|
ElCondemn posted:These are really cool and I'm sure your oven won't catch fire if it's left on all day. What they most likely did was just add a computer to this thing and wire up the control interface to the computer, that way they can control it via the physical interface or a virtual one. I doubt there's even any way to update the firmware that operates the actual oven, what could they possibly update in the possibly non-existent firmware to improve an oven that can't be done via the connected computer? I like looking through IFTTT because it really shows that no matter how stupid and useless the input or output sounds people actually do a really good job of finding "wait, that is actually a pretty smart idea" sorts of uses for them.  It's not a life changing idea on it's own by any stretch but it's cool to see what people do if given inputs and outputs and an easy way to link them together. Like, that is really clever! And it's clever in a way that it would never be worth being a stand alone product you would buy or a feature you'd design into a sprinkler system but if the sprinkler has a standard API other things can snap into without much trouble, why not turn it on to do that?
|
#
?
Jul 10, 2017 22:15
|
|
|
|
| # ? May 8, 2024 14:24 |
|
|
Why is it that folks are claiming that IoT toasters are more secure than the Iranian centrifuges that were hit with Stuxnet?
|
|
#
?
Jul 10, 2017 22:22
|
|
|
Solkanar512 posted:Why is it that folks are claiming that IoT toasters are more secure than the Iranian centrifuges that were hit with Stuxnet? Because the two devices are inherently different, they run different software and are designed totally differently. Again this is just a fundamental misunderstanding of how these systems work. Stuxnet worked as an exploit for any system that was running windows, the centrifuges just happened to have their control software running on windows. These IoT devices however are not connected to the internet or even your home network the same way those centrifuges would be. They work more like an arduino or other lower power single thread micro-controller, they are not designed to run arbitrary code and can't be exploited in the same ways.
|
|
#
?
Jul 10, 2017 22:45
|
|
|
Solkanar512 posted:Why is it that folks are claiming that IoT toasters are more secure than the Iranian centrifuges that were hit with Stuxnet? If the government wants to take down your toaster it will. Nothing you have ever owned or will ever owned is perfectly secure. But by being universally true people have learned to cope with that fact and life gets along using our imperfect phones and computers to imperfectly access our imperfect websites and it's not perfect but we generally keep things in a range where people generally live day to day without worrying overly much about it. If an elite hacker takes out my toaster I'll grumble but be glad that he didn't take out my bank account or online bill pay or amazon account which is tied to a bunch of credit cards and services or 50 other things that were already super high value that are already connected to the internet.
|
|
#
?
Jul 10, 2017 22:48
|
|
|
ElCondemn posted:Because the two devices are inherently different, they run different software and are designed totally differently. Again this is just a fundamental misunderstanding of how these systems work. Stuxnet worked as an exploit for any system that was running windows, the centrifuges just happened to have their control software running on windows. That kind of thing could start becoming an issue if/when IoT controllers start using more powerful control units, but only if they had some sort of crossover that is also present in something that these state level actors are likely to want to target. So it's not like someone would deliberately target all the light bulbs, but there could be something that inadvertently bricks them if updated from a compromised machine. It's going to be interesting to see what inadvertent effects things like that have.
|
|
#
?
Jul 10, 2017 22:55
|
|
|
Owlofcreamcheese You almost convinced me that the Internet of Things are Things not connected to the Internet.
|
|
#
?
Jul 10, 2017 23:02
|
|
|
Guavanaut posted:I thought Stuxnet was a two level thing, one part worked as a standard virus, spreading across Windows machines, the payload part affected certain very specific Philips or Siemens or something industrial controllers if you updated the firmware from an infected Windows machine. The security concern part of Stuxnet is the root remote code execution. The PLC issue isn't an exploit as much as it's just a hack to make the software send harmful commands to the connected devices. This is possible on pretty much every platform except for platforms that are specifically designed to protect memory, and even then when you're root it's trivial to bypass any protections that might've been in place. Guavanaut posted:That kind of thing could start becoming an issue if/when IoT controllers start using more powerful control units, but only if they had some sort of crossover that is also present in something that these state level actors are likely to want to target. If someone wants in there's always a way in, I think because of the power limitations we've made most of these devices pretty dumb and secure because of that fact. In the future or even today with devices that are connected to your wall there is definitely a possibility that they're running a full-size modern kernel that can run arbitrary code, but again it's only a concern if you allow direct access to your devices or you're being targeted by people with the resources to get in. Guavanaut posted:So it's not like someone would deliberately target all the light bulbs, but there could be something that inadvertently bricks them if updated from a compromised machine. It's going to be interesting to see what inadvertent effects things like that have. Maybe, but the way it works right now it doesn't seem like to happen that way. Unless you're talking about some future bulbs that run linux or something?
|
|
#
?
