryers, and air conditioners in their cloud. AssureLink will happily run your garage door openers in their cloud. Honeywell has their thermostat system, in their cloud. Rheem has their EcoNet for running hot water heaters, in their cloud. LG has a cloud service for their TVs. Schlage has a cloud for running door locks. D-Link has a cloud for viewing their security cameras. Fitbit cloud-enables your health data. Philips' cloud runs your Hue lights. And so on.
Cloud solves some thorny problems. It enables easier configuration of the home user's environment by removing most of the barriers, which is critical to commercial success. Ordinary people don't know they need to poke a hole in their firewalls, and they also know they don't want to know all those technical details. But they still want to remotely access their IoThings from their iPhones. Having the IoThings phone home to the cloud means there's a central point to discover and communicate with them, making the consumer's installation woes less painful - ease of use is critical to driving sales. And the cloud can back up those configurations, allowing you to replace your old device 1.0 with new device 2.0, all without pain.
Clouds can also improve end user security - from a certain kind of threat. If your home device is connecting to the cloud and never listening for input on its own, its attack surface is much smaller than if it has opened a port on your firewall. And when your home device needs a security patch, the cloud can push it. Obviously, that means your home devices place their trust in the cloud to be secure, which is the point of TFA.
But the main problem cloud solves is that clouds provide an ongoing "service" for which the device provider can charge $9.99/month. And it's all about the continual extraction of money from the consumers. Why sell an overpriced sprinkler system only once when you can have that wealthy sprinkler system owner send your cloud service a check every single month? That's really why everyone wants to be the company that sells you the One True System, so they are the ones you're willing to pay on a monthly basis.
What I want (and have) is a server in my house that handles the home automation communications and executes rules without requiring a cloud. Unfortunately, most of the commercial hubs come needlessly saddled with clouds. There is no technical reason for an Iris hub or a Wink hub to connect to a cloud, yet they do. Amazon Echo runs everything to the cloud, including your voice. Better systems make the cloud optional.
There are also better choices on the horizon. OpenHAB is making great progress on providing an open source Java package that can handle a wide variety of home automation devices; GUI control is getting there, but setup and configuration is still a complex problem that's out of reach of the average homeowner.
Re: (Score:2)
OpenHAB is one option, with a Z-Wave/Zigbee USB stick it might be able to replace a SmartThings/Nest kind of set up - if you don't mind a lot of work getting it all working (kinda like using Linux in the early days)
Also look for devices that don't need the cloud but use it for additional features. Philips Hue lights talk to a hub that does talk to the cloud for remote control, but that hub has a simple REST API for local control. If you wanted to, you could block the hub from talking to the internet and use
Re: (Score:2)
Yeah, I looked at OpenHAB for a while, but their grandly named "OpenHAB Designer" turned out to be nothing more a copy of Eclipse running a text editor to modify the necessary half-dozen configuration files and check them for syntax errors. It is definitely not ready for an advanced installation professional, let alone the average homeowner.
I've had great luck so far with Vera (getvera.com). It can use the cloud if you let it, but everything is configured and run locally. Configuration is not quite plugT
Re: (Score:2)
Very similar to my experiences with SmartThings - despite being sold here in the UK in a major high street store, it's not really ready for primetime, but you can work around the limitations. I haven't gone beyond lights and a plug socket yet, plus the motion/door sensors that come in the starter kit. It's been a bit of fun, I like playing with gadgets, but I wouldn't recommend it to anyone just yet
Sounds like the big difference, when compared with Vera, is that ST is cloud based and the development options
Re: (Score:0)
what happens when the cloud rains on my electrical plug socket? I was always told that was a bad thing!!
Re: (Score:2)
Laugh if you want, but I really do have two "clouds" controlled by my smart house. They're ultrasonic mist emitters that fill our orchid-growing cabinets with fog, three times a day. It keeps the humidity inside the glass cases above 95%, which is ideal for some of the equatorial cloud-forest species.
And yes, the electrical plug is kept safely outside of the cabinets. Condensing humidity is a very bad environment for electrical appliances.
Re: (Score:2)
We (OpenTRV) are building IoT devices that are decentralised and will work (well) without an Internet connection, smartphone or hideously complex instruction manual.
