Displaying items by tag: IoT

IoT (Internet of Things) devices have long been a source of security concerns. Back in 2012-2014 we wrote a series of articles following the comedy of errors that is the IoT market. At the time I dubbed it the Internet of Fails simply because the companies making these internet connected devices were leaving them so open to compromise. Everything from a lack of encrypted communication with cloud services, to no passwords on administrative functions, to using images that had open files and folders in the firmware were found in popular connected products that were shipped to customers. Supply chain compromises were also found in generous quantities, making the mad rush to connect everything a serious concern.

IoT devices in general are the bane of most security teams. Typically, they lack basic security features and are complicated at best to keep patched. Much of this is due to the process needed to patch them and the rest of due to vendors being slow to push out the updated/patched images. To further complicate this, in the medical world you have the demand for 100% uptime and the ever-popular FDA exclusions that far too many vendors operate under. This usually means that on any given day Medical IoT devices are an attack surface waiting to be attacked.

Technology has brought us a ton of interesting and fun devices. We have smart phones, Smart TVs, Wireta… I mean home personal assistants and even home automated brewing systems. The latter is going to be the subject of our review toady. The concept of home brewing is not new at all. People have been spending lots of money to boil grain (and adding hops) to ferment it into the magnificent substance we call beer. However, boiling grain and inserting hops into your different mash stages can be both boring and time consuming for many. Enter IoT and the concept of the connected device. Beer enthusiasts realized that they could use a certain level of technology to pre-program temperature, mash time, bittering etc. all into a computer and push that information to the cloud. There are a few products on the market that fit this bill, today we will be looking at one of the more popular and efficient systems, the Pico Pro. The Pico Pro is not new technology, but I felt it was time to take look at this from both a “it makes beer” and a technology perspective.

The Internet of Things, or IoT, Connected Devices, Smart devices whatever you want to call them have become a fixture in most homes. It has gotten to the point where you have to look hard to find a device that is not “Smart”. Manufacturers love to push the marketing term smart onto the consumer as it becomes a value add proposal; hey this can do all of this and you can control it using your phone from anywhere. What they do not disclose is exactly how insecure these devices are and how much privacy you can end up giving up just by having them in your home.

The “adult toy” has been around for a very, very long time. They have examples of them going back to the Egyptians and earlier. For thousands of years they were pretty much the same with a few add-ons to make them a little more fun. All of that changed in the 20th century when electronics got smaller along with motors and other items. In the 21st century the addition of small personal area networks and the connected device brought a whole new game to this multi-million dollar industry.

2016 is going to be a year where the connected device really explodes. We thought that IoT (Internet of Things) was bad in 2015, well that is just peanuts compared to what we are going to see in 2016. Everything from lightbulbs to sex toys are going to connect to something for remote control. We took a look at a sampling of products shown off at CES 2016 and will be covering them in a little more detail. We have already looked at some of the better connected adult toys and are now going to take a look at the adult beverage side of things.

It seems that Phillips does not want you to use their hue application with just anyone.  If you are not aware, hue is a system that allows you to control special light bulbs. You can turn them on and off, adjust the temp (color) and much more. To some this sounds like a great idea, and it is pretty cool. However, after a recent firmware update some people are finding that they are no longer able to use hue with just any light bulb.

When things are not quite right you always hope for that “ah-ha” moment when everyone realizes the issue and will actually begin to work on a solution. For connected devices we have been hoping for that since they were first introduced and are still waiting for the industry to have that moment. We thought that perhaps it would happen when a host of connected cameras were compromised allowing people to spy on and even talk to children that were being monitored by them. However, while the hole was covered up with tape (not really fixed) there was no general outcry to have these connected devices secure properly.

This is not the first time that I have spoken out about cloud computing (internet based, or the Internet of Things and the way they are impacting the ability to secure a network. It is also not going to be the last. Simply put, the concept that everything needs to be controlled by a computer and talk back to some sort of internet based cloud show a level of ignorance that should not still be out there. Sadly it is and companies are still trying to push the cloud and connected device mentality despite the inherent and known security flaws that exist.

For a while now (many years actually) I have argued that the rush to turn everything into a techno-gadget has been irresponsible and dangerous. However, companies that are looking into the “Internet of things” simply do not care. They see dollar signs and revenue streams in adding services to their devices that were a one-time purchase before. Because of this they are blindly rushing products to market that are open to attack on a massive scale. Consumers who are ignorant to these flaws are buying them up at a rapid pace leaving themselves exposed to data theft and worse.