Guys:
Actually, I did see the NPR documentary. IMHO it really overplayed
the security risks of PLAs being reprogrammed to subvert their basic
functions. The number of un-password protected URLs and other
net accessible devices is a real issue however.
Gray, K5AMH
On 2/14/2017 10:35, Jonathan Guthrie via BVARC wrote:
I don't want to seem like I'm arguing with you, Rick, because you
don't claim any particular expertise in IoT. I, on the other hand,
claim to be pretty familiar with the Internet of Things and the
underlying technologies. Programming a Thing on the Internet is what I
do for a living. Besides, I've not heard the NPR report to which you
refer, so I cannot comment upon it.
I still don't think the statement "Most of the IoT devices have
rudimentary processors not capable of high level security" is true.
Even if it is true now, it won't be true in the very near future
because the security issue with the IoT is, at its core, a people
problem, and as the people building these things become more
sophisticated, their solutions will, too.
If you want a high-level takeway from this, it should be this: Don't
ever consider using an Arduino (or a CANMIC) on an Ethernet network.
Use an ARM based board (like the "CHIP" or the Raspberry PI or the
Beaglebone Black or whatever--there are literally scores of boards
available) instead. Not only can you run whatever protocols you want
on those boards, they're cheaper than the Arduino Ethernet Shield.
On 2/12/2017 10:31 AM, Rick Hiller -- W5RH via BVARC wrote:
Yes, well stated, but, apparently, not the take of some security
analyists. NPR had a show about it back in December, where the
security expert stated pretty much what Nizar said. Don't know if it
was the Technology Weekly or ATC show.
W5RH
Rick Hiller
/The Radio Hotel/ -- W5RH
On Sun, Feb 12, 2017 at 8:28 AM, Gary Sitton via BVARC
<[email protected] <mailto:[email protected]>> wrote:
Very well put!
Gary, K5AMH
Sent with AquaMail for Android
http://www.aqua-mail.com
On February 11, 2017 8:59:40 PM Jonathan Guthrie via BVARC
<[email protected] <mailto:[email protected]>> wrote:
Where did you get the idea that the "rudimentary processors" are
not capable of "high level security"? Or, for that matter, that
that was a significant barrier to security in the Internet of
Things? While it is true that processors like the Atmel AVR
processors (to pick a widely-used family) are pretty wimpy, but
they are sufficiently wimpy that you're not going to connect
them directly to the Internet because you really can't. Once
you have a processor that can natively handle a TCP/IP stack,
then it is by definition capable of handling all of the
higher-level security protocols. Systems on chip that are
powerful enough to boot Linux (or NetBSD or, I suppose, Windows)
are available for under $1 in Q1000, so cost really isn't a factor.
My perspective is that there are two main problems that cause
insecurity in the Internet of Things. First, the firmware in
these devices is generally not updated once they are purchased.
Well, reason 1B is that the firmware is often (well, okay,
always) released with defects in it that have security
consequences. The second reason is that much of the programming
on these devices is done in a "sea of bits" language like C, or
C++. Using a language like that means that nearly any defect
has security consequences. I suppose that you could add a third
reason (although I think that it's implied) which is that we
really don't know what we're doing when it comes to writing
defect-free software, and few people really understand secure
programming all that well.
The thing is, updating is itself a tricky proposition, and the
updates are just as likely to contain defects with security
consequences as what they're replacing and there's no guarantee
that your updated device will work the same (or even at all)
after the update as it did before, so merely providing a
mechanism for doing an update is no guarantee that your device
might eventually be made secure.
On 02/11/2017 04:09 PM, Nizar Mullani via BVARC wrote:
You are absolutely correct about security being a problem with
IoT devices. Most of the IoT devices have rudimentary
processors not capable of high level security.
Just imaging some hackers from China or Russia hacking into
your device at home and turning the temperature way up in the
summer. Or, shutting down your car while driving in Houston
traffic. Total DISASTER. Total CHAOS.
*From:* BVARC [mailto:[email protected]
<mailto:[email protected]>] *On Behalf Of *Bruce via BVARC
*Sent:* Saturday, February 11, 2017 4:04 PM
*To:* BRAZOS VALLEY AMATEUR RADIO CLUB <[email protected]>
<mailto:[email protected]>
*Cc:* Bruce <[email protected]> <mailto:[email protected]>
*Subject:* Re: [BVARC] Presentation of Internet of Things (IoT)
at the Houston Hamfest
security is a big concern. that is why there are only about
100 approved devices for apple homekit vs. google's 250
devices. apple devices must be secure. i like my wemo switches
but they are not secure. in my new house i have all homekit
approved devices for the security. from the ecobee 3
thermostat, to all my phillip hue bulbs and ecobee motion/heat
sensors.
73...bruce
Sent from my iPhone
On Feb 11, 2017, at 3:32 PM, Nizar Mullani via BVARC
<[email protected] <mailto:[email protected]>> wrote:
We are very fortunate to have Professor Edgar Sanchez-Sinencio
from Texas A&M present a lecture on Internet of Things (IoT) at
the Houston Hamfest.
The best definition of IoT is “connecting everything to
everything.” It is an exciting area that is growing very fast.
It will soon be part of our everyday life – whether we like it
or not. So, join us for this lecture and get acquainted with
IoT. Learn about what is coming in the future and discuss how
this will impact Ham Radio.
Please plan to attend this important presentation. You can read
the attached pdf file for more information or go to
www.Houstonhamfes.org <http://www.Houstonhamfes.org> . Learn
more about IoT by Googling it.
Nizar K0NM
<IoT.PDF>
_______________________________________________
BVARC mailing list
[email protected] <mailto:[email protected]>
http://mail.bvarc.org/mailman/listinfo/bvarc_bvarc.org
<http://mail.bvarc.org/mailman/listinfo/bvarc_bvarc.org>
_______________________________________________
BVARC mailing list
[email protected] <mailto:[email protected]>
http://mail.bvarc.org/mailman/listinfo/bvarc_bvarc.org
<http://mail.bvarc.org/mailman/listinfo/bvarc_bvarc.org>
--
Jonathan Guthrie
ARS KA8KPN
_______________________________________________ BVARC mailing
list [email protected] <mailto:BVARC%40bvarc.org>
http://mail.bvarc.org/mailman/listinfo/bvarc_bvarc.org
<http://mail.bvarc.org/mailman/listinfo/bvarc_bvarc.org>
_______________________________________________ BVARC mailing
list [email protected] <mailto:[email protected]>
http://mail.bvarc.org/mailman/listinfo/bvarc_bvarc.org
<http://mail.bvarc.org/mailman/listinfo/bvarc_bvarc.org>
_______________________________________________
BVARC mailing list
[email protected]
http://mail.bvarc.org/mailman/listinfo/bvarc_bvarc.org
--
_______________________________________________
BVARC mailing list
[email protected]
http://mail.bvarc.org/mailman/listinfo/bvarc_bvarc.org
-- Gary Sitton, K5AMH [email protected]
_______________________________________________
BVARC mailing list
[email protected]
http://mail.bvarc.org/mailman/listinfo/bvarc_bvarc.org
