They lock down everything and you will not be able to program it.
I don't see that going down well with developers and hobbyists.
Mikko Hypponen, chief research officer at Finnish security company F-Secure, spoke to The Reg at the launch of Sense, a consumer firewall device that aims to "secure your connected things". Hypponen says IoT is unavoidable. "If it uses electricity, it will become a computer. If it uses electricity, it will be online. In future …
Correct, but an end user who only cares about email, browsing the web and watching some videos will be happy their files aren't getting encrypted by ransomware and their online banking credentials stolen. Meanwhile, the hobbyists & developers will avoid those devices and stick with full blown Windows, Linux or Macs.
I think Chromebooks are a good example of this model, actually. They can't be programmed by the average end user. There's a "developer mode" that allows programming, but getting into it requires some specific steps (well documented) and a data wipe, and it warns you each time you boot that you're in an insecure developer mode. So hobbyists still have the ability to tinker, but end users can't be easily tricked into unlocking their devices for malware.
One possibility is blocking the VPN server IP addresses at the ISP's for any that don't play well with law enforcement. The way around that is a personal VPS providing your own VPN service. I'm seriously consiering that in replacement for my VPN and "Cloud Storage" currently provided by other companies. Even work out a bit cheaper here.
Come now, the snooper's charter was only ever about catching the dumb and technically ignorant out there. Admittedly, that is most people.
As for trying to crack down on VPN services that would end up as another pointless whack-a-mole game and seriously piss of business users. Of course the gov often dances to the red-top paper's stupid suggestions so there is a fair chance they would try, but again I suspect the real experts know your biggest risk are the local muppets who can buy knifes and rent a van, as we have seen recently.
Except that he is saying that in the future such devices won't use your network. Presumably they will have some sort of wireless radio for 2g/3g/4g/5g data, with eSIM and monthly costs...
The only hope is not paying the monthly payments or somehow deaktivating the chip - and hoping that a lack of signal doesn't brick the device...
My other half won't let anything IoT in the house (useless toys) and won't let anything (other than telephone or laptop) into the house with a microphone.
Good luck with that. I can imagine that in five years max high end TVs which come with a microphone either in the TV or the remote will trickle down to all models.
And it's difficult to tell before you buy because manufacturers don't make it clear it's got a microphone, they just say it does whatever their fantastic speech recognition thing is called, and that might cover an an app on a mobile paired with the TV too.
I can imagine that in five years max high end TVs which come with a microphone either in the TV or the remote will trickle down to all models
I agree, and I believe for that reason, (although not exclusively) a Neo-Luddite subculture will pop up everywhere, de-smarting your devices for a fee. I can also predict that there'll be some sort of alternative Tor-alike Internet connected via Mesh devices.
The best current analogy to this I can think of is On*Star in GM cars. And while there are people who disconnect the On*Star module, it's not a particularly common practice. In many cars it also triggers a check engine light, which is an automatic emissions test fail in some places, so it's more complicated than just cutting a wire.
"My other half won't let anything IoT in the house (useless toys) and won't let anything (other than telephone or laptop) into the house with a microphone."
So what happens when the inevitable happens and you need a new fridge and ALL of them are IoT-FORCED that brick if you disable or cage them?
Since we already refuse to pay a subscription for cable TV, it's not a big change in attitude for us refuse to buy products that come with a monthly subscription fee to use them. I'll find another way to make a couple of slices of bread crispy if it comes to the point that commercially available toasters need to phone home on my dime.
"Er, my router, my firewall rules..."
BZZT! Their network chips, their rules, and they trump you because they're up the chain. And since it's a cartel up there, with plenty of network technologies covered by patents (and they're genuine hardware-based patents), good luck trying to roll your own network chips from scratch to get around them.
> with plenty of network technologies covered by patents (and they're genuine hardware-based patents),
Patents are intended to _stop_ other companies from competing. If one company holds a patent then no other company can use that mechanism without buying a licence and paying a royalty. You cannot force a company to use a patented mechanism.
