what are the risks?

Story: Monday Witness: It's Time to Reconize a Civil Right Not to be ConnectedTotal Replies: 6
Author Content

Mar 28, 2017
10:55 PM EDT
let's assume for a moment that data collected in a toaster is actually useful, such as the frequency of use, runtime, and breakdown rate, and that this helps the manufacturer to produce better products with the best intentions in mind.

what are the risks?

if the device is insecure and it's controlled by malevolent forces, what can they do, and who is affected.

the most obvious case will be botnets. botnets are bad and they will hurt the whole internet, however, the won't really affect the owner of the toaster directly and they won't lead to private data being revealed.

another option is the sniffing of the data collected. first, it is not even necessary to break into the device to get that data, and although the device may be easier, finding thousands of devices may be harder than breaking into the company server. and then, what data do they get? maybe the usage patterns and the location, but in a highrise where hundreds of people go to work every morning that is not very personal.

i don't want to downplay the risks, but i want to find out how serious this could be and how large the potential is for the average consumer to ignore the problem. (so what if they find out that i toast 3 slices every morning at 6:50am?) or for the company to downplay the seriousness (they may even publish it: look here, we found out that 70% of our customers toast an average of 2.5 slices between 6 and 8am every weekday).

for those interested we discussed this topic last week here: http://lxer.com/module/forums/t/36378/

greetings, eMBee.

Mar 29, 2017
11:15 AM EDT
> if the device is insecure and it's controlled by malevolent forces, what can they do, and who is affected.

Override the safeties or lock down the temperature-sensor handling timer, set it to 'bake' and burn down the house; all residents of the neighborhood.

Mar 29, 2017
11:19 AM EDT

> let's assume for a moment that data collected in a toaster ... yada yada yada...

OTOH, for those of us WITHOUT unspecified Vested Interests in "encouraging" others to join the Cult of IoT, it rather seems to me that we should quite REALISTICALLY assume that it isn't at all a mere toaster that's the PRIMARY IoT target of the data-analytics which manfactures and "governmental agencies" are really after anyway.

Probably the primary targets would be MUCH INFO-JUICIER IoT devices such as IoT-enabled utility meters, surge-protectors(yep!), house alarm-systems, lighting devices, entertainment devices, temp-control devices, and maybe even refrigerators .... having all that juicier data ofknowing ppl's much more detaild habits and when they come and go. And that's not even including most of the more INTENTIONALLY Internet-connected devices (e.g., computing devices, fax machines, printers...etc) !!


Mar 29, 2017
1:08 PM EDT
Let's also not forget that the recent wikileaks disclosures show that the CIA has the ability to turn on a microphone on your Samsung large screen TV. Having remote access to a live microphone in your living room is probably a lot more interesting to government agents than knowing when you make toast.

My personal practice is to firewall IoT devices giving me access while excluding everyone else. This means that some services are not available (that's OK, I hate the cloud anyway). I have a smart TV but have never given it an IP address. All my TV smarts are implemented in an external device (odroid-c2) running only auditable FOSS software.

I do have IoT devices controlling heating/cooling, security cameras, and other functions, but without an ssh certificate these devices are inaccessible to others.


Mar 29, 2017
1:48 PM EDT
@penguinist: i'd live to get more details about how you do that. in particular the smart tv. if it is even a smart tv and not a computer with a tv screen as output device. (if i understand you correctly, either you don't use the features built into the tv, or you managed to connect them to your external device somehow)

@flufferbeer: in case it was not clear i am trying to find ways to discourage people from joining the IoT cult. but in order to do that, i need a better understanding of the dangers.

the risks of a device with camera or microphone are easy to understand, and their dangers are easy to explain. the dangers of a toaster are much more subtle.

why look at the toaster? because it is probably among the dumbest of IoT devices, and we can assume that any dangers that are posed by an IoT toaster are dangers that apply to every single IoT device out there. other devices will have additional dangers on top of that.

everyone can point out the primary targets, but most will overlook the secondary targets, and hence the question. maybe you are right, and an internet enabled toaster is harmless. but if that is the case you should be able to make that argument.

to reiterate, the question is: besides the obvious wiretapping through microphone and camera, what other dangers do IoT devices bring?

greetings, eMBee.

Mar 29, 2017
1:57 PM EDT
@eMBee: the idea is really pretty brute force. I completely shut off (no networking) the closed source "smart TV" capability, and instead consider the TV as nothing more than a dumb monitor that has an hdmi input (and off-air antenna input). Through the hdmi connection the TV gets program content from external devices such as the odroid-c2.

Mar 29, 2017
4:46 PM EDT
IoT Toaster Risks:
  1. The biggest danger of IoT is that all these devices become botnet zombies attacking the Internet.
  2. The danger of snooping is government only, corporations are a danger because they sell your info to the government.
  3. Other user dangers are related to privacy concerns... such as criminals figuring out how to use your IoT to steal from you... either remotely or locally when you are not at home.
Given the above, the IoT toaster is dangerous because of #1... less danger from #2... and zero danger from #3.

Posting in this forum is limited to members of the group: [ForumMods, SITEADMINS, MEMBERS.]

Becoming a member of LXer is easy and free. Join Us!