Jul 11, 2017 00:03
|
|
|
It probably is going to end up that way, if economies of scale keep working like that. It wasn't too far back that people were saying "why would you put a microcontroller in a washing machine when a handful of 74 series logic can do the same thing?" or mechanical switches, or a big rotary dial with the right PCB traces behind it. There's a certain level, maybe not for lightbulbs, but a level where a lot of things are going to be SoC devices capable of running arbitrary code because they're useful enough elsewhere. What that means for IoT security measures with that many levels of abstraction I don't know.
|
|
#
?
Jul 11, 2017 00:35
|
|
|
Guavanaut posted:It probably is going to end up that way, if economies of scale keep working like that. It wasn't too far back that people were saying "why would you put a microcontroller in a washing machine when a handful of 74 series logic can do the same thing?" or mechanical switches, or a big rotary dial with the right PCB traces behind it. There's a certain level, maybe not for lightbulbs, but a level where a lot of things are going to be SoC devices capable of running arbitrary code because they're useful enough elsewhere. I think it's going to be the same security concerns of yesterday, as long as we don't run services that face publicly out of our home networks I think we'll be ok. The Mirai attacks are really no different than the usual worm in the wild, and even in the future that'll probably be the way things work since these types of things go after easy targets with the most impact.
|
|
#
?
Jul 11, 2017 00:41
|
|
|
Tei posted:Owlofcreamcheese Go back in time to 1994 or something and make the prediction that someday they will put computers in your home telephone and have it be online at all times and you'd get people would give you this same mix of "why would you even want that" and sky is falling that that would mean hackers would be ordering pizzas from your phone like nonstop. Then flash forward to now and that basically isn't an issue anyone ever faces and security flaws are real and happen but don't dominate most people's lives or concerns in any meaningful way. Why would anything else be any different?
|
|
#
?
Jul 11, 2017 00:46
|
|
|
Owlofcreamcheese posted:Go back in time to 1994 or something and make the prediction that someday they will put computers in your home telephone and have it be online at all times and you'd get people would give you this same mix of "why would you even want that" and sky is falling that that would mean hackers would be ordering pizzas from your phone like nonstop. Then flash forward to now and that basically isn't an issue anyone ever faces and security flaws are real and happen but don't dominate most people's lives or concerns in any meaningful way. So you are comparing Apple to SmartToasters.com.tw, that have 5 programmers. 2 of them get interrupted every five minutes to repair printers or help Li, from PR, to send a email. Smartphones are a problem, is just not has visible now. Many hardware companies release phones that can't be updated, or that don't receive new versions. So people is going to be stuck on very old versions of Android, the spyware guys will find a way to get into these machines and install rootkits/deploy malware. Is just not visible now because we are on the incubation phase.
|
|
#
?
Jul 11, 2017 07:10
|
|
|
I'm pretty sure he's trolling the thread, Tei. That being said it really makes me angry that people don't airgap systems that need to be airgapped. Why does almost every manufacturer have the internet connected entertainment hook up to the rest of the electronics? Same deal with power companies having their SCADA hooked up to the internet. e:I meant to say why does almost every car manufacturer have the internet connected entertainment hooked up to the rest of the electronics. CrazySalamander fucked around with this message at 21:30 on Jul 11, 2017 |
|
#
?
Jul 11, 2017 08:27
|
|
|
CrazySalamander posted:I'm pretty sure he's trolling the thread, Tei. This. The ol' urban legend is that everyone logs what you do/steals your information, because there is somehow endless evil rich who would pay for that info. My question is, since of course that can't be true, why IS everything hooked up? Why make the effort?
|
|
#
?
Jul 11, 2017 15:28
|
|
|
Owlofcreamcheese posted:If the government wants to take down your toaster it will. Nothing you have ever owned or will ever owned is perfectly secure. But by being universally true people have learned to cope with that fact and life gets along using our imperfect phones and computers to imperfectly access our imperfect websites and it's not perfect but we generally keep things in a range where people generally live day to day without worrying overly much about it. This isn't about "taking down my toaster", it's about random assholes deciding that they want to turn on my future toaster oven, gas range or oven when I'm not around. Those are clear fire hazards that you pretend don't exist. EDIT:minor spelling Solkanar512 fucked around with this message at 16:43 on Jul 11, 2017 |
|
#
?
