So I've been thinking how to reduce the risk surrounding IoT devices after they get hacked (particularly in regards to botnets) and I've come to the conclusion I need Sup Forums's help.
Is there a way to physically limit the bandwidth used by a device? A way to make it so that it becomes a literal impossibility for, say, your Internet-connected toilet to send out more than 10Mbps or maybe even 1Mbps? So that even if it gets hacked, it's limited in the degree it can participate in a DDOS?
Is it really that hard to NOT ENTER your wifi password when buying a device that has no business being on the internet?
Its simple. Don't buy internet of things stuff at all or don't let it connect to the internet.
That works great for people who aren't retarded but a lot of retarded people buy them. The question is more along the lines of what can be done to mitigate the damage of retards.
Reduce the risk by not purchasing IoT devices.
Are you fucking retarded?
How about dont put internet connectivity into a fucking stove.
Why in the holy mother of fuck would you ever need to remotely operate a stove? You have to be in front of the fucking thing to put food in it.
Anyone that buys this kind of shit deserves whatever happens.
Yes, a sure-fire way is to apply a Haptic Amplification Metallic Malletic Energy Redistributor to the device
>>>/games/1104294333/1-40
>That works great for people who aren't retarded but a lot of retarded people buy them.
Let them. It'll be funny as shit when someone figures out how to access their webcams, notice a cardboard box on the electric stovetop, turn on the stove, then disable the fire alarm.
what does halo 2 have to do with this thread?
Just use a proper firewall and you will be fine.
Then why the fuck did you make this thread? If you are thinking of other people there is no reason to even think of a solution because they won't implement it.
Stay in school.
1) Don't buy an IoT device in the first place.
2) If you do buy one, allow it access to the Internet.
3) If you do want to allow it access for some function you really want to use, then put it on a network completely isolated from your normal devices. I don't have step-by-step instructions, but you should be able to limit bandwidth, yes.
>Is there a way to physically limit the bandwidth used by a device?
It is called QoS you tard
>2) If you do buy one, allow it access to the Internet.
Don't allow it access to the Internet, of course.
>he can't pre heat the oven for tendies while sitting in his couch
Stay small faggot
And what do you do when someone else's toaster is DDOSing a hospital's ER system? A hospital you or your family member is staying at?
I don't care one bit about someone suffering for their own idiocy but that's not the case here. This is their idiocy causing others to suffer.
And then it burns down an apartment building you live in.
If someone is stupid enough to purchase an Internet-connected toaster, they're not smart enough to configure QoS.
>firewalls are hard
>he doesn't leave bread in the toaster when he goes to work with a task on his smartphone to activate the toaster when he gets close to home so he can have fresh toast the moment he walks in the door
Why live?
We haven't always had gigabit connectivity. There has been physical limitations in how much data could be sent.
Why can't we impose such physical limitations on IoT devices?
don't really need internet connectivity, but network connectivity might be good for controlling your range/oven from a wall panel rather than a batch of built in controls placed all too close to a hot burner.
Turn UPnP off on you modem/router. Don't expose your shitty designed IOT device: if you need remote access use vpn.
OP here.
I'm looking more from an industry standard standpoint, not a "what can am individual do" standpoint.
of course they can.
you could probably limit most IoT toys to a packet a second and it would work fine.
From an industry standpoint, don't make it so devices are accessible from the Internet until the user configures them. Don't open ports to the outside, don't UPnP to try get open ports.
But people would complain about the inconvenience.
>Why in the holy mother of fuck would you ever need to remotely operate a stove?
fuck you i would kill for programmable stove/oven
Important part is that it not be a limitation that a Chinaman or Eastern European kid could undo after having taken over the device.
That's not going to work and you know it. Economics of it won't tolerate requiring user to learn how to configure their toaster or condom.
