How to Lock Down Your Personal Internet of Things

Terry Olaes

Terry Olaes

I Used to be the [H] News Guy
Joined
Nov 27, 2006
Messages
4,646
With the earlier article I posted about vulnerable security cameras, maybe you're thinking about securing your thermostat, house lock, and refrigerator. Gizmodo has a decent how-to article on locking down our internet-enabled gadgets. Known as IoT or "Internet of Things", this is one of the hot areas in the business space since proper deployment of these devices can simplify operational concerns. With popularity comes those that want to exploit it, regardless of legality.

Our houses are quickly filling with an internet of things—smart TVs, DVRs, thermostats, and more all online, all the time. But to a hacker, each of these devices is a digital door or window into your home (network). Here's what you need to do to keep your devices locked against outside intrusions.
Click to expand...
 
Yeah, the internet fridge of all things stupid. Its called using the old Mark I eyeballs to check if you need more milk.
 
Ranulfo said:
Yeah, the internet fridge of all things stupid. Its called using the old Mark I eyeballs to check if you need more milk.
Click to expand...
Some people just want the feel of being a box boy working the backroom check stock.
 
Ok look! Another thing to break and be expensive to fix. Some things need to be online and that's fine. Thermostat so you can adjust it while its unoccupied? Makes sense. Refrigerator to remind you that you're low on milk? Dumb.
 
All my iot devices are on their own vlans.... I wouldn't have it any other way.
 
The big issue is it's hard for anything to be truly secure if corporations want to use everything as an advertising device. They need nice big holes to feed their ads through for every device.
 
Why would you even have one of these devices when you dont understand the issues associated with it? Oh wait... go look up the 73000 live feeds from morons, or the youtube videos of people trolling morons with default passwords via the cameras in their house...why worry about your thermostat in the winter time right? when someone hacks it and turns off your heat while you are away for xmas and you come back to frozen and burst pipes... its just the price you pay for being stupid, carry on with your phone app... nothing to see here...
 
Also, what a load of crap the article is. Hiding your SSID and MAC filtering will do nothing to prevent someone from getting in. Just makes it a pain in the ass for the end user.
 
That article is horrible, but there's some good advice in the comments section. Hint: if they're trashing Gizmodo's advice you should probably listen.
 
Terrible times ahead, guys. "Smart" everything is coming for sure. Lets just hope there will be smaller guys selling "dumb" home appliances for the remaining people with more sense than willingness to spend money on bullshit.
 
Not a fan of anything "smart" by default. If I want to control something I'll write the code and interface myself so I have full control, and it will be wired not wireless. I did this for my thermostat. The only way I can access it is if I VPN into the house. No cloud BS or proprietary IE only interface like these "smart" things probably will have. Sadly I see a grim future where everything will be connected and there wont be much you can do as it wont work without it. Look at modern game consoles, they all have to be connected to the internet now.
 
Who puts unnecessary junk like your fridge and thermostat on the internet? Are people so lame they can't get off the sofa and turn the little dial thing-y on the wall or maybe just leave their thermostat set to a reasonable level so they don't have to feel the need to constantly play around with it. Just because you can put something online doesn't mean you should.
 
CreepyUncleGoogle said:
Who puts unnecessary junk like your fridge and thermostat on the internet? Are people so lame they can't get off the sofa and turn the little dial thing-y on the wall or maybe just leave their thermostat set to a reasonable level so they don't have to feel the need to constantly play around with it. Just because you can put something online doesn't mean you should.
Click to expand...

The Honeywell internet thermostat can use your proximity to your home to turn change your AC/Heat up/down. I believe it's using your cellphone and perhaps GPS to do it.

There are times when I've programmed my thermostat to be off (or virtually off) until some day/time and I end up either coming home early or late. Either way, it'd be nice to be able to change when the temp changes.

However, I do like the idea of LAN only option. However, for most people, that thermostat is still going to be wireless, so it could be hacked (in theory) by someone outside your home.

I'm not sure what a smart refrigerator is good for. I could see the benefit of a connected washing machine (though I set mine to start up to 12 hours (I think it's 12) from when I leave for work, so that works for me. Now if I could get it to put them in the dryer and fold them...
 
MavericK96 said:
Wouldn't this technically be an "intranet"?
Click to expand...

Pretty much. And that's the only way I roll with stuff of that nature. Heck even my email is on my intranet. If I want to access it I have to VPN in. What's nice is Android does have an OpenVPN client that is fairly easy to setup so I can VPN in from my phone. Though right now I only allow my work's IP through. I will eventually setup some kind of basic web interface with username/password that will white list my current IP so I can vpn in from anywhere. I don't like the idea of leaving it wide open in case there's an exploit that could let someone in or do damage. (ex: heartbleed).
 
nilepez said:
The Honeywell internet thermostat can use your proximity to your home to turn change your AC/Heat up/down. I believe it's using your cellphone and perhaps GPS to do it.

There are times when I've programmed my thermostat to be off (or virtually off) until some day/time and I end up either coming home early or late. Either way, it'd be nice to be able to change when the temp changes.

However, I do like the idea of LAN only option. However, for most people, that thermostat is still going to be wireless, so it could be hacked (in theory) by someone outside your home.

I'm not sure what a smart refrigerator is good for. I could see the benefit of a connected washing machine (though I set mine to start up to 12 hours (I think it's 12) from when I leave for work, so that works for me. Now if I could get it to put them in the dryer and fold them...
Click to expand...

Honeywell uses a username and password to protect their TotalConnect system. GPS would be absurd as an authentication measure.

It actually works very well, I use it at all the time, but it is on it's own vlan and could not if it wanted infect the rest of my local network. Could some cloud monkey kick on my furnace? Yes.

When someone makes a COTS internet thermostat that runs it's own server without "the cloud" I'll gladly switch though. I dont mind doing some DIY, but I'm not building my own thermostat for kicks, I have enough projects I'll never get done on my hands.
 
tazeat said:
Honeywell uses a username and password to protect their TotalConnect system. GPS would be absurd as an authentication measure.

It actually works very well, I use it at all the time, but it is on it's own vlan and could not if it wanted infect the rest of my local network. Could some cloud monkey kick on my furnace? Yes.

When someone makes a COTS internet thermostat that runs it's own server without "the cloud" I'll gladly switch though. I dont mind doing some DIY, but I'm not building my own thermostat for kicks, I have enough projects I'll never get done on my hands.
Click to expand...

I didn't say it was for authentication. I said it was for determining location to determine whether or not to turn it on. Thus if you're withing, for example, more than 20 miles from home, it'll set the AC higher or the heat lower. Internet connectivity can be useful, but not on a refrigerator, IMO.
 
You must log in or register to reply here.
Back
Top