Jonathan, No argument taken.....I was just chiming in to say what I had heard. You and Gary are experts in the field of programming IOT devices so I will leave that to you. I, on the other hand, am an expert in breathing and eating. I know lots about both HI. Sincerely, I appreciate the comments of all. There is too much movement within all levels of technology to be intimate with all of it, so you have to rely on youir friends and, so called, experts that you hear on the radio, pod casts and Bloomberg TV. Thanks. Keep up the commentary, it creates chatter about the Ham fest.
Rick -- W5RH Rick Hiller *The Radio Hotel* -- W5RH On Tue, Feb 14, 2017 at 11:05 AM, K5HM via BVARC <[email protected]> wrote: > I strongly suggest you all attend the IOT presentation at the hamfest and > raise the security issue with our guest speaker. > > > > 73, > > Ron, K5HM > > [email protected] > > www.qrz.com/db/k5hm > > [image: ARRL Logo][image: logo (2)][image: smaller Prize] > > * Excelsior!* > > > > *From:* BVARC [mailto:[email protected]] *On Behalf Of *Gary Sitton > via BVARC > *Sent:* Tuesday, February 14, 2017 10:49 AM > *To:* BRAZOS VALLEY AMATEUR RADIO CLUB <[email protected]> > *Cc:* Gary Sitton <[email protected]> > > *Subject:* Re: [BVARC] Presentation of Internet of Things (IoT) at the > Houston Hamfest > > > > Guys: > > Actually, I did see the NPR documentary. IMHO it really overplayed > the security risks of PLAs being reprogrammed to subvert their basic > functions. The number of un-password protected URLs and other > net accessible devices is a real issue however. > > Gray, K5AMH > > On 2/14/2017 10:35, Jonathan Guthrie via BVARC wrote: > > I don't want to seem like I'm arguing with you, Rick, because you don't > claim any particular expertise in IoT. I, on the other hand, claim to be > pretty familiar with the Internet of Things and the underlying > technologies. Programming a Thing on the Internet is what I do for a > living. Besides, I've not heard the NPR report to which you refer, so I > cannot comment upon it. > > I still don't think the statement "Most of the IoT devices have > rudimentary processors not capable of high level security" is true. Even > if it is true now, it won't be true in the very near future because the > security issue with the IoT is, at its core, a people problem, and as the > people building these things become more sophisticated, their solutions > will, too. > > If you want a high-level takeway from this, it should be this: Don't ever > consider using an Arduino (or a CANMIC) on an Ethernet network. Use an ARM > based board (like the "CHIP" or the Raspberry PI or the Beaglebone Black or > whatever--there are literally scores of boards available) instead. Not > only can you run whatever protocols you want on those boards, they're > cheaper than the Arduino Ethernet Shield. > > On 2/12/2017 10:31 AM, Rick Hiller -- W5RH via BVARC wrote: > > Yes, well stated, but, apparently, not the take of some security > analyists. NPR had a show about it back in December, where the security > expert stated pretty much what Nizar said. Don't know if it was the > Technology Weekly or ATC show. > > > > W5RH > > > Rick Hiller > > *The Radio Hotel* -- W5RH > > > > > > > > On Sun, Feb 12, 2017 at 8:28 AM, Gary Sitton via BVARC <[email protected]> > wrote: > > Very well put! > Gary, K5AMH > > Sent with AquaMail for Android > http://www.aqua-mail.com > > On February 11, 2017 8:59:40 PM Jonathan Guthrie via BVARC < > [email protected]> wrote: > > Where did you get the idea that the "rudimentary processors" are not > capable of "high level security"? Or, for that matter, that that was a > significant barrier to security in the Internet of Things? While it is > true that processors like the Atmel AVR processors (to pick a widely-used > family) are pretty wimpy, but they are sufficiently wimpy that you're not > going to connect them directly to the Internet because you really can't. > Once you have a processor that can natively handle a TCP/IP stack, then it > is by definition capable of handling all of the higher-level security > protocols. Systems on chip that are powerful enough to boot Linux (or > NetBSD or, I suppose, Windows) are available for under $1 in Q1000, so cost > really isn't a factor. > > My perspective is that there are two main problems that cause insecurity > in the Internet of Things. First, the firmware in these devices is > generally not updated once they are purchased. Well, reason 1B is that the > firmware is often (well, okay, always) released with defects in it that > have security consequences. The second reason is that much of the > programming on these devices is done in a "sea of bits" language like C, or > C++. Using a language like that means that nearly any defect has security > consequences. I suppose that you could add a third reason (although I > think that it's implied) which is that we really don't know what we're > doing when it comes to writing defect-free software, and few people really > understand secure programming all that well. > > The thing is, updating is itself a tricky proposition, and the updates are > just as likely to contain defects with security consequences as what > they're replacing and there's no guarantee that your updated device will > work the same (or even at all) after the update as it did before, so merely > providing a mechanism for doing an update is no guarantee that your device > might eventually be made secure. > > On 02/11/2017 04:09 PM, Nizar Mullani via BVARC wrote: > > You are absolutely correct about security being a problem with IoT > devices. Most of the IoT devices have rudimentary processors not capable of > high level security. > > Just imaging some hackers from China or Russia hacking into your device at > home and turning the temperature way up in the summer. Or, shutting down > your car while driving in Houston traffic. Total DISASTER. Total CHAOS. > > > > *From:* BVARC [mailto:[email protected] <[email protected]>] *On > Behalf Of *Bruce via BVARC > *Sent:* Saturday, February 11, 2017 4:04 PM > *To:* BRAZOS VALLEY AMATEUR RADIO CLUB <[email protected]> <[email protected]> > *Cc:* Bruce <[email protected]> <[email protected]> > *Subject:* Re: [BVARC] Presentation of Internet of Things (IoT) at the > Houston Hamfest > > > > security is a big concern. that is why there are only about 100 approved > devices for apple homekit vs. google's 250 devices. apple devices must be > secure. i like my wemo switches but they are not secure. in my new house i > have all homekit approved devices for the security. from the ecobee 3 > thermostat, to all my phillip hue bulbs and ecobee motion/heat sensors. > > 73...bruce > > > > Sent from my iPhone > > > On Feb 11, 2017, at 3:32 PM, Nizar Mullani via BVARC <[email protected]> > wrote: > > We are very fortunate to have Professor Edgar Sanchez-Sinencio from Texas > A&M present a lecture on Internet of Things (IoT) at the Houston Hamfest. > > > > The best definition of IoT is “connecting everything to everything.” It is > an exciting area that is growing very fast. It will soon be part of our > everyday life – whether we like it or not. So, join us for this lecture and > get acquainted with IoT. Learn about what is coming in the future and > discuss how this will impact Ham Radio. > > > > Please plan to attend this important presentation. You can read the > attached pdf file for more information or go to www.Houstonhamfes.org . > Learn more about IoT by Googling it. > > > > Nizar K0NM > > > > > > <IoT.PDF> > > _______________________________________________ > BVARC mailing list > [email protected] > http://mail.bvarc.org/mailman/listinfo/bvarc_bvarc.org > > > > _______________________________________________ > > BVARC mailing list > > [email protected] > > http://mail.bvarc.org/mailman/listinfo/bvarc_bvarc.org > > -- > > Jonathan Guthrie > > ARS KA8KPN > > _______________________________________________ BVARC mailing list > [email protected] http://mail.bvarc.org/mailman/listinfo/bvarc_bvarc.org > > _______________________________________________ BVARC mailing list > [email protected] http://mail.bvarc.org/mailman/listinfo/bvarc_bvarc.org > > _______________________________________________ > > BVARC mailing list > > [email protected] > > http://mail.bvarc.org/mailman/listinfo/bvarc_bvarc.org > > -- > > _______________________________________________ > > BVARC mailing list > > [email protected] > > http://mail.bvarc.org/mailman/listinfo/bvarc_bvarc.org > > -- Gary Sitton, K5AMH [email protected] > > _______________________________________________ > BVARC mailing list > [email protected] > http://mail.bvarc.org/mailman/listinfo/bvarc_bvarc.org > >
_______________________________________________ BVARC mailing list [email protected] http://mail.bvarc.org/mailman/listinfo/bvarc_bvarc.org