Jul 11, 2017 15:57
|
|
|
Or turning on thousands of ovens at the same time...
|
|
#
?
Jul 11, 2017 16:27
|
|
|
ThisIsJohnWayne posted:This. The ol' urban legend is that everyone logs what you do/steals your information, because there is somehow endless evil rich who would pay for that info. My question is, since of course that can't be true, why IS everything hooked up? Why make the effort? Why are fidget spinners manufactured in the millions? Because they sell..
|
|
#
?
Jul 11, 2017 16:30
|
|
|
ThisIsJohnWayne posted:This. The ol' urban legend is that everyone logs what you do/steals your information, because there is somehow endless evil rich who would pay for that info. My question is, since of course that can't be true, why IS everything hooked up? Why make the effort? No the rich just buy it the data straight up. If your machine collecte data there is an almost zero chance the are trying to sell it to someone. Connected devices represent being able to charge more for products as well as sell data on the back end for new revenue streams which is why everyone does it. Fire hazard devices and medical devices are what worry me, not the goddamn lights in my house.
|
|
#
?
Jul 11, 2017 17:19
|
|
|
Everyone realizes you can just not purchase these smart lights/toasters/ovens/etc if you're actually paranoid about them, I highly doubt there will be some big government push to force them onto us or anything.
|
|
#
?
Jul 11, 2017 17:52
|
|
|
I imagine eventually they might just be the only thing being made, because that's what the vast majority of people want, adding the technology is cheap, and no one wants the old school stuff filling up warehouses.
|
|
#
?
Jul 11, 2017 17:56
|
|
|
WampaLord posted:Everyone realizes you can just not purchase these smart lights/toasters/ovens/etc if you're actually paranoid about them, I highly doubt there will be some big government push to force them onto us or anything. That would change nothing. If 4 million people buy a IoT device, and they are hacked and create a DDoS network, they can use it to DDoS your company website. Or if they are a fire hazard, they can be used to cause fires in 5 different places in a city. If I live in a building, and a fire start in other apartament, my apartament will still burn. If some self driven trucks are hacked, my vehicle can be the thing they can crash to. http://www.wheels24.co.za/News/Guides_and_Lists/heres-how-easy-it-is-to-hack-a-car-20170111
|
|
#
?
Jul 11, 2017 17:56
|
|
|
A Buttery Pastry posted:I imagine eventually they might just be the only thing being made, because that's what the vast majority of people want, adding the technology is cheap, and no one wants the old school stuff filling up warehouses. I can definitely imagine enough of a market for "I don't want to have to use my phone to turn on my stove!" types to be satisfied. Tei, you are overly paranoid about disaster scenarios, could this possibly be related to your experiment drug taking?
|
|
#
?
Jul 11, 2017 17:59
|
|
|
WampaLord posted:I can definitely imagine enough of a market for "I don't want to have to use my phone to turn on my stove!" types to be satisfied. COuld bE. I don't think so, because we are starting to see these IoT machines used for nefarius purposes, using it to exploit the service they provide to create trouble is not a huge step. It only takes one malicious person that is interested more in cause damage than creating a ddos.
|
|
#
?
Jul 11, 2017 18:44
|
|
|
Okay, people are dismissing the "hacked IoT machiens will be used for DDoS attacks" arguments, but hasn't that already happened? I remember reading articles on that, so people acting like it's a fantasy and won't ever come to pass seems odd because it's already reality, and while the IoT is expanding there hasn't been any real push to make it more secure, which is the sort of thing that makes the problem worse, not better.
|
|
#
?
Jul 11, 2017 19:51
|
|
|
WampaLord posted:I can definitely imagine enough of a market for "I don't want to have to use my phone to turn on my stove!" types to be satisfied. You just disable your internet of things device. Which is the rub because few people actually will, and again manufacturers only want to make IoT versions because theyre more long term profitable.
|
|
#
?
