Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Bug Communications Networking The Internet

The Internet of Broken Things (hackaday.com) 97

szczys writes: The Internet of Things is all the hype these days. On one side we have companies clamoring to sell you Internet-Connected-everything to replace all of the stuff you already have that is now considered "dumb." On the other side are security researchers screaming that we're installing remote access with little thought about securing it properly. The truth is a little of both is happening, and that this isn't a new thing. It's been around for years in industry, the new part is that it's much wider spread and much closer to your life. Al Williams walks through some real examples of the unintended consequences of IoT, including his experiences building and deploying devices, and some recent IoT gaffs like the NEST firmware upgrade that had some users waking up to an icy-cold home.
This discussion has been archived. No new comments can be posted.

The Internet of Broken Things

Comments Filter:
  • Ummmm ... (Score:5, Insightful)

    by gstoddart ( 321705 ) on Tuesday February 09, 2016 @08:09AM (#51468431) Homepage

    On the other side are security researchers screaming that we're installing remote access with little thought about securing it properly.

    Well, that and the weekly stories we see which demonstrates just how terrible the security of this crap really is. It's not like it's a hypothetical case researchers are warning us about.

    Those of us who have been around long enough know damned well not to take a day-one update, because companies have become lazy and sloppy and don't find out what they've missed until some poor schmuck has it go wrong.

    And now we're supposed to trust a vendor to push out an update to the things which run our homes and have them not screw it up?

    You can keep your interweb of crap, and I'll keep assuming the people making it don't give a damn about security or testing their products.

    The IoT is a model in which all of the consumers are the beta testers, and which security is a farce, if it exists at all. It's all gimmicks and toys, lacking either substance or quality.

    • by Anonymous Coward

      Here's a list of reasons why I don't like the Internet of Things:

      1) Internet of Things devices could watch me while I sleep.

      2) Internet of Things devices could watch me while I pee.

      3) Internet of Things devices could watch me while I make kaka.

      4) Internet of Things devices could watch me while I pleasure myself.

      5) Internet of Things devices could watch me while I wash my body in the shower.

      6) Internet of Things devices could watch me while I relax in the tub.

      7) Internet of Things devices could watch me whil

      • by Anonymous Coward

        Wow!

        I don't like it because it's just going to make things more expensive. Companies are lemmings and when one does puts this crap into their products, everyone else will do the same and of course, charge more.

        It's just another way of getting us to part with out money: it's just a gimmick - for personal use.

        The industrial internet, OTOH, is making industrial processes MUCH more efficient and safer.

      • by geekmux ( 1040042 ) on Tuesday February 09, 2016 @08:46AM (#51468649)

        ...The Internet of Things is creepy to the max and it sounds like it could be very invasive.

        You misspelled profitable.

        And the scariest part about IoT is not how creepy it is.

        It's the fact that not enough humans on this planet give a shit about privacy anymore to stop such an industry.

        Even Edward Snowden is sitting around these days asking himself "Why did I even fucking bother"...

        • You attribute to malice what can be simple ignorance. It's not that people don't give a shit about privacy; it's that normal non-technical people don't realize just how invasive things have become. Despite all of the news items, the little old lady next door keeps needing her computer virus-scanned because she keeps giving out her email address, and was too confused with ad-blocking so turned it off, and forwards on the chain emails that friends forwarded to her. She thinks she's being sensible because s
          • "It's not that people don't give a shit about privacy; it's that normal non-technical people don't realize just how invasive things have become."

            Then how did "I don't care, I have nothing to hide!" become so prevalent?

        • by Burz ( 138833 )

          Here is some of the evidence: IP cam trolling!

          https://www.youtube.com/watch?... [youtube.com]

          https://www.youtube.com/watch?... [youtube.com]

          https://www.youtube.com/watch?... [youtube.com]

          https://www.youtube.com/watch?... [youtube.com]

          There was an epic one from last week where 4 unwanted pizza deliveries showed up at this person's door before the pranker started shouting "GIMMEE MY PIZZA!" and obscenities at the family. But it got pulled.

      • by Anonymous Coward on Tuesday February 09, 2016 @09:26AM (#51468905)

        ...

        27) Internet of Things devices could watch me while I listen to the Backstreet Boys.

        ...

        57) Internet of Things devices could let advertisers use the data unsuspectingly collected about me while I listen to the Backstreet Boys.

        You've got bigger problems than IoT spying.

