A "Public Health" Approach To Internet of Things Security 48
New submitter StewBeans writes: Guaranteeing your personal privacy in an era when more and more devices are connecting our daily lives to the Internet is becoming increasingly difficult to do. David Bray, CIO of the FCC, emphasizes the exponential growth we are facing by comparing the Internet we know today to a beachball, and the Internet of Everything future to the Sun. Bray says unless you plan to unplug from the Internet completely, every consumer needs to assume some responsibility for the security and overall health of the Internet of Everything. He says this might look similar to public health on the consumer side — the digital equivalent of hand washing — and involve an open, opt-in model for the rapid detection of abnormal trends across global organizations and networks.
No. (Score:1)
Thanks.
IoT is a bad idea.
Don't assign responsability to my grandmother for patching kernels using interfaces made by hardware people.
I love the idea of connected devices BUT... (Score:5, Insightful)
It will be a cold day in hell before I will accept having to authenticate to a 3rd party outside my network to access or access data that my devices generate on someone elses servers or devices. When I am able to open ports in my own firewall and access my devices and data directly without having to ask someone elses permission then internet of things will be a go for me. Until then I'll be a technically savvy luddite.
Re: (Score:3)
Exactly.
I could see News like in this ... in 2030s:
"An elder starved to death after his refrigerator got hammered by a DoS (Denial of Service) by hackers and was unable to open the fridge."
or
"Hackers are wrecking havoc with consumers as they find their refrigerator keeps turning off and are forced to re-buy all their frozen food. Local supermarkets are staying mum for fear of retaliation."
And there is the potential of all the EF spectrum "pollution" as all these stupid IoT devices are constantly broadcastin
Re: (Score:3)
I can see the future /. complaints as well:
"I just bought a fridge, and they demand $25 a month to allow the door to be opened after 9:00 PM, and the ice maker to work 24 hours. I am just tired of watching the same ads for 5 minutes before it allows the door to be opened."
"My doorbell won't stop playing ad jungles unless I pay $10 a month for the ad free experience."
"Time to reboot all the light switches. Some botnet got installed and is using them for NarfCoin mining."
"Just had my health insurance premiu
Re: (Score:1)
Re: (Score:1)
Re: (Score:2)
But then how are the manufacturers supposed to make money by mining all the data they collect from people?
Re: (Score:1)
You cheap freeloader! You didn't pay enough up front for your application/car/phone/device, for the CEO of the manufacturer to keep in hookers and coke for the rest of his life. Clearly, you need to keep paying, at least until the device is no longer able to function. And then you need to buy a new one, immediately.
Does not match TFA (Score:2)
I agree with you, but it misses the crud (my opinion) which is TFA. TFA claims that we are all responsible for being good citizens and policing the internet because IoT and such. Which is crud because it lacks a sense of reality. Bad guys do exist, and people do bad things, regardless of how the rest of society is living.
If what TFA said was true, simply agreeing to give banks the ability to build vaults would have stopped all robberies. Countries that have outlawed guns for citizens would be completely
Re: (Score:2)
The answer is for anything on the Internet to be protected, and if it can't be protected it should not be on the Internet.
That's fine and good in principle. The public health equivalent would be that "anything in public is vaccinated, and if it's not vaccinated it should not be out in public."
Until you get the anti-vaxx blowback, the hysterical screaming, authorities caving in.. and then the next sweeping pandemic.
The internet is becoming the next public forum, and inevitably public hygiene debates will b
Re: (Score:2)
The bad guys are one thing, but in reality they aren't that much of a risk because they're pretty rare. The inconsiderate, careless, drunk, incompetent and downright stupid are more dangerous simply by sheer weight of numbers.
Re: (Score:1)
Re: (Score:1)
Re:Consumers wont... (Score:4, Informative)
When the masses decided on gaming, we went from games like Origin's with new IP every few months, to games that cost ten times as much (if you factor the DLC required) and are the same IP as last year. They decided that waiting a little bit more for a relatively bug-free version of a game isn't worth it, making the game industry with its, "it compiles, ship it!" mantra the de facto standard of today.
When the masses decided on smartphones, they went from units that had a week of battery life and had a nice slider keyboard (which was quite useful when doing SSH tasks) to error-prone tapping on a touchscreen, and battery life that doesn't last a workday. Yes, newer smartphones are so thin, they only have one side, but so much was sacrificed so that the devices can be thin, as well as run the latest version of real time rendered Chainsaw Crush at 60 FPS. It would be nice to not have as powerful a CPU in return for a phone that can easily fit in a standard pocket.
When the masses decided on what the Internet looks like, out went newsgroups, mailing lists, Web forums, and IRC. In return, we have Facebook, and Twitter.
Re: (Score:1)
Shame about the games and phones, but...
When the masses decided on what the Internet looks like, out went newsgroups, mailing lists, Web forums, and IRC. In return, we have Facebook, and Twitter.
