Absolutely they should. Do you want some bad guy spying on your baby monitor or tapping your television? I have a friend who installed a nest in his apartment. He got screwed and was forced to move out but the building owner who took his unit never reconfigured the thermostat so my friend would randomly turn it up to 100 or down to 30 to mess with the guy.
haha That’s minor. I’m not sure if you watch Mr. Robot, I found it hard to follow, but there’s one part where hackers make one of the people’s home’s appliances and systems go crazy turning on the music full blast etc. When she was so frustrated from the house going crazy she walks outside and is killed. They used the irritation to get her out of the house. You never know what could happen if your devices are compromised. > On Oct 23, 2016, at 1:46 PM, Mary Otten <[email protected]> wrote: > > I was really surprised when I saw that bit about the requirement for the > encryption code. I wonder how this new Google home is going to compare > security wise. Most people may not care, but they should. > Mary > > > Sent from my iPhone > > On Oct 22, 2016, at 10:36 PM, Scott Granados <[email protected] > <mailto:[email protected]>> wrote: > >> Now that’s interesting. That’s a pretty heavy duty technical article but it >> makes me wonder about some of these home devices. I never looked in to the >> home kit stuff that much. I’m a lot more likely to now knowing that level >> of security is involved. With advanced features like that I can see why the >> Government hates Apple.:) A 3072 bit key is 3 times the required bits for >> military cyphers. You could probably get DOD certification on a system like >> that. Wow! >> >>> On Oct 22, 2016, at 2:52 PM, Mary Otten <[email protected] >>> <mailto:[email protected]>> wrote: >>> >>> Really worth considering before you get less secure iot devices. >>> >>> Mirai-based DDoS attack highlights benefits of Apple's secure HomeKit >>> platform >>> AppleInsider >>> >>> A distributed denial of service (DDoS) attack that on Friday severely >>> impacted internet access for many U.S. web denizens was found to be in part >>> enabled by a botnet targeting unprotected "Internet of Things" devices. For >>> Apple, the revelation vindicates a controversial walled garden approach to >>> IoT, borne out through the encryption HomeKit protocol. >>> >>> >>> >>> As detailed yesterday, unknown hackers set their sights >>> <http://appleinsider.com/articles/16/10/21/us-internet-users-suffering-under-ddos-attacks-on-key-dns-provider> >>> on Dyn, an internet management company that provides DNS services to many >>> major web entities. >>> >>> A series of repeated attacks caused websites including The Verge, Imgur and >>> Reddit, as well as services like HBO Now, and PayPal, to see slowdowns and >>> extended downtimes. Follow-up waves played havoc with The New York Times, >>> CNN, Netflix, Twitter and the PlayStation Network, among many others. >>> >>> Though Dyn was initially unable to nail down a source, subsequent >>> information published by security research firm Flashpoint revealed the >>> targeted attacks involved a strain >>> <https://krebsonsecurity.com/2016/10/hacked-cameras-dvrs-powered-todays-massive-internet-outage/> >>> of the Mirai malware, reports Brian Krebs. Krebs has firsthand experience >>> with Mirai, as the malware was deployed in a DDoS attack that brought down >>> his website, KrebsOnSecurity, in September. >>> >>> Mirai searches the web for IoT devices set up with default admin username >>> and password combinations, Krebs says. Once discovered, the malware >>> infiltrates and uses poorly protected hardware to facilitate a DDoS attack >>> on an online entity, in this case Dyn. >>> >>> Poor security practices are nothing new. Uninitiated or lazy end users have >>> for decades left factory default settings untouched on routers, networked >>> printers and other potential intrusion vectors. But this is different. >>> >>> DVRs and IP cameras made by Chinese company XiongMai Technologies, as well >>> as other connected gadgets currently flooding the market, contain a >>> grievous security vulnerability and are in large part responsible for >>> hosting the botnet.According to Krebs, DVRs and IP cameras made by Chinese >>> company XiongMai Technologies, as well as other connected gadgets currently >>> flooding the market, contain a grievous security vulnerability and are in >>> large part responsible for hosting the botnet. As he explains, a portion of >>> these devices can be reached via Telnet and SSH even after a user changes >>> the default username