    • Comment removed (Score:5, Insightful)

      by account_deleted ( 4530225 ) on Tuesday February 09, 2016 @08:57AM (#51468713)
      Comment removed based on user account deletion
      • "And the list goes on. The nest costs 5x-10x more than a low end digital thermostat."

        Why even bother with a digital thermostat, old fashioned analog works just fine.

        • by JazzLad ( 935151 )
          Digital lets me set a different temp in day and night - nice in the winter so I can have it warm up right before we wake up so while we're getting ready it's warm (relatively speaking) and then it rests at a comfortable level. We're only talking a range of 2-4 degrees, so the impact on my utility bill is less than the impact on my comfort level.

          There's always someone home, though, so having one with sensors is way-overkill for me (and not desired - simple digital is perfect for my usage).
        • "And the list goes on. The nest costs 5x-10x more than a low end digital thermostat."

          Why even bother with a digital thermostat, old fashioned analog works just fine.

          Well, if by "works just fine" you mean "uses far more energy than necessary". Being able to schedule different settings at different times is a very good thing, and can save you a lot of money on your heating/cooling bill while still keeping you comfortable. A smarter thermostat that is able to not only operate according to a schedule but to figure out, say, that tonight is particularly cold and it needs to fire up the furnace at 4 AM, rather than the usual 5 AM, in order to get the house to the desired tem

          • You children who need to adjust the thermostat even 10 seconds are so CUTE.... Set it and forget it. You don't need to continually adjust the settings unless you have some kind of serious medical or mental issue....
            • Reading comprehension is not your strong suit, apparently. Why keep the thermostat turned up to daytime temperatures at night? Or when you're not home? You like wasting money?
              • Set it at one temperature and keep it there. 68 degrees (Fahrenheit for those who are temperature-impaired) Big home with lots of people, always someone home at one time or another. Not my fault you like the temp so high you need to adjust it constantly, seek a doctor's help.
              • Reading comprehension is not your strong suit, apparently. Why keep the thermostat turned up to daytime temperatures at night? Or when you're not home? You like wasting money?

                I've always wondered how much money you save. It isn't like the furnace doesn't run for a long time when you heat the place up again.

                I do know that when we replaced our old hot tub that used a programmed thermostat that supposedly saved electricity, with a new tub twice as big, that kept temperatures constant, and we saved a lot of money on our electric bill. That's what people here call "One Data Point so as to say it's wrong, but the old tub took most of the afternoon heating up to temperature. That co

          • So, yeah, if you don't care about savings or efficiency, an old-fashioned thermostat works just fine.

            A couple comments. If you really care

            about saving energy - put on extra clothing and keep the damned thermostat at the lowest level you can. No internet of things needed!

            Maybe, just maybe if you have an extremely OC lifestyle, where you are always at home at the same time, always leave at the same time, always sleep at the same time, and never deviate, you might find, as I did, that there isn't any programming that will help. It is like turning programming of heat or AC into an encompassing hobby.

            So wh

      • by AmiMoJo ( 196126 )

        The cost penalty is just temporary though. Wifi radios are already under $1, and the cost of any service will be offset by profits from spying on users.

      • I would pay 150 for a good plumbed Bunn coffee maker just not a Mr. Coffee with wifi that I can program to run but cannot fill itself so that feature is worthless.

        • Comment removed based on user account deletion
          • I have the Bunn Velocity it may be expensive and not be programmable but damn it makes a good pot of coffee at just the right temperature every time and only takes about 90 seconds to brew 12 cups

      • I think what will kill iot is that it's just frankly too expensive.

        No, that's just the way technology goes: they sell to the people willing to pay premium prices first, then the cheap bottom of the barrel manufacturers get into the action, and the price drops asymptotically toward zero.

        The first hand-held calculators used to cost hundreds of dollars; now you get them free in cereal boxes.

      • I think what will kill iot is that it's just frankly too expensive. A perfect example is the Belkin WeMo line of iot enabled products. [belkin.com]

        * 150 dollars for a slow cooker

        * 150 dollars for a coffee maker

        * 200 dollars for a humidifier

        * 40 dollars for a plugin relay switch

        And the list goes on. The nest costs 5x-10x more than a low end digital thermostat. I have a sneaking suspicion as with almost all other home automation, upper class people will buy it for the novelty but the rest of the world will keep to their "dumb" devices.

        I'm an owner of three low-end programmable thermostats. They work just fine. 2 of them are 4x7 which means, 4 programs for each day of the week. The third is a Mon-Fri *4 and Sat-Sun * 4 programs . They work just fine.