> good luck trying to roll your own network chips from scratch to get around them.
If there is a market for devices that do not use those patented mechanisms then someone will build them, or import them from India.
"Since you can't secure the devices with software then you have to secure them from the network. I don't see any other way of doing it."
I can: just don't connect them to the network. That will work for now.
Unfortunately, you can already buy a complete system for under $10 which includes a 2G GSM modem:
(and just for fun, it has an onboard microphone too. Not just a microphone input, an actual microphone)
If your fridge comes with one of these, there's not much you can do, other than opening it up and chopping wires or taking out the SIM. F-Secure's firewall box will make no difference unless it comes with a mobile jammer.
Of course, your home *network* is not at risk, but your *home* is - e.g. from people being able to work out from fridge door opening info whether you are on holiday and therefore safe to be burgled.
I don't understand his statement of
Hypponen says IoT is unavoidable. "If it uses electricity, it will become a computer. If it uses electricity, it will be online. In future, you will only buy IoT appliances, whether you like it or not, whether you know it or not.
It either needs a connection, i.e. through my router which I will not allow, or it comes with its own communication method such as 3G/4G etc in which case his software is pointless. Either way no sale.
According to CCFKAC*, isn't that for "The Market" to decide (mythical as it may be)?
Or is the New Credo now that "The Market" := What The Corp.s deign to supply and the Buyer has to buy?
* the Current Credo Formerly Known As Capitalism
Mixed bag of bullshit by the sound of it.
Not sure how "future-IoT" devices are going to be net-connected without going through the owner's home network so that part makes no sense. Is a cheap toaster going to come with an embedded satellite phone and airtime contract so it can talk to base? The fact he's hawking a product that categorically can't work against these phantom connected toasters (according to his own logic) makes even less sense.
Also, the security of locked-down systems is far from perfect and I'm not holding my breath that MS will be able to do it properly. Most likely the'll succeed in crippling the ability for users to administrate their device properly while leaving enough security holes for priviledge escalation that an attacker can gain complete control.
That's easy. A software 'sim card' connecting to a 5g network. 5G has some stuff designed in for IOT, presumably those sims would be locked to only talking to a specific set of servers and the devices only send small relatively infrequent messages and so the manufacturer just buys 'bundle' of messages to support the number of devices they have. In bulk this will just be a few pennies per year per device.
Nothing new. Recall the original Amazon Kindle and its "Whispernet" which ran on top of the AT&T Wireless network? Same idea here. If it can reach the air, it can connect whether you like it or not, and you can bet these devices will brick if you try to Cage them or destroy their chips and/or antennae. And if ALL the manufacturers are doing it, you'll be left with a Hobson's Choice: either bend over or start living backwoods-style cooking with an open flame and storing cold stuff with a self-built icebox.
It'll never happen. I get fuck-all mobile reception at home because of the local geography, plenty of people are in areas of poor/no coverage and sometimes networks are unavailable.
One or two companies may make devices that auto-brick if they can't connect but the level of backlash they'd receive would mean everyone else steps away from that particular model.
Additionally, there will be loads of companies that don't want to add a 5G + SIM + allowance into whatever tat they're peddling.
I can't see this working in practice, although plenty of gullible twats will buy such devices, just not enough for it to mean everything with a plug gets all this crap bundled with it.
Whispernets are more tolerant. If you can do SMS, a whispernet should be fine. 5G low-bandwidth can use lower frequencies for greater range.
The companies will act in cartel with the government's support. Any that try to break rank won't last long as that data represents repeat business, and there's no business like repeat business. Especially when the costs to add drops rapidly toward nil.
> The automotive market appears to disagree with your optimism.
I am not sure what you are thinking of. I can buy new cars that do not have 'connectivity', do not 'call home', do not have GPS even. I don't know of any car that limits what petrol it can use, nor where it is allowed to go.
John Deere did produce tractors which could only be serviced by their agents, but there is a lot of push back on that, through the courts even.
