Sign in / up

back to article Internet of Things 'smart' devices are dumb by design

Princeton boffins have looked at the networking behavior of a bunch of Internet of Things kit and found – stop me if you've heard this one – device makers aren't paying attention. The pair, PhD student Sarthak Grover and Center for Information Technology Policy fellow Roya Ensafi, say the devices they tested obey the rules of …

COMMENTS

Post your comment
House rules Send corrections
Add to 'My topics' unstar *
  1. Doctor Syntax Silver badge

    I can only repeat a comment I've made before. Consumer items usually have various certifications before they go on sale, e.g UL. The certification authorities need to incorporate checks for crap like this in the certification process. Fail and they don't get their certifications.

    7 0 Reply
    1. Anonymous Coward
      Reply Icon
      Anonymous Coward

      Won't happen. The internet of tat has to be cheap or the punters won't bite. Consumers don't understand security and don't value it at all.

      Even assuming the certification means jack shit, after point of sale the vendors will spend exactly zero on support, so security will become progressively worse over time. Anything more will eat into the margins.

      15 0 Reply
      1. Fazal Majid
        Reply Icon

        Do not despair

        A recent report by Accenture found that 47% of those surveyed were avoiding IoT devices due to concerns over privacy and security. People are not as apathetic as you think. When combined with the marginal utility of most IoT devices, for half of potential customers the value proposition is just not compelling enough to outweigh the risks.

        18 0 Reply
        1. Charles 9
          Reply Icon

          Re: Do not despair

          Problem is, I bet the survey only counts those who deign to answer. The ones you have to worry about with this tech are the blissfully ignorant and the apathetic who simply don't care.

          3 0 Reply
      2. Sorry that handle is already taken. Silver badge
        Reply Icon

        The internet of tat has to be cheap or the punters won't bite.

        Too bad, I guess?

        (You've seen the hilarious prices of "smart" light bulbs though, surely?)

        Anything more will eat into the margins.

        The world's smallest violin etc. etc.

        8 1 Reply
  2. Crazy Operations Guy

    Home cloud?

    I wish the industry could come together and make a standard for some kind of personal cloud gateway type device. Build some kind of discovery protocol so that all IoT traffic passes through a single device so that the traffic can be secured properly and monitored. Even build in a bit to allow devices to communicate through such a device rather than going up to the cloud and back.

    1 0 Reply
    1. Anonymous Coward
      Reply Icon
      Anonymous Coward

      Re: Home cloud?

      Won't happen. There's no business advantage to cooperating with competitors, and the whole point of this exercise is to get your personal info onto their server so they can flog it.

      9 0 Reply
      1. Anonymous Coward
        Reply Icon
        Anonymous Coward

        Re: Home cloud?

        "There's no business advantage to cooperating with competitors,"

        Really? Ever heard terms merger, fusion or cartel?

        Also, everyone aren't making their own bolts and nuts, but use standard parts, i.e. cooperative parts.

        0 0 Reply
        1. Charles 9
          Reply Icon

          Re: Home cloud?

          ONLY when the market's mature or there's a synergy between them. Otherwise, the applicable terms are "acquisition," "buyout," and "cheating". It's all in the name of getting the most dollar.

          As for using nuts and bolts, that depends. Apple was notorious for using penta-star screws, if you'll recall. The only reason nuts and bolts standardized is because the market was extremely mature and well settled. IoT is an emerging market; not much is settled, and just like with the HD-DVD/BluRay war, companies are jockeying to become the standard-bearer, which gives them big market advantage over the longer term.

          2 0 Reply
    2. Steven Roper
      Reply Icon

      Re: Home cloud?

      It's not hard to do this already. Simply set up a WiFi router with no direct connection to the internet and have all your IoT shit connect to that. Then that router has a single LAN line to a second non-WiFi router that does have an internet connection. If you want additional security and filtering, the internet-connection device can be a Linux box running SmoothWall or IPCop to keep control of all the telemetry and spying that seems to be default in IoT gadgets these days.

      Which brings me to my other point: a fucking photo frame is phoning home? In $DEITY's name why? Whoever came up with that should do the world a huge favour and fucking kill themselves, preferably in a slow and messy manner.

      17 0 Reply
      1. Captain Badmouth
        Reply Icon
        Coffee/keyboard

        Re: Home cloud?

        "Which brings me to my other point: a fucking photo frame is phoning home?"

        Caught me by surprise. cognac not coffee. expensive.

        2 0 Reply
    3. Mage Silver badge
      Reply Icon

      Re: Home cloud?

      It's called a router + firewall appliance. Mine runs OpenWRT or something as the cable modem is only a modem.

      It doesn't solve the problem:

      1) It won't make the data be encrypted if the remote server doesn't support encryption.

      2) Doesn't easily tell you what is being shared. Especially if it IS encrypted!

      3) I don't want ANY data sent to cloud.

      4) Doesn't solve issue of bad use of WiFi (see doorbell article)

      A home router ought to provide a VPN server by default. But how easily can user setup phone/tablet/laptop to then remotely access their IoT junk?

      Win10 seems to be in same phone home category as the stupid photoframe?