        In heat mode, they have a tiny resistor near the thermistor sensing room temperature. That is an anticipator circuit.
        As the thermostat is located distant from the heat-source, to prevent overshoot of heat setting, that resistor serves to add bias to cause the heat to turn off a half degree

    • Agreed, if you are too lazy to open the fridge to look inside and see what you need from the store, a "smart" fridge to do your thinking for you won't really help.

    • > Those of us who have been around long enough know damned well not to take a day-one update, because companies have become lazy and sloppy and don't find out what they've missed until some poor schmuck has it go wrong.

      Probably the wrong diagnosis. It's not that (all) companies are lazy. It's that testing software is difficult at best and pretty much impossible if what you are testing is complicated.

      =======

      But the right prescription I think. Avoid this stuff if you possibly can. Given any luck the fo

    • My concern about the IoT is not just security and privacy, but with those things as a function of overall management. Let's say for example that my coffee maker is now connecting to the Internet. I now probably have to set up a new account on some web portal run by my coffee maker's manufacturer. Is that site secure? Are they using your email for spam? Is that site leaking privacy information about you?

      Even if those concerns are laid to rest, it's still just another account on another website I need t

  • by BlacKSacrificE ( 1089327 ) on Tuesday February 09, 2016 @08:14AM (#51468453)
    Has the new formatting of HaD had such a bad impact on readership (I no longer go there because of it) that they are now harvesting views via /.?

    It wouldn't be so bad if it wasn't such an obvious conflict gentlemen..
    • by OzPeter ( 195038 )

      This is not a new thing.

      The submitter is a known hackaday shill account, their stories get promoted no matter what their quality, and they never interact with /. other than to submit stories.

      I actually looked at TFA before seeing who submitted it (my mistake) and was left wondering where the content actually was. The whole IoT aspect seems to relate to the Nest debacle. And in general the root cause has nothing to do with IoT, but rather proof that testing physical devices is hard.

      • by AmiMoJo ( 196126 )

        To save others the trouble, it's just boring recollections of rookie mistakes the guy made many years ago, and some general mumbling about old IoT stories we read last year to make it seem vaguely relevant.

        Perhaps instead of endless stories about how bad IoT is, maybe we could think about ways to make it better. I actually build IoT devices for a living (for the water industry) and security is something we think about. We came to the conclusion that, while convenient, over-the-air firmware updates are a bad

        • Aside from the risk of someone abusing that mechanism, the potential for it to fail like it did with NEST is too great.

          Isn't that why modern devices have dual firmware images? Or at least, one firmware image is just a shim that can phone home and fix things that have gone wrong in the main firmware image, or alternatively allow somebody with a PC and a simple set of instructions to connect to it and fix it.

  • The wider the deployment, the harder you have to think about all the cases, all the chances for exploits, and how to recover when it happens. The alternative is going to be government regulation like certain industries already have. The cost of getting things right will pale in comparison to complying with strict regulation from a government agency.

  • by Anonymous Coward

    My mercury switch thermostat has been working reliably for decades. Decades. Never woke up to a cold house when the mercury needed an operating system update either....

    • And my wifi thermostat (not a NEST) has been working for 5 years now with no problems. It replaced a mercury switch one that you could not program for energy savings.
      • Re: (Score:2, Insightful)

        by Anonymous Coward

        False dichotomy: There are many theromstats out there with quite a bit of programmability that are not internet connected in the slightest.

  • by argStyopa ( 232550 ) on Tuesday February 09, 2016 @08:32AM (#51468541) Journal

    ...the IoT is a generally stupid idea, for all the hundreds of reasons that have been repeated here ad infinitum: additional points of failure in systems that benefit very little or not at all from the 'features' added by the new connectivity.

    • Comment removed based on user account deletion
      • For most consumers, IoT seems to be 99% rebranded home automation, which has always fallen flat on its face. It reminds me of 3D movies. We see it every few years then people realize it's a gimmick and we go back to business as usual.

        If you believe this will somehow die off, then you fail to understand where and when consumers will have a choice in the matter.

        Today, you get a discount if you happen to run across one of those companies who offers a car insurance discount for having an IoT monitor plugged into your OBD-II port at all times when driving.

        Tomorrow you won't have an option. It will become a mandatory insurance and liability device.

        That is exactly how this industry will be forced to grow.

        • Tomorrow you won't have an option. It will become a mandatory insurance and liability device.

