I strongly suggest you all attend the IOT presentation at the hamfest and raise the security issue with our guest speaker.
73, Ron, K5HM <mailto:[email protected]> [email protected] <http://www.qrz.com/db/k5hm> www.qrz.com/db/k5hm Excelsior! From: BVARC [mailto:[email protected]] On Behalf Of Gary Sitton via BVARC Sent: Tuesday, February 14, 2017 10:49 AM To: BRAZOS VALLEY AMATEUR RADIO CLUB <[email protected]> Cc: Gary Sitton <[email protected]> Subject: Re: [BVARC] Presentation of Internet of Things (IoT) at the Houston Hamfest Guys: Actually, I did see the NPR documentary. IMHO it really overplayed the security risks of PLAs being reprogrammed to subvert their basic functions. The number of un-password protected URLs and other net accessible devices is a real issue however. Gray, K5AMH On 2/14/2017 10:35, Jonathan Guthrie via BVARC wrote: I don't want to seem like I'm arguing with you, Rick, because you don't claim any particular expertise in IoT. I, on the other hand, claim to be pretty familiar with the Internet of Things and the underlying technologies. Programming a Thing on the Internet is what I do for a living. Besides, I've not heard the NPR report to which you refer, so I cannot comment upon it. I still don't think the statement "Most of the IoT devices have rudimentary processors not capable of high level security" is true. Even if it is true now, it won't be true in the very near future because the security issue with the IoT is, at its core, a people problem, and as the people building these things become more sophisticated, their solutions will, too. If you want a high-level takeway from this, it should be this: Don't ever consider using an Arduino (or a CANMIC) on an Ethernet network. Use an ARM based board (like the "CHIP" or the Raspberry PI or the Beaglebone Black or whatever--there are literally scores of boards available) instead. Not only can you run whatever protocols you want on those boards, they're cheaper than the Arduino Ethernet Shield. On 2/12/2017 10:31 AM, Rick Hiller -- W5RH via BVARC wrote: Yes, well stated, but, apparently, not the take of some security analyists. NPR had a show about it back in December, where the security expert stated pretty much what Nizar said. Don't know if it was the Technology Weekly or ATC show. W5RH Rick Hiller The Radio Hotel -- W5RH On Sun, Feb 12, 2017 at 8:28 AM, Gary Sitton via BVARC <[email protected] <mailto:[email protected]> > wrote: Very well put! Gary, K5AMH Sent with AquaMail for Android http://www.aqua-mail.com On February 11, 2017 8:59:40 PM Jonathan Guthrie via BVARC <[email protected] <mailto:[email protected]> > wrote: Where did you get the idea that the "rudimentary processors" are not capable of "high level security"? Or, for that matter, that that was a significant barrier to security in the Internet of Things? While it is true that processors like the Atmel AVR processors (to pick a widely-used family) are pretty wimpy, but they are sufficiently wimpy that you're not going to connect them directly to the Internet because you really can't. Once you have a processor that can natively handle a TCP/IP stack, then it is by definition capable of handling all of the higher-level security protocols. Systems on chip that are powerful enough to boot Linux (or NetBSD or, I suppose, Windows) are available for under $1 in Q1000, so cost really isn't a factor. My perspective is that there are two main problems that cause insecurity in the Internet of Things. First, the firmware in these devices is generally not updated once they are purchased. Well, reason 1B is that the firmware is often (well, okay, always) released with defects in it that have security consequences. The second reason is that much of the programming on these devices is done in a "sea of bits" language like C, or C++. Using a language like that means that nearly any defect has security consequences. I suppose that you could add a third reason (although I think that it's implied) which is that we really don't know what we're doing when it comes to writing defect-free software, and few people really understand secure programming all that well. The thing is, updating is itself a tricky proposition, and the updates are just as likely to contain defects with security consequences as what they're replacing and there's no guarantee that your updated device will work the same (or even at all) after the update as it did before, so merely providing a mechanism for doing an update is no guarantee that your device might eventually be made secure. On 02/11/2017 04:09 PM, Nizar Mullani via BVARC wrote: You are absolutely correct about security being a problem with IoT devices. Most of the IoT devices have rudimentary processors not capable of high level security. Just imaging some hackers from China or Russia hacking into your device at home and turning the temperature way up in the summer. Or, shutting down your car while driving in Houston traffic. Total DISASTER. Total CHAOS. From: BVARC [mailto:[email protected]] On Behalf Of Bruce via BVARC Sent: Saturday, February 11, 2017 4:04 PM To: BRAZOS VALLEY AMATEUR RADIO CLUB <mailto:[email protected]> <[email protected]> Cc: Bruce <mailto:[email protected]> <[email protected]> Subject: Re: [BVARC] Presentation of Internet of Things (IoT) at the Houston Hamfest security is a big concern. that is why there are only about 100 approved devices for apple homekit vs. google's 250 devices. apple devices must be secure. i like my wemo switches but they are not secure. in my new house i have all homekit approved devices for the security. from the ecobee 3 thermostat, to all my phillip hue bulbs and ecobee motion/heat sensors. 73...bruce Sent from my iPhone On Feb 11, 2017, at 3:32 PM, Nizar Mullani via BVARC <[email protected] <mailto:[email protected]> > wrote: We are very fortunate to have Professor Edgar Sanchez-Sinencio from Texas A&M present a lecture on Internet of Things (IoT) at the Houston Hamfest. The best definition of IoT is "connecting everything to everything." It is an exciting area that is growing very fast. It will soon be part of our everyday life - whether we like it or not. So, join us for this lecture and get acquainted with IoT. Learn about what is coming in the future and discuss how this will impact Ham Radio. Please plan to attend this important presentation. You can read the attached pdf file for more information or go to www.Houstonhamfes.org <http://www.Houstonhamfes.org> . Learn more about IoT by Googling it. Nizar K0NM <IoT.PDF> _______________________________________________ BVARC mailing list [email protected] <mailto:[email protected]> http://mail.bvarc.org/mailman/listinfo/bvarc_bvarc.org _______________________________________________ BVARC mailing list [email protected] <mailto:[email protected]> http://mail.bvarc.org/mailman/listinfo/bvarc_bvarc.org -- Jonathan Guthrie ARS KA8KPN _______________________________________________ BVARC mailing list [email protected] <mailto:BVARC%40bvarc.org> http://mail.bvarc.org/mailman/listinfo/bvarc_bvarc.org _______________________________________________ BVARC mailing list [email protected] <mailto:[email protected]> http://mail.bvarc.org/mailman/listinfo/bvarc_bvarc.org _______________________________________________ BVARC mailing list [email protected] <mailto:[email protected]> http://mail.bvarc.org/mailman/listinfo/bvarc_bvarc.org -- _______________________________________________ BVARC mailing list [email protected] <mailto:[email protected]> http://mail.bvarc.org/mailman/listinfo/bvarc_bvarc.org -- Gary Sitton, K5AMH [email protected] <mailto:[email protected]>
_______________________________________________ BVARC mailing list [email protected] http://mail.bvarc.org/mailman/listinfo/bvarc_bvarc.org