Jul 11, 2017 22:47
|
|
|
WampaLord posted:I can definitely imagine enough of a market for "I don't want to have to use my phone to turn on my stove!" types to be satisfied. I don't take experimental drugs and had I not been distracted by Trump's son I would have posted the same thing. I shouldn't have to worry that the 5 neighbors I have that are too dumb/busy/etc to secure their wifi nodes aren't going to buy an IoT toaster oven that starts a fire. Look, this is really what pisses me off about you guys - you want your loving toys but you don't want to do the hard work to ensure that they're safe or don't otherwise gently caress us over. I hear the same poo poo whenever a plane crashes - oh, let's just fly the plane remotely without pilots, who gives a poo poo about malfunctioning sensors or ensuring the connection between the ground and the air is secure. Who gives a poo poo that the safety systems are integrated with everything else and that small changes can have huge ramifications? It's good enough for me and it sounds cool and you're a Luddite if you think otherwise. Instead of being dismissive, take these issues seriously and address them.
|
|
#
?
Jul 12, 2017 04:42
|
|
|
Solkanar512 posted:Look, this is really what pisses me off about you guys - you want your loving toys but you don't want to do the hard work to ensure that they're safe or don't otherwise gently caress us over. You're ranting at the wrong kind of nerd here, I don't want any IoT devices. And the concerns I see people expressing do not jive with my understanding of how technology works. Let's wait until we actually get a story about "hacked toaster lights fire" before we start chicken littling about something that may be literally impossible. Like, I realize you think every IoT device is just designed by idiots who slap a chip in there, but I mostly trust engineers to not create active fire hazards, we've gotten pretty good at that.
|
|
#
?
Jul 12, 2017 04:51
|
|
|
Solkanar512 posted:This isn't about "taking down my toaster", it's about random assholes deciding that they want to turn on my future toaster oven, gas range or oven when I'm not around. Those are clear fire hazards that you pretend don't exist. They can shoot you win a gun or hit you with a rock if they want too. If someone murdering you is a concern that sounds like an absurdly convoluted way to do it. They can even burn your house wit a dollar of gas an a five cent match and not even need to hack anything.
|
|
#
?
Jul 12, 2017 04:58
|
|
|
Owlofcreamcheese posted:They can shoot you win a gun or hit you with a rock if they want too. If someone murdering you is a concern that sounds like an absurdly convoluted way to do it. They can even burn your house wit a dollar of gas an a five cent match and not even need to hack anything. With this they can burn (a sizable statistical fraction of) everyone's house down at the same time. From their porn station.
|
|
#
?
Jul 12, 2017 05:01
|
|
|
dont be mean to me posted:With this they can burn (a sizable statistical fraction of) everyone's house down at the same time. From their porn station. When you use big words it almost sounds like you know what you're talking about, it's too bad that this theoretical toaster that burns down houses doesn't and wouldn't exist, otherwise you'd have a point. Solkanar512 posted:Instead of being dismissive, take these issues seriously and address them. I addressed all the concerns and tried to explain how the technology works but all you hear is "it's fine, you're a Luddite". I'm not really sure what you want, other than to have confirmation that your fantasy apocalypse scenario isn't just in your head.
|
|
#
?
Jul 12, 2017 05:33
|
|
|
Owlofcreamcheese posted:They can shoot you win a gun or hit you with a rock if they want too. If someone murdering you is a concern that sounds like an absurdly convoluted way to do it. They can even burn your house wit a dollar of gas an a five cent match and not even need to hack anything. Stop being so loving obtuse! Do you not understand that many appliances in the kitchen, even when operating normally, can present a danger if operated without someone there to supervise? Have you ever used a kitchen before? Do you understand that ovens are hot, and gas ranges produce an open flame? Seriously, do you not understand this? If I can remotely turn off a gas range, it means it's possible to remotely turn on a gas range. You even showed the scripts allowing for an oven to start preheating. Why do you keep ignoring this poo poo when people keep bringing it up in a clear and direct fashion? Why do you keep acting like apartments and condos don't exist? Do you understand that despite the fact that someone can shoot me, we still require things to be built according to a minimum safety standards?
|
|
#
?