These things are at least still around. Not as big as they once were, but depending on your areas of interest some are surprisingly active still. I actually know people who still use newsgroups! In particular on IRC, I find that while the number of active users has fallen, the signal to noise ratio in many places has risen - a big chunk of the people who left were the annoying trolling kids who are now bothering people through all the newer platforms instead.
Re: (Score:2)
When the masses decided on what the Internet looks like, out went newsgroups, mailing lists, Web forums, and IRC. In return, we have Facebook, and Twitter.
Which have begun to add in newgroups, mailing lists, forums and chats...
Re: (Score:2)
When the masses decided on gaming, we went from games like Origin's with new IP every few months, to games that cost ten times as much (if you factor the DLC required) and are the same IP as last year. They decided that waiting a little bit more for a relatively bug-free version of a game isn't worth it, making the game industry with its, "it compiles, ship it!" mantra the de facto standard of today.
Maybe. I think the masses eat what they're fed. The above came about because game publishers wanted a revenue stream. It's like software licensing today. It's all subscriptions because software has outstripped its usefulness (Microsoft Office was a finished product 10 years ago) and companies are rent seeking to keep the money rolling in.
Public Health? (Score:1)
It strikes me that this is a bit unrealistic. The largest number of devices out there are designed for consumer use to consumer standards, which I think will mean massive security holes in the interests of quick to market and lowest prices. And the people that these are marketed to will not have even the smallest chance of keeping their devices cheap or noticing that anything is out of the ordinary until it is way to late. If you want a comparison to public health, think about the likelihood of an illite
WTF? (Score:2)
This is gibberish. lol.
unplug from the internet (Score:3)
Re: (Score:1)
Personal privacy and the Internet of Things .. (Score:2)
Waffle, how about designing 'computers' that can't be compromised by opening a malicious attachment or clicking on a malicious URL. ref [crash-safe.org]
Actually you can (Score:2)
Better Priorities (Score:2)
Yeah right (Score:1)
How much longer do we have to put up with this Internet of Things nonsense until it goes away?
Re: (Score:2)
Until they find a worse term for it.
Re: (Score:1)
It's not going to go away, nor should it. The only question is whether we're going to do it RIGHT, and every screeching whiner like you decreases the chance of that.
every consumer needs to assume some responsibility (Score:2)
"every consumer needs to assume some responsibility"
Really? When *I* go online, yes, I have to assume some responsibility.
I hold the "things" up to the same standard: when the "things" go online, *they* have to assume some responsibility. It's not my f***ing fault if my fridge wants to surf the web, it's the fridge's fault.
Re: (Score:2)
No, it's your fault for bringing a device into your house that has the potential to be compromised and spread misery to others without knowing enough about how to maintain its security through patches and other available upgrades. If you can't determine if that device is secure enough, don't buy it. If the manufacturers see that security is important to their customers (in other words, bad security is starting to cost them money, which is the most important thing, forget that 'quality' or 'security' shit)
Re: (Score:2)
So basically I'm responsible, because I didn't write the firmware, and instead it was written by an idiot? Like someone who runs Windows, and is therefore able to turn off Windows Update because it exists in the first place, and could be the very channel which, by means of DNS cache poisoning and/or router compromise and/or BGP poisoning, was the means to infect the thing in the first place?
How about we hold the idiot who thought giving the fridge a routable address via NAT off the local network in the fir
Re: (Score:2)
You are responsible for what you can do. Of course you're not responsible for the firmware, but you have a responsibility to update it if it needs it. Balance the benefits WU gives you versus the risk in shutting it off for the average mouth breather; you can't save everyone but the chance of a compromise through WU is much lower than the risk of running an un-patched Windows machine. Leaving WU in its default state is the responsible thing to do, and that's the kind of responsibility I'm talking about.
Secure devices, securely accessed (Score:2)
When they start making devices based on Genode, and can generate a Private/Public key pair for authentication by pushing a button, and share the public pair via a local web page... I'll be interested.
As long as these things are running some version of Linux, Windows or that ilk, they won't be secure, no matter how many updates and patches you apply vigorously.
wrong approach (Score:2)
What we need more is a base model of distrust.
The primary design error in networking was to trust other devices. If we had designed networking from the start under the assumption of malicious intruders, we would have things like "to do anything, you need a token that proves you're allowed to do it". It would be in the protocols.
On embedded devices, I want a networking stack that will cryptographically check all incoming packets, and at the lowest level discard them if they don't carry a valid token. Nothing
Responsibility? (Score:2)
This is not going to be reasonable or even possible when devices are using obfuscated or poorly documented protocols which is becoming more prevalent. The best that the consumer will be able to do is isolate every device from every other (with a VLAN switch or equivalent) and block all incoming connections.
For example with Win
Thanks for the useful article (Score:1)