On 01/19/14 16:36, Paul Ferguson wrote: > > This nonsense about refrigerators being part of a botnet is not an > accurate depiction of the world we live in today, but more of a > warning of where things can go wrong in the future, while > technologists are rushing headlong into the Internet of Things (IoT). > > While there are certainly some interesting real-world examples of > unintended consequences of consumer devices being infected by Trojan > Horse programs and other malware (e.g. digital cameras and picture > frames coming directly into the retail market "pre-infected" from the > manufacturer, hospital healthcare devices becoming infected by > computer worms through incidental contact, etc.), most cases today are > incidental.
Good collection of such pre-infected devices that gives one an idea of how frequent this occurs: http://attrition.org/errata/cpo/ > Via BoingBoing: > > "A mediagenic press-release from Proofpoint, a security firm, > announced that its researchers had discovered a 100,000-device-strong > botnet made up of hacked 'Internet of Things' appliances, such as > refrigerators. The story's very interesting, but also wildly > implausible as Ars Technica's Dan Goodin explains." > > "The report is light on technical details, and the details that the > company supplied to Goodin later just don't add up. Nevertheless, the > idea of embedded systems being recruited to botnets isn't inherently > implausible, and some of the attacks that Ang Cui has demonstrated > scare the heck out of me." > > http://boingboing.net/2014/01/18/your-refrigerator-probably-has.html > > Don't get sucked in by the IoT marketing hype, but -- and it is a > *big* but -- there definitely is a potential for this headlong rush > into the Internet of Things can develop into the unfortunate situation > where no one spent enough time thinking about the security posture of > such actions. If no one spends time up front thinking about these > implications, we can have a real mess on our collective hands. > > - ferg The problem seems more imminent to me. I'm not as worried about a malware-infested IoT - as most end-user computing devices are malware-infested already and even though these devices are important and information-rich, civilisation has not ended. What worries me most is that Internet-connected media devices (like "smart" TVs) are ripe vehicles for taking wholesale surveillance from its current level (location & communications surveillance) to a whole new level (surveillance of your most intimate physical space - your home, but also of course everywhere where TVs would be installed). Smart TVs have significant advantages over mobile phones (abundant power & network 24/7, excellent line of sight/sound into the center of the action, stability), and they are engineered for features and cost, not "security". See SeungJin 'Beist' Lee's presentation from BlackHat 2013 on remotely hijacking a smart TV and turning it into a surveillance device for a demo: https://media.blackhat.com/us-13/US-13-Lee-Hacking-Surveilling-and-Deceiving-Victims-on-Smart-TV.m4v Easily within the technical capabilities of the intelligence agencies and hey, if we have accepted location & comms surveillance without much of a hiccup, it's only a small step to accept physical space surveillance post-facto, say 10 years from now. -A -- Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at [email protected].