      Even a Kobo reader has to be edited by Calibre or else it tells Kobo everything. Additionally anything with Adobe ePub DRM. I don't sync my Amazon Kindle or use their cloud either. USB file transfers.

      The privacy issues are worse than people imagine

      2 0 Reply
  3. pewpie

    Looking forward to the day..

    ..the day when I can steal all teh passwrdz by bouncing off your smartbelt via your smartsocks.

    5 0 Reply
    1. Destroy All Monsters Silver badge
      Reply Icon

      Re: Looking forward to the day..

      You smartass!

      2 0 Reply
      1. John Brown (no body) Silver badge
        Reply Icon

        Re: Looking forward to the day..

        In Lancashire we have clever clogs.

        3 0 Reply
  4. Mage Silver badge
    Paris Hilton

    Approvals?

    Well, there ought to be security approvals.

    But loads of stuff already fails to meet existing standards as the Regulators fail to police after approval and in market devices don't match devices tested. Or the devices were self certified or 3rd part tested (with no direct regulator involvement), or not tested in a realistic setup, or tested in wrong category.

    Or devices don't meet the minimum 2 years retail SOGA life in EU and many other countries.

    So good luck ...

    2 0 Reply
  5. Jeroen Braamhaar

    I propose the "Internet of Things" acronym be prefaced with the acronym for "Infinitely Dumb" or any other similarly lettered term signifying its uncanny ability to provide solutions for nonexistent problems whilst providing a raft of problems in dire need of solutions.

    Just to inform people so they can see it for what it is before they jump on the "you really don't need this but you want it anyway" hype bandwagon.

    3 0 Reply
    1. GX5000
      Reply Icon
      Trollface

      Blast from the past

      or simply "Unsafe at any Speed" ?

      0 0 Reply
  6. allthecoolshortnamesweretaken

    CAB

    Pretty soon you will be able to buy software for mobile devices that will show which shiny things are inside a specific flat and whether someone is inside or not. CAB - computer aided burglary.

    4 0 Reply
    1. regadpellagru
      Reply Icon

      Re: CAB

      "Pretty soon you will be able to buy software for mobile devices that will show which shiny things are inside a specific flat and whether someone is inside or not. CAB - computer aided burglary."

      No need for an app, a simple web browser will do !

      http://www.insecam.org/

      Amazing how many people have a default password CAM staring at their door, made public on da web.

      0 0 Reply
  7. Francis Boyle Silver badge

    If I ever buy any home automation it will not be attached to the internet

    The much touted benefits of putting home appliances on the internet are really just edge cases or illusory. Turn the heating cooling on before I get home? Maybe if you work irregular hours and are desperate to save electricity and your memory's good enough. The rest of us will just a timer. Let my fridge reorder for me. Show me a working system that's not a pain to use. Let my washing machine reorder detergent at exorbitant prices. Not bloody likely. Of course maybe that's just me being a control freak but I remain unconvinced that consumer IoT systems make life easier for the user. In which case they stay in their little niche.

    4 0 Reply
  8. Anonymous Coward
    Anonymous Coward

    Nest has issued a patch after they found it sending location information in the clear

    Why is it sending location data, it's a fcuking thermostat.

    2 0 Reply
    1. Anonymous Coward
      Reply Icon
      Anonymous Coward

      Re: Nest has issued a patch after they found it sending location information in the clear

      One that perhaps reacts to the weather, which to find out it probably needs to submit location information for a current report and forecast. What good's a "smart" device if it can't react to conditions around it to do a better job.

      0 0 Reply
      1. Captain Badmouth
        Reply Icon

        Re: Nest has issued a patch after they found it sending location information in the clear

        "One that perhaps reacts to the weather"

        Well no, all it needs to know is the temperature inside, ffs.

        2 0 Reply
      2. Vic
        Reply Icon

        Re: Nest has issued a patch after they found it sending location information in the clear

        One that perhaps reacts to the weather, which to find out it probably needs to submit location information for a current report and forecast

        I have a flight program[1] that downloads METARs for the entire country in a mater of seconds. That would leak no more than country information...

        That said - how much diffrerence does a weather forecast *really* make to the job of a thermostat? If you have *very* large thermal mass or *very* poor insulation, I can see it being handy to turn on a bit earlier, but how often does that really apply?

        Vic.

        [1] Flight Assistant if you're interested. It's rather good...

        0 0 Reply
    2. Mike 16
      Reply Icon

      Re: Nest has issued a patch after they found it sending location information in the clear

      -- Why is it sending location data, it's a fcuking thermostat. --

      Mobile Home?

      0 0 Reply
  9. sisk

    This is I build any IoT device going into my house myself. Too bad not everyone's capable of that.

    0 0 Reply
  10. Down not across

    As the researchers note, novice programmers abound in the Things market, making novice mistakes, and trying to do things on hardware that can't support security. Because Thing-makers are relentless snoops, even two devices on the same network communicate with each other via the cloud.

    And herein lies the big problem with IoT devices (apart from the pointlessness of most of them). They're all hell bent on talking back (and via) mothership for everything.

    0 0 Reply

POST COMMENT House rules

Not a member of The Register? Create a new account here.

Forgotten password ?

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like