and password. >>> >>> "The issue with these particular devices is that a user cannot feasibly >>> change this password," said Zach Wikholm, research developer at Flashpoint. >>> "The password is hardcoded into the firmware, and the tools necessary to >>> disable it are not present. Even worse, the web interface is not aware that >>> these credentials even exist." >>> >>> To prevent another Mirai attack, or a similar assault harnessing IoT >>> hardware, offending devices might require a recall, Krebs says. Short of a >>> that, unplugging an affected product is an effective stopgap. >>> >>> By contrast, Apple's HomeKit features built-in end-to-end encryption, >>> protected wireless chip >>> <http://appleinsider.com/articles/14/11/03/first-wireless-chips-with-apple-homekit-support-now-shipping-to-device-manufacturers> >>> standards, remote access obfuscation and other security measures designed >>> to thwart hacks. Needless to say, it would be relatively difficult to turn >>> a HomeKit MFi device in a DDoS zombie. >>> >>> Announced in 2014 alongside iOS 8, HomeKit debuted as a secure framework >>> <http://appleinsider.com/articles/14/06/02/apple-introduces-homekit-framework-for-connected-homes> >>> onto which manufacturers of smart home products can build. Specifically, >>> the system uses iOS and iCloud infrastructure to securely synchronize data >>> between host devices and accessories. >>> >>> Apple details HomeKit protections in a security document posted to its >>> website (PDF link >>> <http://www.apple.com/business/docs/iOS_Security_Guide.pdf>), saying the >>> system is based on public-private key pairs. >>> >>> First, key pairs are generated on an iOS device and assigned to each >>> HomeKit user. The unique HomeKit identity is stored in Keychain and >>> synchronized to other devices via iCloud Keychain. Compatible accessories >>> generate their own key pair for communicating with linked iOS devices. >>> Importantly, accessories will generate new key pairs when restored to >>> factory settings. >>> >>> >>> >>> Apple uses the Secure Remote Password (3,072-bit) protocol to establish a >>> link between an iOS device and a HomeKit accessory via Wi-Fi or Bluetooth. >>> On first use, keys are exchanged through a procedure that involves entering >>> an 8-digit code provided by the manufacturer into a host iPhone or iPad. >>> Finally, exchanged data is encrypted while the system verifies the >>> accessory's MFi certification. >>> >>> When an iPhone communicates with a HomeKit accessory, the two devices >>> authenticate each other using the exchanged keys, Station-to-Station >>> protocol and per-session encryption. Further, Apple painstakingly designed >>> a remote control feature called iCloud Remote that allows users to access >>> their accessories when not at home. >>> >>> Accessories that support iCloud remote access are provisioned during the >>> accessory's setup process. The provisioning process begins with the user >>> signing in to iCloud. Next, the iOS device asks the accessory to sign a >>> challenge using the Apple Authentication Coprocessor that is built into all >>> Built for HomeKit accessories. The accessory also generates prime256v1 >>> elliptic curve keys, and the public key is sent to the iOS device along >>> with the signed challenge and the X.509 certificate of the authentication >>> coprocessor. >>> >>> >>> Apple's coprocessor is key to HomeKit's high level of security, and the >>> implementation is thought to have delayed the launch of third-party >>> products by months. >>> In addition to the above, Apple also integrates privacy safeguards that >>> ensure only verified users have access to accessory settings, as well as >>> privacy measures that protect against transmission of user-identifying or >>> home-identifying data. >>> >>> Basically, HomeKit is a well planned and well executed IoT communications >>> backbone. The accessories only work with properly provisioned devices, are >>> difficult to infiltrate, seamlessly integrate with iPhone and, with iOS 10 >>> and the fourth-generation Apple TV (which acts as a hub), feature rich >>> notifications and controls accessible via Apple's dedicated Home app. Oh, >>> and they don't broadcast indiscriminately to the web. >>> >>> The benefits of HomeKit come at cost to manufacturers, mainly in >>> incorporating Apple's coprocessor, but the price is undoubtedly smaller >>> than recalling an unfixable finished product. >>> >>> >>> >>> Original Article: >>> http://appleinsider.com/articles/16/10/22/mirai-ddos-attack-highlights-benefits-of-apples-secure-homekit-platform >>> >>> <http://appleinsider.com/articles/16/10/22/mirai-ddos-attack-highlights-benefits-of-apples-secure-homekit-platform> >>> >>> >>> Sent from my iPhone >>> >>> -- >>> The following information is important for all members of the Mac >>> Visionaries list. >>> >>> If you have any questions or concerns about the running of this list, or if >>> you feel that a member's post is inappropriate, please contact the owners >>> or moderators directly rather than posting on the list itself. >>> >>> Your Mac Visionaries list moderator is Mark Taylor. You can reach mark >>> at:[email protected] >>> <mailto:[email protected]> and your owner is Cara >>> Quinn - you can reach Cara at [email protected] >>> <mailto:[email protected]> >>> >>> The archives for this list can be searched at: >>> http://www.mail-archive.com/[email protected]/ >>> <http://www.mail-archive.com/[email protected]/> >>> --- >>> You received this message because you are subscribed to the Google Groups >>> "MacVisionaries" group. >>> To unsubscribe from this group and stop receiving emails from it, send an >>> email to [email protected] >>> <mailto:[email protected]>. >>> To post to this group, send email to [email protected] >>> <mailto:[email protected]>. >>> Visit this group at https://groups.google.com/group/macvisionaries >>> <https://groups.google.com/group/macvisionaries>. >>> For more options, visit https://groups.google.com/d/optout >>> <https://groups.google.com/d/optout>. >> >> >> -- >> The following information is important for all members of the Mac >> Visionaries list. >> >> If you have any questions or concerns about the running of this list, or if >> you feel that a member's post is inappropriate, please contact the owners or >> moderators directly rather than posting on the list itself. >> >> Your Mac Visionaries list moderator is Mark Taylor. You can reach mark >> at:[email protected] >> <mailto:[email protected]> and your owner is Cara >> Quinn - you can reach Cara at [email protected] >> <mailto:[email protected]> >> >> The archives for this list can be searched at: >> http://www.mail-archive.com/[email protected]/ >> <http://www.mail-archive.com/[email protected]/> >> --- >> You received this message because you are subscribed to the Google Groups >> "MacVisionaries" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected] >> <mailto:[email protected]>. >> To post to this group, send email to [email protected] >> <mailto:[email protected]>. >> Visit this group at https://groups.google.com/group/macvisionaries >> <https://groups.google.com/group/macvisionaries>. >> For more options, visit https://groups.google.com/d/optout >> <https://groups.google.com/d/optout>. > > > -- > The following information is important for all members of the Mac Visionaries > list. > > If you have any questions or concerns about the running of this list, or if > you feel that a member's post is inappropriate, please contact the owners or > moderators directly rather than posting on the list itself. > > Your Mac Visionaries list moderator is Mark Taylor. You can reach mark at: > [email protected] and your owner is Cara Quinn - you > can reach Cara at [email protected] > > The archives for this list can be searched at: > http://www.mail-archive.com/[email protected]/ > <http://www.mail-archive.com/[email protected]/> > --- > You received this message because you are subscribed to the Google Groups > "MacVisionaries" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected] > <mailto:[email protected]>. > To post to this group, send email to [email protected] > <mailto:[email protected]>. > Visit this group at https://groups.google.com/group/macvisionaries > <https://groups.google.com/group/macvisionaries>. > For more options, visit https://groups.google.com/d/optout > <https://groups.google.com/d/optout>. -- The following information is important for all members of the Mac Visionaries list. If you have any questions or concerns about the running of this list, or if you feel that a member's post is inappropriate, please contact the owners or moderators directly rather than posting on the list itself. Your Mac Visionaries list moderator is Mark Taylor. You can reach mark at: [email protected] and your owner is Cara Quinn - you can reach Cara at [email protected] The archives for this list can be searched at: http://www.mail-archive.com/[email protected]/ --- You received this message because you are subscribed to the Google Groups "MacVisionaries" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/macvisionaries. For more options, visit https://groups.google.com/d/optout.
