Why your next Echo command should be: ‘Disconnect me from the internet’

“Dr. Herbert Lin, one of the nation’s pre-eminent thinkers on cybersecurity policy, shuns the internet-connected devices that fill some American homes,” Tim Johnson reports for The Sacramento Bee. “He’ll have nothing to do with ‘smart’ refrigerators, hands-free home speakers he can call by name, intelligent thermostats and the like.”

“Part of what he distrusts is the ‘internet of things,’ and the ease with which hackers can penetrate ‘smart’ devices with digital worms and shanghai them into massive robotic networks to launch crippling digital attacks or generate ever greater quantities of spam,” Johnson reports. “It is a mistrust based on mathematics. Internet-enabled devices are exploding in number. Gartner, a research giant in technology, says the devices will climb from 6.4 billion at the end of last year to 25 billion by 2020. Such growth sharply augments the power of hidden robotic networks, or botnets.”

“Many consumers don’t realize that internet-enabled devices are unregulated and insecure – simpleton digital recruits in potential malicious armies,” Johnson reports. “A botnet already made headlines once. Last Oct. 21, a botnet slowed internet activity to a crawl along the Atlantic Seaboard. A hacker using a malicious worm dubbed Mirai – Japanese for ‘the future’ – took over thousands of internet-connected security cameras and other seemingly innocuous devices and ordered them to fire relentless digital ‘pings’ at a New Hampshire company, Dyn, that oversees part of the backbone of the internet. Dyn was overwhelmed, and popular sites such as Twitter and The New York Times were temporarily inaccessible.”

Read more in the full article here.

MacDailyNews Take: The article doesn’t mention Apple’s HomeKit. It should, if only as a counterpoint, because Apple’s HomeKit is secure. Millions upon millions of insecure Android IoT devices are the problem, as usual.

If it’s not HomeKit-compatible, it’s not going in our homes or offices.MacDailyNews, January 9, 2017

For home automation, smart people go the HomeKit route.MacDailyNews, March 2, 2017

Apple HomeKit-certified devices are listed here.

SEE ALSO:
Hidden backdoor discovered in Chinese IoT devices – March 2, 2017
U.S. FTC sues D-Link for failure to secure webcams, routers from online attacks – January 9, 2017
DDoS attack: Apple’s HomeKit for a safer smarthome – October 24, 2016
First case of Android Trojan spreading via mobile botnets discovered – September 5, 2013

Google Pixel phone completely pwned in 60 seconds – November 11, 2016
Android malware that can infiltrate corporate networks is spreading rapidly – September 30, 2016
Over 10 million Android phones reportedly infected with Chinese malware – July 5, 2016
Apple’s revolutionary iPhone is nine years old – and still no significant malware outbreaks – June 29, 2016
Android malware hits Aussie bank customers, iOS users unaffected – March 10, 2016
Android malware steals one-time passcodes, a crucial defense for online banking – January 14, 2016
New Android malware is so bad, you’d better off buying a new phone – November 6, 2015
Apple issues iPhone manifesto; blasts Android’s lack of updates, lack of privacy, rampant malware – August 10, 2015
New Android malware strains to top 2 million by end of 2015 – July 1, 2015
Symantec: 1 in 5 Android apps is malware – April 25, 2015
Kaspersky Lab Director: Over 98% of mobile malware targets Android because it’s much, much easier to exploit than iOS – January 15, 2015
Security experts: Malware spreading to millions on Android phones – November 21, 2014
There’s practically no iOS malware, thanks to Apple’s smart control over app distribution – June 13, 2014
F-Secure: Android accounted for 99% of new mobile malware in Q1 2014 – April 30, 2014
Google’s Sundar Pichai: Android not designed to be safe; if I wrote malware, I’d target Android, too – February 27, 2014
Cisco: Android the target of 99 percent of world’s mobile malware – January 17, 2014
U.S. DHS, FBI warn of malware threats to Android mobile devices – August 27, 2013
Android app malware rates skyrocket 40 percent in last quarter – August 7, 2013
First malware found in wild that exploits Android app signing flaw – July 25, 2013
Mobile Threats Report: Android accounts for 92% of all mobile malware – June 26, 2013
Latest self-replicating Android Trojan looks and acts just like Windows malware – June 7, 2013
99.9% of new mobile malware targets Android phones – May 30, 2013
Mobile malware exploding, but only for Android – May 14, 2013
Mobile malware: Android is a bad apple – April 15, 2013
F-Secure: Android accounted for 96% of all mobile malware in Q4 2012 – March 7, 2013
New malware attacks Android phones, Windows PCs to eavesdrop, steal data; iPhone, Mac users unaffected – February 4, 2013

14 Comments

  1. I’ve recently discovered an open project called Home Assistant that runs as a server on your computer and communicates to a growing list of your smart devices — even if you don’t want them to access the internet.

    It pretty much lets you do most of the smart home stuff if you don’t want your devices accessing the internet (unless they require internet connectivity to work).

  2. “He’ll have nothing to do with ‘smart’ refrigerators, hands-free home speakers he can call by name, intelligent thermostats and the like.”

    Sounds like Apple is looped in at minimum, from the stand point: “Dr. Herbert Lin, one of the nation’s pre-eminent thinkers on cybersecurity policy, shuns the internet-connected devices that fill some American homes,”

    He’s holding a Ted Kazinsky – vision… So simply stating Apple is good by omission is a bit of a fallacy.

    I am non-judgemental at this point, not having much of any IOT devices, still waiting for HomeKit devices that “speak to me,” so to speak.

  3. Time for people to learn how to use the firewall in their routers to ‘hide’ their IoT home devices from the larger Internet. And/Or have manufacturers make it even easier for users to configure their home routers.