Not sure how "future-IoT" devices are going to be net-connected without going through the owner's home network
They'll use something like this:
I can imagine cash-strapped Councils climbing over each other to get these installed for a small fee and a chance to monitor their council tax payers.
One thing he said that I tend to agree with is that connectivity in many devices will soon be pretty much only be about collecting user data.
It will, no doubt, be sold as 'smart' (as in it will automatically get consumables sent to you before the old ones run out - for a subscription fee) but will mostly be collecting un-anonymised data about every aspect of your life it can hook into.
Nothing. It's a cartel. You take it back and find out EVERY machine/toaster/microwave does the same thing. Plus they won't have to rely on your WiFi going forward as they'll use Whispernets, so they can connect without your ability to control it (like you say, they'll brick first if they can't get through, so forget about caging them or breaking their radio stuff). And the government isn't your friend there, as they WANT this to happen for their Big Brother campaign.
Better consider going back to open flames and wooden iceboxes.
You're living in a paranoid fantasy world, ya big mentallist.
What benefit is data on how often I use my toaster? None, and the cost of installing 5G components is > 0 as is the airtime for data comms and when it cuts into their margins they won't use it. Your illuminati-cartel isn't going to suborn every vendor into this vast conspiracy.
And even if his practice becomes commonplace, I don't know where you get the idea of this perfect system of devices bricking if the user interferes. From what I can see 99% of vendors can't even implement basic security, which does cost them effectively nothing except for a dev pulling some crypto libraries and wrapping their protocols in them. Anything as complex as 5G connections, SIM cards, etc is not going to fly in the churn-and-burn cheapness of the IoT world.
Oh, and as a final thing: GDPR. That's going to play havoc with the current data-slurping free for all going on so the idea of installing silent, invisible data slurpers in your home just won't fly across Europe.
Undoubtedly some vendors will go down this route, just as some are currently selling boxes of fruit juice with DRM baked in. But that's only some, and only idiots buy their products. As has been shown time and time again, any form of DRM can and will be circumvented, and plenty of vendors will be too cheap (or conscious of creating goodwill among customers) that they simply won't bother.
"What benefit is data on how often I use my toaster? None, and the cost of installing 5G components is > 0 as is the airtime for data comms and when it cuts into their margins they won't use it. Your illuminati-cartel isn't going to suborn every vendor into this vast conspiracy."
As long as it is sufficiently small, and if they get the money back by monetizing their data for use as potential shopping habits, then it can be justified as low enough to not worry much about it for a potential repeat return.
"And even if his practice becomes commonplace, I don't know where you get the idea of this perfect system of devices bricking if the user interferes. From what I can see 99% of vendors can't even implement basic security, which does cost them effectively nothing except for a dev pulling some crypto libraries and wrapping their protocols in them. Anything as complex as 5G connections, SIM cards, etc is not going to fly in the churn-and-burn cheapness of the IoT world."
Two words: Suicide circuit. It's not that hard to continually check for something's presence if it's electrical, and if it's electronic, there are ways to make it tough to spoof as well. They're also not that difficult to implement, even on the cheap.
"Oh, and as a final thing: GDPR."
It won't BE a thing for much longer. Hell, even frickin' Germany is getting in on the act. As a comic book journalist once touted, "Paranoids are just people with all the facts." Just because you're paranoid doesn't mean the world really IS out to get you. Just look at the United States.
"Undoubtedly some vendors will go down this route, just as some are currently selling boxes of fruit juice with DRM baked in. But that's only some, and only idiots buy their products. As has been shown time and time again, any form of DRM can and will be circumvented."
4K BluRay players haven't been cracked yet. Not have the XBox One and PS4 and their successors. A nigh-bulletproof end-to-end chain of trust complete with encryption keys is finally emerging, unique to each device, making breaking them so difficult as to be impractical (4K movies are coming from other sources, for example). Same with the newest iDevices and Androids. Haven't heard much about jailbreaking and rooting them as of late.
> As a comic book journalist once touted, "Paranoids are just people with all the facts."