Some of our target users don't have Internet connections or smartphones, for a start.
Our devices can be connected up beyond a local hub (eg to control your heating better) if you wish, but making it possible to do without makes them inherently safer and more reliable IMHO.
Yes, we're keen on OpenHAB integration, but Open Energy Monitor and MQTT a
Re: (Score:0)
DHCP means a computer can send out an unaddressed command "give me an IP address". We need IoThings to send out a "give me a cloud URI" command, although it can be addressed to the router. Routers will be updated to provide cloud-type storage on-site. Ideally, the router will access a database of cloud server addresses, just like email software uses a database of email server addresses. Then the router can ask the appropriate server for a firmware update.
Re: (Score:0)
for controlling lights I think you need alot of security at the protocol level, I mean yeah I just broadcast my living room lights turned on.. but if you are in range of picking up my switch's transmission then you already knew that.
stuff like thermostats and stuff have hard set minimums and maximums that would not do more than make you a bit uncomfortable.
the z-wave on my washer/dryer just measure energy to tell me when they are done, worst you could do is shut off a load in the middle and make me a bit co
Re: (Score:2)
Zigbee is old and crusty, the newest version is just strange and bloated and no one has really adopted it. It may die off except that big companies keep demanding Zigbee as a check-off box. The standards of this are new and evolving, and security isn't always there but the device makers are adding it anyway (and if you insist on alliance led standards for security then you'll get crap like WPA as a result when a manufacturer might actually have something better).
Big problem is with the dumb IoT, devices t
Re:Too late (Score:5, Insightful)
Fair point. But did they have any other options?
Actually, as consumers, they (mostly) do have options - lots of them.
In my case, I avoid the whole IoT thing like it were some virulent form of radioactive space herpes. It's not out of paranoia, but because my rural Satellite ISP has a bandwidth cap during most of any given 24-hour cycle. This means not bothering with the cute little automated/networked thermometers, televisions, refrigerators, etc...
To be honest, I don't see much value in them anyway - at least not at this time; I'm perfectly capable of setting a thermostat (or throwing another log into the wood stove), and keeping a mental inventory of what's in my refrigerator. There are promising technologies/devices out (e.g. the Amazon Echo thingy), but in all honesty, they're nice-to-have things, not need-to-have (and unless you're severely disabled, nearly all of them are not much more than glorified monetization opportunities for whoever sells the thing to you - again, see also the Amazon Echo thingy).
Anyrate, yes the consumer (that is, you and I) have the ultimate power over how much these things influence and potentially control our lives and out stuff.
Now there may be exceptions (say you bought some swanky condo or rented an apartment that has all this stuff in it), but they can be disabled to an extent (or even hijacked by you if you know how and see a use for doing so.) It ultimately depends on you.
Eventually, I can see where you'd have no choice but to buy such things because alternatives would cease to exist... but even there, you can simply, say, assign them to an SSID that you've throttled down to 14.4k or some obscenely low rate, then take the extra step of firewalling the shit out of that network to allow only established/related ports. Or, just hack the thing to taste (after all, phones can be jailbroken fairly quickly, so...)
Re: (Score:2)
I'm in the same boat. Due to numerous other Wi-Fi links around where I live, at best, I get reliable signal in one room, but that pretty much it. Because there are just so many devices yakking on Wi-Fi, even the 5Ghz band, where devices are supposedly to find the channel that is used the least, are saturated.
As for IoT devices, I do watch occasionally the Fiver channel on YT, which always has some new IoT item. Some are cool, others... why bother? If I were to spend the price premium for a "smart" fridg
Re: (Score:2)
The same reason security is an afterthought :(
Re: (Score:2)
I've never understood why IoT devices don't move to a hub/spoke model. A hardened, central hub that does the Internet communicating, and the devices use Bluetooth and are paired with the hub (or hubs).