          It might be cheaper to have drivers who agree to tracking. That's fine - people who don't want to be tracked can pay a little extra (I would, and I haven't had an accident claim in decades). As long as there are people who don't want to be tracked, an insurance company can profit handsomely from it, and there will be a market offering.

          The trouble will become when a government forces insurance companies to require

      • For most consumers, IoT seems to be 99% rebranded home automation

        Not quite. There is significant overlap between IoT and home automation in term of function as the former can take place in gardening, agriculture, industrial monitoring, etc. That is, the functions within home automation are a subset of IoT's functions.

        But let's assume they were the same. The distinguishing characteristic is that IoT attempts to leverage existing communication/network protocols and architectures. That is a big thing (will all the good and the bad of it.)

        which has always fallen flat on its face. It reminds me of 3D movies. We see it every few years then people realize it's a gimmick and we go back to business as usual.

        Is it because the concept is bad

      • For most consumers, IoT seems to be 99% rebranded home automation, which has always fallen flat on its face.

        My Favorite IoT device, I saw on a commercial the other day. Woman is sitting on a couch in a room with windows. She pulls out her smartphone opens an app, and shuts a curtain with it. That in a nutshell, encompasses the entire internet of things.

        Making something you used to simply get off yer ass to do, take a nationwide infrastructure of servers data transmission and apps to acomplish, and eventually some guy in China as well.

    • ...the IoT is a generally stupid idea, for all the hundreds of reasons that have been repeated here ad infinitum: additional points of failure in systems that benefit very little or not at all from the 'features' added by the new connectivity.

      That depends on the implementation. As it is, I wouldn't trust a IoT thermostat, specially after reading that horror story of people finding themselves without functioning heating during the cold snaps. Shit, I don't want to imagine the cost of fixing all that ice-busted plumbing.

      With that said, I would love to see a multi-node thermostat that is affordable (and secure, if it is not, fuck that), adaptive, that learns to program itself, that I can control (securely) over wi-fi, and that its default fall-b

      • " I would love to see a multi-node thermostat that is affordable (and secure, if it is not, fuck that), adaptive, that learns to program itself, that I can control (securely) over wi-fi..."

        I'm genuinely curious: why?
        "Adaptive" - adaptive to what? How many houses do you live in?
        "Learns to program itself" Why? Aren't you going to be there? Don't you ultimately at some point have to tell it "that's too hot, that's too cold"?
        Wifi and Multi-node: I presume you mean "I can control from multiple places" How m

        • " I would love to see a multi-node thermostat that is affordable (and secure, if it is not, fuck that), adaptive, that learns to program itself, that I can control (securely) over wi-fi..."

          I'm genuinely curious: why?

          Fair enough. With it, it would open possibilities of reporting fluctuations over wi-fi which I can then see over one of my smart phones, tablet or laptop. Laziness/convenience kind of a thing.

          "Adaptive" - adaptive to what? How many houses do you live in?

          Fair enough also. This goes along the multi-node feature I was wanting. For a large enough house, I could have two separate A/C systems - one for the living areas, and another for the bedrooms. An initial investment would cost $$$ obviously, but it would save $$$ more over time if I can simply shut either one as needed

  • I don't want my fridge narcing on me to the cops.
  • As with all technology. Just because it exists doesn't always mean that it needs to be implemented.
    For example the eject button on the remote control for your VCR/DVD/Blueray player. Sure it is technically possible, but what is the point. After from your chair you eject the disk, you will still need to get off your butt, to take the media out, and replace it with something else.

    Some devices don't need internet connectivity. Just because when they are soo far away from you they are no longer useful.

  • Look, the idea of a computerized hammer or screwdriver makes no sense for a home tool kit. But for a construction robot programmed to deliver X newtons of force and Y torque, it makes a ton of sense.

    Most of this stuff isn't going to be useful for most people, but I am sure there are people that it will be actually helpful. For example, if you are in a wheel chair, I could see how wanting a remote control built into the wheel chair that controls lighting, heating, air conditioning, locks and unlocks your d

  • "How many times has a Windows update broken something on your computer?"

    I'm pleasantly surprised every time it boots up.