I am not sure that 'comic book' counts as 'journalism'. But then conspiracy theorists will believe anything.
> Just because you're paranoid doesn't mean the world really IS out to get you.
Settle down, take a breath, and reread your messages. The actual quote is approximately:
"Just because you're paranoid doesn't mean the world really ISN'T out to get you."
It comes from Catch 22 by J Heller.
> if they get the money back by monetizing their data for use as potential shopping habits
Complete nonsense. It may be possible to collect such data if there is a built in 'shopping list' that is used by the household, but a toaster can't tell what it is used for without having barcodes on the slices of bread. It can't tell what is spread on the toast. The fridges don't know what is inside it, or, more importantly, what is not inside it but should be - not unless the user enters that voluntarily on, say, a shopping list.
I am sure that some companies would like to build a toaster that is selective about what brands of bread it can toast (cf printers) and then charge the bread companies to be put on the list, but how do you identify the brand of bread ?
What about washing machines that are selective about what brand of clothes they wash? Ovens that will only cook food bought from specific supermarkets? I am sure that you and other conspirisists (is that a word?) will dream up much other stuff, but only fools would buy them.
> They can buffer the data and send later. When the buffer is full, then the machine could stop working, or make you call an engineer to check why the vendor isn't getting "their" data.
They would take it back to the shop and demand replacement or their money back under the warranty.
"Here's another of these self-satisfied doors, I can tell it is about to open by the intolerable air of smugness it suddenly generates"
I personally don't want a load of Sirius Cybernetics stuff all around me, but that may be me
Doffs hat to the late, great Douglas Adams
The one with the cassettes of the HHGTG radio play in the pocket, please
Did I really hear him say that Windows 10 S will be secure because it's not programmable? No 3rd party could ever hope to introduce more than a tiny fraction of the bugs that Microsoft will have included as standard, and will keep adding to with every non-optional update.
I really hope not
"Would you like some toast? Some nice hot crisp brown buttered toast. No? How about a muffin then? Nothing? You know the last time you had toast. 18 days ago, 11.36, Tuesday 3rd, two rounds. I mean, what's the point in buying a toaster with artificial intelligence if you don't like toast. I mean, this is my job. This is cruel, just cruel."
It's simple really, they're a vast company and can afford to do it properly.
A lot of these IoT things are being done by quite small companies without the long standing software dev team who's only job is to keep up with Linux patches, etc. It's make it work, sell it, abandonware it ASAP and move on.
Belkin seems to be fairly well behaved too.
"Home appliance manufacturers will be adding connectivity to every device, no matter how mundane, because the price of adding it will be marginal."
Owing to there being an external cost on consumers, to pick up the pieces of lousy IoT implementation, governments have to get involved. Like racing drivers considering accidents, IoT manufacturers believe that it won't happen to them.
If the cost of adding IoT functionality to my hand held torch is marginal, I'm happy if the manufacturer keeps five pence after leaving it out.
"We can't avoid the IoT revolution by refusing to play part."
At the moment, we can - and I fully intend to continue doing so for as long as that remains possible.
(And even if there is to come a point when all new gear has this data slurping built in by default, there's always second hand gear - and in some cases alternative methods of doing whatever the internet of shit devices do. These points alone should push back the point of no return quite some way.)
Like everyone who sells AV software. Now the threat will be in your toaster, your light bulbs, your garage door opener....eeeek!! Only I can protect you (except the device I'm hawking today won't, so you'll need to buy more from me later)
How will these things magically connect? Obviously not ethernet, that leaves only power line networking for wired, which is easy to defend against (don't install a power line bridge) and wifi or cellular. Wifi is easy to defend against - don't tell it your wifi password. That leaves cellular. If he thinks vendors are going to make a "2 cent chip" with an integrated cellular radio he probably already owns Brooklyn Bridge so I won't need to sell it to him again.
"how often do they toast, at what time of day, with what kind of bread"
Riiiight, so now my toaster will have a camera in it, that can tell the difference between pitta and a naan bread, or somehow detect there's something on the pop up heater rack outside the toaster, and identify that (it's most likely a large naan that won't fit in the toaster, but shhh).