Jul 12, 2017 12:18
|
|
|
People have already disabled and hosed around with cars through hacking. Luckily, they were white hat hackers trying to demonstrate security flaws to the automotive industry and technology journalists. I'm not saying rip all the computers out of cars, I'm saying treat car computers like any other computer and get some security. Manufacturers already are starting to do this but the concern is that it might escalate before they have a full handle on it. Owlofcreamcheese posted:They can shoot you win a gun or hit you with a rock if they want too. If someone murdering you is a concern that sounds like an absurdly convoluted way to do it. They can even burn your house wit a dollar of gas an a five cent match and not even need to hack anything. Some random guy could just decide to turn on a bunch of stoves for shits and giggles, it doesn't have to be some kind of conspiracy to murder you. I'm not sure we're going to have a ton of blazing infernos because Zero Cool turned on everyone's oven while they were in the Seychelles but it's not about "Gonna kill Owlofcreamcheese specifically with his toaster" but "Gonna turn a bunch of things on at once to cause maximum chaos" Lightning Lord fucked around with this message at 12:31 on Jul 12, 2017 |
|
#
?
Jul 12, 2017 12:28
|
|
|
Unexpectedly turning on 100,000 toasters at once in an area would probably cause a power disruption, too, especially if it were done in the middle of a hot day
|
|
#
?
Jul 12, 2017 14:38
|
|
|
Also, I'm sorry, but even if my oven got turned on all day, it wouldn't burn my place down, it'd just make my electric bill go up. Do y'all have some sort of crazy oven that bursts into flame if left on for 8 hours?
|
|
#
?
Jul 12, 2017 15:03
|
|
|
WampaLord posted:Also, I'm sorry, but even if my oven got turned on all day, it wouldn't burn my place down, it'd just make my electric bill go up. Do y'all have some sort of crazy oven that bursts into flame if left on for 8 hours? My mother use to have stuff inside when the oven is off. Some machines have the limitations in the firmware, like wifi routers power ranges, perhaps If you hack a oven you can make it 30% hotter than you can manually. *checks google* I have checked guides, and most guides say that ovens don't normally catch fires. They can if are dirty (something we can expect a bunch of them). Anyway the guides are probably for supervised ovens, or pseudo-supervised ovens. I don't think they take into account one set to maximum + 30% an entire weekend with nobody around. If we want to use this scenario for a movie, we can give the cracker the ability to remotely open the oven door, like a CD cup, most guides seems to agree that if your oven if very hot, opening it increase the probability of fire. Tei fucked around with this message at 15:48 on Jul 12, 2017 |
|
#
?
Jul 12, 2017 15:42
|
|
|
WampaLord posted:Also, I'm sorry, but even if my oven got turned on all day, it wouldn't burn my place down, it'd just make my electric bill go up. Do y'all have some sort of crazy oven that bursts into flame if left on for 8 hours? I said gas range, why in the gently caress is this so difficult for you to understand? Open loving flames. Why are you so loving dismissive of this?  Secondly, ovens get loving hot when you keep them on the clean setting for eight hours. Or a whole weekend. That heat has to go somewhere, and is vented at the top. If you have something sitting there (which happens from time to time if you aren't using it yourself) that's a loving fire hazard. Again I ask, why are you being so loving dense about this? Solkanar512 fucked around with this message at 15:54 on Jul 12, 2017 |
|
#
?
Jul 12, 2017 15:50
|
|
|
I don't think IoT ovens are going to even allow you to turn on the open flame remotely, so that seems overly paranoid. Like, does any smart oven out there right now even allow this?
|
|
#
?
Jul 12, 2017 15:54
|
|
|
WampaLord posted:I don't think IoT ovens are going to even allow you to turn on the open flame remotely, so that seems overly paranoid. OOCC posted pictures of scripts that allow IoT ovens to preheat remotely, so once again you're full of poo poo.  Why do you keep dodging the case of unattended gas ranges?
|
|
#
?
Jul 12, 2017 15:56
|
|
|
I'd consider it more likely that a hacker could simply turn everything off or brick it somehow. That alone would be pretty annoying. In any case, any exposure to the internet means greater exposure to risk than otherwise and I just don't see the point of exposing my fridge.
|
|
#
?
Jul 12, 2017 15:57
|
|
|
Solkanar512 posted:OOCC posted pictures of scripts that allow IoT ovens to preheat remotely, so once again you're full of poo poo. "Preheat" to me implies the main oven chamber, not the gas burners. No one "preheats" the gas burner, it's just on or off.
|
|
#
?
Jul 12, 2017 16:00
|
|
|
|
| # ? May 8, 2024 14:24 |
|
|
IoT Ovens are thinking too small. The American power grid is just asking to be owned. And just wait for medical devices to get internet-accessible for some stupid reason!
|
|
#
?
Jul 12, 2017 16:04
|
|
