Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 | 3 | 4


Glurp
8648 posts

Uber Geek
+1 received by user: 3978

Subscriber

  Reply # 1656938 24-Oct-2016 15:21
2 people support this post
Send private message

Anyone who eats fries on toast deserves to be replaced by a machine.

 

 





I reject your reality and substitute my own. - Adam Savage
 


Mr Snotty
8072 posts

Uber Geek
+1 received by user: 4049

Moderator
Trusted
Lifetime subscriber

  Reply # 1656968 24-Oct-2016 16:07
One person supports this post
Send private message

For my embedded devices I've got a few rules running on my network and also no UPnP enabled.

 

If the device communicates over the network (eg, printer, smart switch, smart LED bulbs) it is on a firewall list that denies internet access.
If the device needs internet access, or internet access is useful and I don't have root / admin access to it (eg, wireless access point, smart TV) it is on another VLAN with full logging with restrictive internet access.
If the device is a PC, mobile device etc requiring the use of intenet access it is on my normal network however there is no UPnP to be offered.
If the device is a server or something directly connected to the internet with port forwards it is seperated from my home network with both firewall rules + VLAN's with security precautions, logging etc in place on the devices themselves.

 

This way, I am not contributing 500Mbit of my upstream bandwidth to a DDOS event. It is harder to manage but this way also my network has a layer of trust. Guests who want internet access get their own VLAN'd wireless connection also.





 
 
 
 


1301 posts

Uber Geek
+1 received by user: 270


  Reply # 1656981 24-Oct-2016 16:31
2 people support this post
Send private message

Like many of you, we were super cautious with our network and disabled everything we could to avoid problems. Until my man was diagnosed with a condition that requires a CPAP machine. This machine is internet-connected and sends data back to the medical company and his doctor. Based on the readings, the medical company adjusts the flow of air and changes settings on the device over the network. This is the most commonly used CPAP machine model in North America with millions in homes across the continent (and elsewhere, no doubt). I'm not going to comment on its security but you can guess what I would say. Users cannot adjust settings. Changes are done remotely. 

 

I was without internet connection for most of the day of the attack, like most of the eastern seaboard. Most sites I normally go to were offline. It was a weird day. Coincidentally, early that morning my man woke up choking. Some time in the early hours his CPAP machine halved the flow and pressure. He couldn't breathe so woke up. He lodged a fault with the company BUT as soon as I heard it was an IoT botnet I thought about that machine. 

 

We aren't just talking non-essential IoT gizmos. How many other medical devices are insecure and connected? Even more worrying, how many deaths could result? 

 

 


21605 posts

Uber Geek
+1 received by user: 4429

Trusted
Subscriber

  Reply # 1656989 24-Oct-2016 16:54
Send private message

The problem with moving things off onto their own vlan that I have found is that many braindead home automation devices will not work across subnets, they use broadcast to find things on the lan and then once found them will use the IP address to control them. If you change network they assume they cannot get them by that IP address and fall back to cloud control of them. Which means the things need internet access and you have latency issues with controlling them.

 

For like controlling the wemo switches from the amazon echo, its the same lan or nothing as they do not go back to the cloud server ever, even for previously discovered devices.





Richard rich.ms

5281 posts

Uber Geek
+1 received by user: 2142


  Reply # 1657055 24-Oct-2016 18:06
Send private message

Thanks for this useful thread.  We are pretty light on the IoT in our household, but have couple of AV deviced that connect to the outside world. 





Mike

13548 posts

Uber Geek
+1 received by user: 6351

Trusted
Subscriber

  Reply # 1657082 24-Oct-2016 20:07
Send private message

Rikkitic:

Anyone who eats fries on toast deserves to be replaced by a machine.


 



Don't knock it till you try it.




Mike
Retired IT Manager. 
The views stated in my posts are my personal views and not that of any other organisation.

 

 Mac user, Windows curser, Chrome OS desired.

 

The great divide is the lies from both sides.

 

 


7580 posts

Uber Geek
+1 received by user: 3997


  Reply # 1657215 25-Oct-2016 09:00
Send private message

BarTender:
Fred99: Get notice from ISP - please disconnect or secure your device "gizmobabycam" within 24 hours, or we'll disconnect your internet connection (or limit your upload bandwidth to 10kb/s until your devices are secure).