    "Linux used to be better, but lately, I dread updates, especially major ones because they sometimes will stop my machine from even booting, triggering a big debugging session" ref [hackaday.com]

    You update a production machine with no known method of restoring to a working system?
  • Washer, dryer, dishwasher, refrigerator, thermostat, lightbulbs? Toasters, stove, oven, even? Toilets, for fucks' sake? There isn't a single valid reason so far as it concerns me specifically for them to be connected to the gods-be-damned Internet. It's just more expense, more complexity, more things that can go wrong or break. It's all solutions-in-search-of-a-problem; it's marketing people that overheard someone talking about connecting something novel to the Internet, and like retarded marketing people t
  • I'm really confused why most commenters here have such a negative viewpoint on IoT.

    Many comments about "security is terrible", "I don't need internet connected devices, my X device works just fine."

    OK, then --don't-- buy it. But you have to realize that the market going through development of products to find consumer desire is a GOOD thing.

    Maybe 97% of all the devices end up going away (by the way, without a dollar that I spent on them). But those 3% of devices might actually be helpful and worth the cost;

    • The problem is that 3% that make it though are not likely to be secure, or even useful consumers don't pick based on that they pick based on hype.

      There is a frustration the average consumer is not even aware that they are introducing a security risk, for minimal amount of gain.

    • I'm really confused why most commenters here have such a negative viewpoint on IoT.

      Many comments about "security is terrible", "I don't need internet connected devices, my X device works just fine."

      OK, then --don't-- buy it. But you have to realize that the market going through development of products to find consumer desire is a GOOD thing.

      So was Thalidomide at one point.

      Branding people who complain about the IoT as luddites is the wrong approach. Yes, there are plenty og "get off my lawn!" types here, but a lot of us aren't, and merely see a very bad situation in the offings here.

      It isn't that programmable devices haven't been around before. I tried a few, and they just were not practical.

      Now, we need a Internet connected jar? http://skelabs.com/ [skelabs.com]

      An internet connected bottle? http://www.hidratespark.com/ [hidratespark.com]

      A belt. A fucking belt tha

      • Then just don't buy it... That's some crazy hate for crap out there.

        • Then just don't buy it... That's some crazy hate for crap out there.

          Of course I won't buy it. But just like I'm going to warn people against timeshare condos, I'll warn them against the IoT.

          It could save thier lives, because someone so stupid as to need a glowing light on their water bottle connected to teh intertoobz to remind them to drink water, could be killed by water intoxication when it gets hacked, id glows steadily.

          That was a joke son.... at least I hope it was.

  • Just as only wealthy ancient Romans could afford lead pipes, only wealthy individuals now can afford these silly expensive "connected/smart" appliances, so we're in an odd situation where being well off affords you much more risk of being hacked. Everyone else will be just fine with their hardwired home controls.
  • I hadn't even thought of *that*. Let's ignore the blue screen of house death in the middle of winter, let's consider that your wifi and tv all have static, because those idiot things that were supposed to clean your ducts broke down in there, with so much dust, and two years later, they're still online complaining. And they've been hacked by the 16 on the other side of the block....

                    mark

  • I'm reminded of Jeff Goldblum in Jurrasic Park. "Ok, just because you've figured out how to do this, did you stop and ask yourself *why* you're doing this?"

    Frankly, I'd be happier if the internet could work as expected, *before* they start adding more crap.

    How many times have I clicked on a headline at Google News, only to have the article never load at all (because it's waiting for some ad server to respond, which never does).

    How many times have I tried to access something with my phone, only to have the r

    • Frankly, I'd be happier if the internet could work as expected, *before* they start adding more crap.

      You sir, have completely owed the entire discussion.

      Because the IoT cannot ever be any safer or more secure than the rest of the internet. Which is not at all.

      Ever wonder if we're going to get Ransomware during cold snaps threatening to turn off our heat if we don't pay them some amount of bitcoin? Easy Peasy.

  • There are a few interesting and useful applications for IoT. Home security systems and remote medical devices, for example. But for the most part, it's just an excuse to charge you more for a product. Do I really need my lights, air conditioning, sprinklers, refrigerator, coffee maker connected to the Internet? Yeah, some of it's cool, but is it worth the added risk?

    • There are a few interesting and useful applications for IoT. Home security systems

      One thing I always wondered about. Xfinity has ads about their home security systems. Mommy is sitting at work, and is so pleased to see the children getting home from school. Now of course, just like facebook, the addicted will end up constantly checking to make certain everything is okay. But that isn't my question.

      If I remember correctly from my teenage years, a lot of us run around not highly clothed at times. So now when Xfinity send out some onlne video of 15 year old Tiffany traipsing around al fr

Never tell people how to do things. Tell them WHAT to do and they will surprise you with their ingenuity. -- Gen. George S. Patton, Jr.

Working...