Many do: Philips Hue, SmartThings, Iris (Lowes), VeraLite, and others do, except it's Z-Wave and/or ZigBee rather than Bluetooth that does the communicating. (Low-energy Bluetooth wasn't around when these standards were created, and Z-Wave and ZigBee also have the ability to form a mesh network rather than each needing to connect to the central bridge/hub.) WeMo is a notable one that doesn't work like this, as are Nest and several AppleHome Kit-capable products that connect directly to WiFi. I don't like th
Re: (Score:0)
Thought experiment: what if you didn't have the cap, and you were at work and wanted to know what the thermostat was currently set to. (Maybe you brainfarted and can't remember if you set it when you left this morning; maybe you want to know if The Three Bears have come into your house and have fiddled with it, etc.) Would you do it then?
No, you wouldn't, because a thermostat
Re: (Score:0)
What is the cost of mis-setting a thermostat? I make $120k/year, I'm not going to give myself more stress worrying over $2. If it's really a problem I'll call my next door neighbor and have her go check it out.
Re: (Score:2)
In my case, I avoid the whole IoT thing like it were some virulent form of radioactive space herpes. It's not out of paranoia, but because my rural Satellite ISP has a bandwidth cap during most of any given 24-hour cycle.
For me, it is because IoT is another way of saying "recurring monthly bill" or "forced obsolescence"
Oh, look, I have a nice alarm clock that is connected to the internet, has an app store, collects data about me and will stop functioning when the manufacturer doesn't feel like supporting it any more.... what a deal!
Re: (Score:0)
How do you know your connected thingy doesn't try to connect to your neighbor's Wifi? Unless it's in a remote area, the thingy is likely to find a couple of WLANs, easily three dozen or more. While it may not have much CPU power, it's got all the time in the world to try to crack WEP and even WPA.
Re: (Score:0)
"In my case, I avoid the whole IoT thing like it were some virulent form of radioactive space herpes."
Exactly! IoT devices WILL be abused to collect what should be private information on their owners. And what about ransom-ware attacks? What happens when a hacker or group of hackers takes over your home via these devices, turning off your fridge or your heat/air conditioning, and wants a ransom to turn them back on? I can see these devices being designed to not work without being connected to the intern
Re:Too late (Score:5, Insightful)
"Are there secure IoTs?"
yep all of mine are. because I made them.
I dont use stupid "cloud" crap for my IOT devices they talk to the server in my home, and the ones in the vacation home talk over an encrypted VPN to my home.
it's the consumer crap designed to spy on you that are the problem, not IOT.
Re: (Score:2)
it's the consumer crap designed to spy on you that are the problem, not IOT.
Once it starts going mainstream, what do you think most people will be using?
Re: (Score:0)
"Once it starts going mainstream, what do you think most people will be using?"
Once it start going? Where have you been? Hundreds of thousands of people GLEEFULLY pay amazon to put microphones in their home to listen to them 24/7... It's called Alexia. Smart Things, and others connect all the doors and other sensors in.. all a nice database to sell to whoever wants to pay for it. Buy your data in multiple sources, add in Lexus Nexus data that has everything else including your SSN, your Drivers lic
Re: (Score:2)
You can make IoT secure. Devices can be put on separate network segments that can't see each other, are firewalled, with an IDS/IPS in place to minimize damage if compromised. Logs can be exported one way via syslog to a secure server, which can be searched by Splunk or an elk stack machine. Warnings can be handled by an application running locally that can do email or SMS. Hub/spoke architectures can be used with low bandwidth devices using Bluetooth. Heck, most IoT devices could be hardwired. The de
Re: (Score:2)
This seems like it could be done fairly easily in software right inside even consumer-grade routers, and would at least help in mitigating some of the security threats of these devices. These routers already offer "guest networks" on most newer models, so this seems like the next logical step. Just create a simple way at router setup/configuration time to create an "IoT network" as well which is isolated from anything else on the router for safety.
Re: (Score:1)
Re: (Score:2)
But did they have any other options?
Certainly. You don't buy 'IoT' devices in the first place. Most of them are solutions in search of a problem, not the other way around, just ways to get tech-enthused people to spend their money on more toys that they didn't need until someone convinced them they did.
Re: (Score:1)
Yes, aside from the blatantly obvious no, are there any secure options?
Re: (Score:2)
Re: (Score:2)
which is kind of my point.
Don't blame the consumer when the mfgr is putting out shit product. While putting lipstick on it.
Re: (Score:2)
Re: (Score:2)
"Don't blame the consumer when the mfgr is putting out shit product."
Of course you can blame the customer.