    1. Customers shouldn’t have to “learn” how to use obscure command-level codes or mess with firewall settings. This isn’t the 1970s. If products are “smart” enough to get online, they should be “smart” enough to protect you automatically. If not, there should be class-action lawsuits that force manufacturers to improve their products’ basic functionality or be sued out of business.

      1. As we’ve been chatting around here recently, customers ARE NOT going to “learn” anything complicated about their computerized devices. They just want on ON and OFF switch. The rest should be built in.

        I’m not sure current law is sophisticated enough to support class-action lawsuits against purveyors of insecure IdiOT devices. I believe there would first have to be laws requiring computerized device security. Whether reliable computerized device security is even possible remains a question, here in the Dark Age of Computing.

    2. Many IdiOT devices depend on connection to the Internet in order to provide their function. If you lock them up behind a firewall, they are no longer IdiOT devices.

      Instead, the current thinking is to let the IdiOT devices connect to the Internet WAN (wide area network) but NOT to the LAN (local area network). This requires a device isolating router, of which there are a few available. The result is the if/when an IdiOT device becomes infected, it can’t pass it’s shite along to any other devices on the LAN. It can become a bot, but it can’t infect other LAN devices into becoming bots as well, etc.

      The solution, of course, is to build actual security into IdiOT devices, rather than the moronic way they’re typically designed at this point. IOW: Responsible Design, vs ‘fast buck’ shite design.

      1. You are expecting for profit capitalist corporations to do what is in the best interest of the consumer? What are you, crazy? there is money to be made.

        Back when the internet was a new, shiny thing I doubt any of us got a brochure from our ISP that the long term intent of most companies involved was to turn it into a data mining and advertising delivery system 24/7/365. And you just shout it was neat way to read the paper for free or whatever.

        Folks the Internet of Things can be either a steaming pile of shit or a really cool and useful thing, but it cannot be both at the same time. Quality costs money and there is a lot of overpriced shit out there for the Sheeple to buy.

        Maybe it is generational, but for the life of me I cannot imagine why my refrigerator needs an internet connection. I do have some home automation using HomeKit, but it is very limited and is isolated from the rest on the second (normally a guest network) network at my house- isolated from my other devices.

        1. Throughout this game we play called ‘finance’, of which capitalism is a part, there have been intelligent, humane human beings who’ve done it right. I hang out with Apple fanatics and buy Apple gear because Apple (usually) does it right. Steve Jobs and Woz have been fanatics about doing it right. (Blunders acknowledged).

          I recognized the modern bad biznizz attitude (neo-Machiavellian customer abuse) when I was a kid. It is now a cultural meme, a zeitgeist, a plague. Scour out all the money available in the short term and the long term be damned. That is our general biznizz culture of today. It is exactly why we had the 2007 ‘Great Recession’. (Yes, it began in 2007).

          Stupid people with irresponsible attitudes create IdiOTic crap. They demean humanity, especially themselves. Well meaning people, such as parents, get burned, such as by having their baby monitors broadcast across the Internet.

          Those of us who comprehend technology can and should point out the potholes and sinkholes that average people can’t see. We should assist in kicking the backsides of the blithering IdiOTs who pull these con-jobs. With the right personal positive attitude, kicking ass can be quite fun and rewarding. It’s one reason I put up with this loony bin.

          1. There is an increasing amount of abuse of customers on the Apple platforms. In-App Purchases have been engineered to mine the wallets of consumers in many cases. The abandonment of apps people have paid for before the plague of in-app purchases to push similar apps with in -app purchases in bullshit.

            Still have no god answer why a Bluetooth and WiFi equipped Mac desktop cannot be a home server for HomeKit and why no HomeKit app exists for the Mac platform. Some of us prefer a real screen to squinting at a damn iPhone (I am 55 with a good case of Presbyopia).

            Apple also has a shitty track record of dropping stuff with little of no notice. As a customer of Final Cut Studio, nothing is like spending a small fortune on a Pro Suite of Software and finding it abandoned with no upgrade discount. Same with Aperture, we were abandoned with little notice. Same with the Mac Pro Workstation- they dumped a real workstation for a string exercise and screwed over some of there most loyal and high spending customers. I got screwed on Logic Studio, Final Cut Studio, Aperture and am still using a Mac Pro from 2010 which they piss away money on store redesigns and watch bands.

  4. Here’s the trick that gets you…. You don’t have to be a Dr., or a pre-eminent thinker on cybersecurity policy to shun internet-connected devices.

  5. “The article doesn’t mention Apple’s HomeKit. It should, if only as a counterpoint, because Apple’s HomeKit is secure.”

    Well there is such a small about of devices using homekit and so few users, it really would make a difference. Homekit is really unfinished technology, buggy and at some point will be abandoned by Apple. Forcing people who jumped on the train to repurchase and entire house of smart devices.

    Apple Homekit should support Zwave and a couple of other standards. Maybe then they’ll gain some ground.

    Remember it doesn’t make Apple much money, so at some point it will be abandoned.

  6. Internet
    Of
    Trash

    A vigilante is putting a huge amount of work into infecting IoT devices
    When it comes to features and robustness, Hajime surpasses its blackhat rivals.

    “If Hajime is a glimpse into what the future of IoT botnets looks like, I certainly hope the IoT industry gets its act together and starts seriously considering securing existing and new products,” Geenens wrote in a separate post. “If not, our connected hopes and futures might depend on … grey hat vigilantes to purge the threat the hard way.”

  7. It’s bad enough we spy on each other with our phone Cameras…now to install a device that listens to every word spoke in a private residence? Ridiculous!

  8. Most consumers don’t ‘realize’ much of anything. So long as they can keep consuming, don’t have to expend much effort, and don’t have to use their brains much, they are perfectly happy. The Echo and its ilk are an indication of de-evolution, not progress.

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.