Hyperbole. Toasters are seen as cheap and ubiquitous, and he's riffing about how ubiquitous the IoT will become, but this is just worthless hyperbole, I really can't see my toaster being connected to AI, the idea that toaster manufacturers can generate revenue by selling data to bakers is pretty tenuous. Or will there be sensors in toasted sandwich makers also? Will they detect the filling?
> It won't be cheaper because the cost to add the tat will be practically nil.
Just calm down, the ranting is obviously giving you a red mist you are starting to actually make sense: No, you are right, "it won't be cheaper". It will be more expensive because any added component will give rise to more warranty claims. If blocking the communication bricks the device then there will be class actions. The data collection will cost money which the buyer will have to pay for.
> No, they'll say the warranty is null and void because of user tampering
There will always be a number of devices that fail without 'user tampering'. The more parts it has, the more functions, the more failures will occur and the warranty must cover that. The more warranty claims the more cost.
> And since the government will be in on it, they'll be on the manufacturers' side.
The government of my country isn't "in on it" in any way. If the government of your country is then you probably deserve your fate. If that is the USA then I will only be sympathetic if you voted against the orange buffoon.
"There will always be a number of devices that fail without 'user tampering'. The more parts it has, the more functions, the more failures will occur and the warranty must cover that. The more warranty claims the more cost."
Unless they're the MOST reliable parts in the machine. Remember, the tech behind it was originally developed for outdoor sensor meshes: a "set-and-forget" setup that means you can't expect someone to come along to fix it if it goes wrong.
> Unless they're the MOST reliable parts in the machine.
It doesn't matter that they are the most reliable. Every part has a failure rate. Having more parts brings in an extra point of failure. Thus, overall, the whole device is less reliable, no matter how slight. In particular, if it is transmitting and receiving then there may be many external reasons that it fails to do so (cf 'hold it wrong'). If this give rise to consumer complaints, or warranty claims, or adverse publicity then it costs the manufacturer via lost sales and extra costs.
> a "set-and-forget" setup that means you can't expect someone to come along to fix it if it goes wrong.
If it is only sending data then I don't care if it goes wrong, in fact I will make sure that it does go wrong. If 'going wrong' means that the machine stops working then I will have my money back, through the small claims court if necessary.
> Even if it melts down? What will you do then?
First you will have to explain how it will come about that _every_ maker will only make devices that have IoT and won't work without it. Then you will have to explain why some new startup won't come up with the idea of making a cheap low-tech device that does the same job.
Just because [most] mobile phones are now general purpose computers that send data home, this hasn't stopped cheap 'dumb phones' being made and sold.
Much of this assumes that these devices can communicate to their parent 'cloud' as if by magic. The Amazon Whispernet idea doesn't really pass the economics sniff test for a lot of them. A Kindle is quite pricey, certainly compared with a toaster, and the Whispernet only worked in the US - needed to talk via AT&T. The most obvious route is via Bluetooth or wi-fi, or perhaps even z-wave or zigbee to the home router, where this stuff should be properly policed. Home routers need to be better than they are in many ways - both security and QoS, for example, but this won't happen as long as they're still based on cheap & nasty MIPS-based SoCs. Fortunately SoC-land is getting much better in this respect so we might hope to see better products in the next few years. Customer push would help, as would reviews from hell for the stinkers. However, sadly I can see wings evolving on pigs first:(
Don't know exactly what features you want, but some of the "home networking"-grade MIPS SoCs are pretty darn powerful already. Including HW crypto acceleration and routing/NATing.
Though not a lot of gear vendors really take advantage of them, so blame them instead.
"Much of this assumes that these devices can communicate to their parent 'cloud' as if by magic. The Amazon Whispernet idea doesn't really pass the economics sniff test for a lot of them. A Kindle is quite pricey, certainly compared with a toaster,"
These kinds of devices could possibly piggyback onto the mesh networks being installed to handle the new electronic "smart meters" being installed by the electricity companies. For a small annual service fee I'm sure the electricity providers would be happy to receive a new income source.