>$30 in bitcoins
It's a good question. The industry mainly needs to actually think about security when they build this stuff. The initial thinking at the start of IoT was it doesn't matter if it has security, because they won't be browsing porn sites and if it breaks they can just buy a new one fairly cheaply. They didn't consider blackmail and DDoS.
Also, maybe people will need a "cable guy" sort of thing, a "network guy" to come to houses and set up networks and firewalls for IoT houses? I don't do a lot of hardware, network stuff, that's just a guess.
It could be done i.e. by changing the ethernet chip, but that's expensive overengineering and you'd probably have problems because it won't comply any IEEE standard.
You are focusing on the wrong problem. If my IoT devices were hacked, I won't give a fuck I'm part of a botnet. I'm worried by being watched through my own cameras or smart TV mic, having my house set on fire by my oven, or having my beer frozen by my fridge.
Botnets are a very small issue to be mitigated if you are hacked. Companies should not let your devices being hacked, period. It's expensive but Apple did it with Homekit right?
You do know most ovens sold in the last 20 years are programmable, right?
Different issues. You don't care if your device is part of a botnet but others that you're DDOSing do. Issue I'm looking to address right now is teens or nation states creating and using botnets of increasing size that can shut down almost any service.
Creating a new standard is absolutely an option here. The industry is new and retarded and will accept anything anyone with authority tells them to use if it won't create substantial long-term overhead.
every day I hate computers more and more
>if you don't support me on patreon you might never see retarded nonsense ever again!
>stale bread from letting it sit out all day
What about devices that are set up on a closed network only accessible from a terminal configured to send/receive only in a specific type of encryption designated by the user that doesn't read anything that doesn't fall under that criteria, only set up to send/receive data to a specific device (ie your smartphone, but could be anything, even a custom receiver) and reject all other traffic?
> after they get hacked
> Is there a way to physically limit the bandwidth used by a device?
Even an extremely low-bandwidth device can be hacked.
A much more important question is: Can its internet access be totally disabled?
I'm guessing that IoT devices will generally attempt one of the following:
- find an open WiFi connection if one is available
- use cellular or satellite connection
- use a new zero-config wireless system designed specifically for IoT (most likely in the long term)
So the question becomes: How can you shield your entire living residence from all of these?
Remember that some day it will be illegal to buy or possess appliances that don't have internet connectivity, so this problem will need to be solved eventually. "Refusing to buy" IoT devices is only a a short-term strategy -- eventually the price of black-market non-IoT devices will become so high that you won't be able to afford them, requiring an eventual blocking solution. (Remember that the real goal of IoT is total authoritarian government surveillance "to ensure the safety and security of the public", so market forces will be powerless to prevent the rollout of universal IoT.)
>his toaster isn't in an air tight container
>put it on a network completely isolated from your normal devices
It won't work that way.
In the future, IoT devices must eventually use a zero-config solution so that the wireless connection happens automatically.
In a future home with 250 IoT devices in it, there's no way you're going to be entering your WiFi password into each device separately. A zero-config solution is mandatory for large-scale IoT rollout. My guess is a new type of wireless standard specifically designed for IoT, designed to be zero-config so that internet connectivity will occur automatically without the need for user action.
The idea isn't to stop devices from getting hacked. It's to reduce the harm they're capable of when they're hacked.
>reduce the harm they're capable of when they're hacked.
Once hacked, the scope of the potential harm is almost completely independent of the bandwidth.
One byte per second is plenty of bandwidth to disable the appliance, cause it to operate unsafely, implement a ransomware attack, leak personal data, etc.
A person can be doxxed in 1KB of data. Transmitted at one byte per second, that takes only 17 minutes to upload. IoT devices are connected 24/7, so even transmitting one picture or one frame of video can be done in one day at that speed.
I don't need the CIA knowing what I have for breakfast. If we let the CIA into our kitchens next thing you know the CIA will try to kill us by overheating our toasters or microwaves.
Harm to *others*.
Again the topic is weakening botnets.
