The latest post on HomeKit You seem to like it very much, my followers have gone up from 7 to the friolera of 11… but Do you really think it’s really necessary to have so many devices connected to the Internet? The automations I told you at the previous entry for the control of lights, boiler and heaters at home It’s pretty useful… The idea that the fridge will tell us that we have run out of milk is not bad (but it is because the milk is
And someone drank it… that someone already knew the milk was over), but Looks like we’re out of hand about connecting things to the Internet. to send us statements and notifications and few people have stopped to think about the dangers of the IoT.
What’s that IoT thing?
All these devices connected to the Internet for one purpose or another is what is known as the IoT, the Internet of Things or the Internet of things. And it has come to make life easier: there are intelligent washing machines that warn us to the smartphone when the laundry is finished (useful as long as you are close, because if you tell me that it is finished when I am in the office… little I can do), the first connected electric cars tell us the state of charge of the battery, the autonomy and if it’s too cold we can even turn on the heating so that when we get down to the car it’s warm,… p
er What the IoT is doing is filling the house with vulnerabilities..
If the normal user already has difficulty installing the updates recommended by the computer operating system, he / she has the mobile with new versions of iOS or Android pending to install and chorrosotohundred applications without updating… Do you really think they’re going to check regularly if their connected devices have the latest firmware version? Of course not, and that’s going to result in non-updated devices connected to our network, with the consequent danger of information leaks, unwanted access and attacks.
I’m not just talking about attacks linked to vulnerabilities, We’re also talking about privacy. as in the example of my vacuum robot, which is generating (saving and sending God knows who) the map of the house to be able to see its progress through an App but that if someone had access to that information I would not only see the full map of the house, but could come to know when there is someone at home by the detection of objects that are reflected in the map, including closed doors and people who pass through the laser that uses the vacuum robot to detect walls and objects.
Moreover, some of these devices that connect to our network using ‘safe’ protocols like WPA2 will never be updated and will drag vulnerabilities like the one we saw a few months ago when a possible intruder could capture traffic from our network and analyze it quietly… it is true that it cannot connect directly to our wifi, but it does capture all the traffic of this and thus have access to usernames and passwords, services we use, conversations in unencrypted messaging apps, etc.
Serious vulnerability in the Xiaomi skateboard
For an example, these days we are talking about a vulnerability in Xiaomi skates (yes, the one we all know because you see dozens in the streets) through which a possible attacker could send orders to speed up or stop abruptly if found in the range radius of the bluetooth of the skate (about 20 meters). Of course you can also take it if you’re not tied up anywhere, you have all the information and some more detail.
The solution in this case is simple, simply add a password to the My Home that is used for skate management so the attacker cannot easily connect to the cache… and of course update as soon as Xiaomi publishes the firmware update, the operating system that controls the skate. But you’ll see how in a few months there’s still a lot of skates that are still vulnerable because their owner hasn’t updated it.
There are more curious vulnerabilities than this and with a much more alarming impact: A few months ago, they stole the database of users of a casino in Las Vegas that they didn’t want to give their name because they accessed the network thanks to a vulnerability in the thermometer of an aquarium that was connected to the Internet. An aquarium thermometer connected to the Internet!!! Yes, it will certainly be very useful to know from a distance the PH of the water and the temperature, but it was necessary to have
of a remote access to this thermometer?! Wouldn’t it have been enough for him to send us a notification that we were always in the same LOCAL RED? It is of little use to us to know that the water is too cold for our tropical fish if we are miles away, right?
The solution: Updates, Updates and Updates
But This doesn’t mean we shouldn’t connect devices to interact with each other.. I’d like to be able to tell my vacuum robot to stop by when there’s no one at home or if my cell phone and my wife’s are more than X kilometers from home, instead of creating a basic ‘pass by every day at 9: 30’ routine. What we must bear in mind is that all these devices will suffer vulnerabilities such as our mobile phones or all-life computers and will therefore need to be updated. And the responsibility to update them is ours, not the manufacturer… the manufacturer may recommend us to
and will make available to us the necessary means for it, but it will not launch an automatic update on all these devices, so we will be the ones who We’ll have to do it regularly just like we change all the passwords at least once a year, right? Especially the passwords of the objects / devices / networks we share with someone.
Uy, ahora que me acuerdo, este año también se me ha pasado el Security Day….
Jajajaja, estamos a 14 de febrero, aun llegas a tiempo!
Ostras, yo tengo un patinete,