Plenty of places in the world do not have a wireless phone system, nor common reliable internet connection. There will always be manufacturers making products for these markets. They will not have IOT or other spying because it won't work. And there's where we can find our non-IOT appliances. We won't have to go back to beating clothes on the rocks at the creek, only buy a "developing market" washer.
No, the big outfits won't stock those locally. But someone will if there's a demand. I know of a shop that repairs and restores vintage appliances. Most of these for for the buyer to USE, not for show, and they sell rapidly. People are willing to defrost manually because that fridge was built to last and will to your kids, not like the short-life appliances sold today.
Um, many of those developing countries DO have cell phone networks because that's becoming the option of choice for electronic transactions. If you have a cell phone network, you can create a Whispernet. Plus, you can always get the government to lend a hand in rollouts to the remaining not-spots.
Are you really claiming that there will not be huge parts of the world without internet access into the foreseeable future? When people use generators a couple of hours a day, or have the state-run power go out daily, do you think they have internet in EVERY HOME? Because the IOT thing won't work unless each home has its very own address.
Get the government to lend a hand? What crack are you smoking? I'm referring to places like Nigeria. The corrupt government is happy letting its citizens go without many things we consider vital. Or Cuba, where USB sticks of shared content substitute for internet access. Do you imagine they'll subsidize internet access? What, so their opposition can organize against them and start a revolt?
Sorry folks, the whole world will not be individually internet-connected for a long, long time.
If they're THAT backwater, they're probably still using washboards and the like, in which case it's like I said: back to the open flame and the icebox. If people are willing to go THAT far back in time, then you can say electricity is overrated at that point. Talk about cutting one's nose to spite one's face.
"Get the government to lend a hand?"
Two words: Big Brother. I'm sure the Nigerian and Cuban regimes would be keenly interested in something like that, especially if they're told the Russians and Chinese are trying the same thing (remember where Cuba takes its cues). Not so their opposition can stage a coup, but so they can prevent one happening, like how the Iranians squelched the Arab Spring through THEIR Big Brother control.
Consider a toaster with IoT connection. Now add an RFID reader and assume that bread vendors add RFIDs to each loaf.
RFID is not in every slice of bread yet but I keep my bread close to the toaster so I think it could read it...
So, as a toaster vendor, now I have usage data I know exactly how cheap to build my toaster so that it lasts just longer than the proscribed "warranty" period, ie the length of time that most consumers keep their toasters for before replacing them, and as a result can save on my manufacturing costs, of course I would do that.
Other ideas include using the toaster data to deny warranty claims for misuse, optimise energy usage, maybe combine with other data to market upgrades and promotions (yes make a deal with the bread vendors) - I can think of lots of reasons why this will happen. And that's just toasters.
> Consider a toaster with IoT connection. Now add an RFID reader and assume that bread vendors add RFIDs to each loaf.
Why would bread vendors add RFID? They may be cheap but they are a huge cost compared to a printed barcode on the packaging. In fact not all bread is in packaging at all.
> I know exactly how cheap to build my toaster so that it lasts just longer than the proscribed "warranty" period,
If devices failed so soon after the warranty expired then the consumer would buy a different brand next time.
> ie the length of time that most consumers keep their toasters for before replacing them,
You are suggesting that consumers replace devices merely because the warranty expired, or coincidentally on the same period. I very much doubt that is the case and is merely speculation on your part.
> I can think of lots of reasons why this will happen. And that's just toasters.
Anyone can dream up simplistic and useless 'ideas', but that doesn't mean that there is a business case for implementing them.
> optimise energy usage
There are machines, such as washing machines, that delay operation until the electricity prices drop overnight. When I put bread in the toaster I want toast now, not at 3am. In any case there are machines with buttons for 2 slices or 4, settings for different brownness, what could it do to 'optimise' more than that?
Biting the hand that feeds IT © 1998–2021