Imagine coming home to a burnt down house after a hacker cranked up your oven to 1000 degrees
>he buys IoT things that do not respect your freedoms both in software and hardware
>he does not put his IoT things behind a NAT or something
>he uses IoT things that use hipster technologies like JSON and HTTP
I bet you have an arduino hooked up directly to mains electricity for controlling your lights and other appliances
Agreed my dinosaur toast tastes like poorfag footjam
Sounds like a nightmare.
Can someone explain how an IoT device is "hacked"?
Say you have a garage door or fridge. Are there terminals and users built into these devices? Are they not running locked down proprietary software that only takes executable commands, and no writing?
Considering Normans can't even secure a Windows machine and it does that shit for you we are completely boned.
this has been a very entertaining thread
The shit tier security situation more often than not means these things are running fairly standard Linux installs, and nearly always have some web interface where you can logon, send commands, etc.
What we've seen with a number of recent botnets is that they usually also have SSH open, and usually accept a default logon, and that there's encouragement for a user to change that default logon.
It's no different to booting up a Raspberry Pi, enabling SSH and just putting it online with the pi/raspberry credentials.
The web interfaces vary from a spaghetti code PHP5.2 mess full of shell_exec() calls, to a CGI-bin interface with all the controls in C.
But that would be sweet sweet irony and just what they deserve for buying such bullshit
Teddybears now have Linux running on them that can be used as part of a DDOS.
Bigger question: how is IoT useful in any way that justified the various headaches that come with them?
Have a look at your average router. The only real difference between the stock firmware and OpenWRT is that the stock one is closed source.
why would you even want remote start on your stove?
Most consumer routers run openwrt anyways
it'll be something like IoTivity's onboarding process, where you scan a QR code on the Thing, connect to the soft AP (automatable), and from there it'd be reasonable to have m2m communication so you don't have to manually punch in credentials.
Considering people are still comfortably using 200-300 year old tech to live their lives comfortably daily I'd say just don't invest in it. IOT is a terrible meme, it's widespread adoption would cripple our society.
It's *already* crippling parts of our society and it's going to get massively worse because we have the backend of most IoT shit made by Pajeets.
They're going to shit all over us regardless so we need to find a way to make the shit manageable.
I honestly don't see the point of connecting everything. I feel like it's just a buzzword to use as a motivation. Although it might improve our lives through big data collection. A lot of problems can be fixed easily if the source of these problems are analyzed over wide array of devices.
Security for IoT is impossible. You just need to accept the fact that we're always going to have a reset button on these.
>smart oven
literally WHY
How hard is it to set a fucking timer?
any news on that botnet that hunts down unsecured iot and routers and disables them?
doing the lords work if you lurk here vigilante
I can see that it could be useful in some very minor ways
>Check if the oven is on out of home
>Built in sous vide option
>Directly use temperature date for recipes
But these are just very minor to be considered.
Big data collection will cripple the lives of far more than it would help. It is an unambiguous evil in most cases.
>his toaster doesn't launch his toast out to land perfectly on his plate every time
How?
It's primarily used to monitor people and change their behavior into doing something that is in the best interest of either the company, law enforcement, or national security. It deprives people of agency by design in most cases. A few cases such as self-driving cars for the elderly is the exception, not the rule.
>It's primarily used to monitor people and change their behavior into doing something that is in the best interest of either the company
Opposite is true for this part. They want to ride the interest wave.
Who else will be doing the big data collection that otherwise wouldn't happen without parasitic commercial voyeurs?
How to make skynet.
Wait for this to be a common thing, hack nsa and get the backdoors, run a distributed simulated neural network thousands of times as powerful as the human brain, also hooked up to the internet, happy end of the world.
>His toast doesn't pop up, and hit a switch, which triggers a complex series of mechanisms, which fries my eggs, cooks my bacon, and pours my orange juice.
This is now the most retarded thing I've seen to come out of memeicon valley