That will be a very expensive ordeal to deal with. As hand holding potentially tens of thousands of customers can through that will be time consuming and thus expensive.
Aren't ISPs supposed to just be shifting bits. Since now you're talking about port scanning customers and removing or limiting service. That could be interpreted as a privacy breach.

 

The T&C from your ISP will already allow them to cut or limit connectivity if your net activity, with or without your knowledge, interferes with the network.

 

Isolate the ISP from backlash by setting up an agency to do the discovery under strict protocols, then pass IP addresses and limited details to the ISPs, as they're discovered - not the lot in one huge list.  




Glurp
8648 posts

Uber Geek
+1 received by user: 3978

Subscriber

  Reply # 1657246 25-Oct-2016 09:53
Send private message




I reject your reality and substitute my own. - Adam Savage
 


21605 posts

Uber Geek
+1 received by user: 4429

Trusted
Subscriber

  Reply # 1657402 25-Oct-2016 12:41
Send private message

Yeah good luck recalling 5+ year old crap sold thru ebay and aliexpress to random corners of the world.

 

The re-branders of the XM gear that sold thru target and walmart etc may have some luck, but noone will know that their "H264" DVR is affected by any recall at all.

 

I actually have 2 old analog camera DVRs that came from PB about 3 years ago that is a non-rebadged XM one. No idea who the importer was etc.

 

One had a totally different software to the other. One is only able to have a 6 character password on it.

 

 





Richard rich.ms

5281 posts

Uber Geek
+1 received by user: 2142


  Reply # 1658000 26-Oct-2016 10:22
One person supports this post
Send private message

I have small set of wifi capable devices that need to talk to each other but not anything else. These used to be connected to the main wifi modem-router.

 

Having read this thread I've just switched them over to an old wifi router (not a modem) which they all connect to.  It has no connection to the internet.  Effectively a dead-end router. 

 

I can still connect to the devices with my laptop by connecting to the dead-end router.  If I have to connect a device to the internet for a firmware update or similar, then I can temporarily connect the dead-end router to the main modem/router via a cable.

 

I guess someone could still hack into the dead-end router, but they would be very bored by what they find.





Mike



Glurp
8648 posts

Uber Geek
+1 received by user: 3978

Subscriber

  Reply # 1659003 27-Oct-2016 13:25
Send private message

And now even your doorbell can join in!

 

http://www.geekzone.co.nz/content.asp?contentid=21232

 

 





I reject your reality and substitute my own. - Adam Savage
 


370 posts

Ultimate Geek
+1 received by user: 85


  Reply # 1659018 27-Oct-2016 13:40
Send private message

Rikkitic:

 

And now even your doorbell can join in!

 

http://www.geekzone.co.nz/content.asp?contentid=21232

 

 

I have a fear that the doorbell will team up with the fridge, LED lights, and other IoT devices to overthrow us.

 

Imagine being held captive by your fridge and toaster...




Glurp
8648 posts

Uber Geek
+1 received by user: 3978

Subscriber

  Reply # 1659035 27-Oct-2016 13:51
Send private message

Freeze your fingers and burn your toes. Torture by appliance.

 

 





I reject your reality and substitute my own. - Adam Savage
 


370 posts

Ultimate Geek
+1 received by user: 85


  Reply # 1659036 27-Oct-2016 13:52
Send private message

Rikkitic:

 

Freeze your fingers and burn your toes. Torture by appliance. 

 

 

Beginning to sound like an episode of the walking doge.


2463 posts

Uber Geek
+1 received by user: 735

Trusted
Lifetime subscriber

  Reply # 1659037 27-Oct-2016 13:54
One person supports this post
Send private message

cynnicallemon:

 

I have a fear that the doorbell will team up with the fridge, LED lights, and other IoT devices to overthrow us.

 

Imagine being held captive by your fridge and toaster...

 

You have to really watch those internet connected refrigerators - particularly those with a bar code scanner.  They are cold and calculating.....

 

The toaster is a real hothead.  You can watch him as long as you like, but he'll pop as soon as you turn your back.





"4 wheels move the body.  2 wheels move the soul."

“Don't believe anything you read on the net. Except this. Well, including this, I suppose.” Douglas Adams

1 | 2 | 3 | 4
View this topic in a long page with up to 500 replies per page Create new topic



Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.