The only thing you can't blame the customer is for the thingie being there (I wanted X but X came with a, b and c tied to it) as soon as they buy something on purpose, customers are the ones to blame.
What you can't do is just the opposite, blame the vendor. You know for sure the vendor will try to sell you the cheapest shit that maximizes their revenue. Heck, it's their damn job to do so! And the ven
Re: (Score:2)
You're working with the wrong vendors if you think it's their job to sell you the cheapest shit possible.
Re: (Score:2)
"You're working with the wrong vendors if you think it's their job to sell you the cheapest shit possible."
That's not what I said. I said "the cheapest shit that maximizes their revenue".
Re: (Score:2)
Blame the consumer for not asking about security options. If their thermostat is unsecure as an IoT device because it connects to their wifi router, then I wouldn't put any bets about the security of their laptop or smart TV either. The rise of security problems is not necessarily because of IoT security but because there are not so many more things all on the same internet. The security needs to be added even when the consumer is not asking for those features, even if it raises the cost of the products.
Re: (Score:2)
Part of a recent project has been to make an IoT-friendly really robust secure link from device to hub or Internet server, all liberally licensed and open:
https://github.com/DamonHD/Ope... [github.com]
This runs happily on Arduino-UNO (and slower) class hardware purely in software, eg including an AES-GCM implementation:
https://github.com/opentrv/OTA... [github.com]
So yes, is the answer.
We (OpenTRV) aim to get it on 400 million energy saving smart thermostatic radiator valves across Europe.
Rgds
Damon
Re: (Score:1)
"OpenTRV conf / Saturday November 29th" - Would be helpful if you added the YEAR to your event dates, so the audience knows whether there's an upcoming event, or if your web presence is yet another ancient one-hit wonder.
Re: (Score:0)
Maybe, just maybe, the developers/manufacturers are at some fault.
Fault is only half the answer. The real question is whether or not they will have some responsibility.
So far the answer seems to be avoiding it.
Re: (Score:2)
Yes there are secure IoTs. Problem is with generic devices using generic operating systems with no security added or added as a late afterthought. Ie, "consumer" devices are the ones to beware of. Breaking into the coffee maker isn't giving you any access to your thermostat as they're not connected to each other except for using the same air space. A lot of these are relatively big and bulky devices, full android or linux maybe, with wi-fi networking and all its problems. Cheap devices made by companie
Re: (Score:0)
Well, that only applies to people who need a toaster with Internet connection. For the rest of us, nobody gives a shit about the IoT.
Re: (Score:2)
The convenience would be worth the risk if it was convenient.
Trouble is : it's not. The biggest problem is the lack of standardization. You can't buy any AC unit and expect it to be able to connect to any smart thermostat. You can't expect your IoT alarm clock to be able to turn on your IoT coffee machine without buying a specific machine, which, incidentally, makes poor coffee.
And that's the problem, I buy things based on cost and how well they perform as things : I want a washing machine that washes well,
Re: (Score:2)
The "dumb-ass majority" will quickly change their tune when their home gets p0wned, badly.
i.e. Devices stay on consuming electricity, fridge constantly shuts off so they are forced to rebuy all their groceries, little Johnny's lights keep switching on/off all day, etc.
I'm actually waiting for the hackers to have a field day with this; then maybe the dumb-ass majority will actually learn their lesson:
* Just because you _can_ hook a device up to the internet, doesn't mean you _should_.
Re: (Score:2)
I'm actually waiting for the hackers to have a field day with this;
Then you might be interested in this [slashdot.org].
Re: Too late (Score:0)
The "dumb-ass majority" will quickly change their tune when their home gets p0wned,
The same "dumb-ass majority" that happily runs malware Infested Windows machines and doesn't care until they slow down too much.
The same majority that thinks getting pwned is a hardware problem and buys a whole new computer.
The same majority who, after having someone capable clean out their computer, bring it back within weeks because they refuse to learn and it's riddled with crap again?
Sure, they'll learn this time.
Re: (Score:2)
We are already knee deep in a malware swamp beyond the dreams of bad SF, yet it just keeps on getting worse and there are plenty that have not learned the lesson (or even smirk at those who have).
Re: (Score:1)
Re: (Score:2)