I don't want to seem like I'm arguing with you, Rick, because you don't
claim any particular expertise in IoT. I, on the other hand, claim to
be pretty familiar with the Internet of Things and the underlying
technologies. Programming a Thing on the Internet is what I do for a
living. Besides, I've not heard the NPR report to which you refer, so I
cannot comment upon it.
I still don't think the statement "Most of the IoT devices have
rudimentary processors not capable of high level security" is true.
Even if it is true now, it won't be true in the very near future because
the security issue with the IoT is, at its core, a people problem, and
as the people building these things become more sophisticated, their
solutions will, too.
If you want a high-level takeway from this, it should be this: Don't
ever consider using an Arduino (or a CANMIC) on an Ethernet network.
Use an ARM based board (like the "CHIP" or the Raspberry PI or the
Beaglebone Black or whatever--there are literally scores of boards
available) instead. Not only can you run whatever protocols you want on
those boards, they're cheaper than the Arduino Ethernet Shield.
On 2/12/2017 10:31 AM, Rick Hiller -- W5RH via BVARC wrote:
Yes, well stated, but, apparently, not the take of some security
analyists. NPR had a show about it back in December, where the
security expert stated pretty much what Nizar said. Don't know if it
was the Technology Weekly or ATC show.
W5RH
Rick Hiller
/The Radio Hotel/ -- W5RH
On Sun, Feb 12, 2017 at 8:28 AM, Gary Sitton via BVARC
<[email protected] <mailto:[email protected]>> wrote:
Very well put!
Gary, K5AMH
Sent with AquaMail for Android
http://www.aqua-mail.com
On February 11, 2017 8:59:40 PM Jonathan Guthrie via BVARC
<[email protected] <mailto:[email protected]>> wrote:
Where did you get the idea that the "rudimentary processors" are
not capable of "high level security"? Or, for that matter, that
that was a significant barrier to security in the Internet of
Things? While it is true that processors like the Atmel AVR
processors (to pick a widely-used family) are pretty wimpy, but
they are sufficiently wimpy that you're not going to connect them
directly to the Internet because you really can't. Once you have
a processor that can natively handle a TCP/IP stack, then it is
by definition capable of handling all of the higher-level
security protocols. Systems on chip that are powerful enough to
boot Linux (or NetBSD or, I suppose, Windows) are available for
under $1 in Q1000, so cost really isn't a factor.
My perspective is that there are two main problems that cause
insecurity in the Internet of Things. First, the firmware in
these devices is generally not updated once they are purchased.
Well, reason 1B is that the firmware is often (well, okay,
always) released with defects in it that have security
consequences. The second reason is that much of the programming
on these devices is done in a "sea of bits" language like C, or
C++. Using a language like that means that nearly any defect has
security consequences. I suppose that you could add a third
reason (although I think that it's implied) which is that we
really don't know what we're doing when it comes to writing
defect-free software, and few people really understand secure
programming all that well.
The thing is, updating is itself a tricky proposition, and the
updates are just as likely to contain defects with security
consequences as what they're replacing and there's no guarantee
that your updated device will work the same (or even at all)
after the update as it did before, so merely providing a
mechanism for doing an update is no guarantee that your device
might eventually be made secure.
On 02/11/2017 04:09 PM, Nizar Mullani via BVARC wrote:
You are absolutely correct about security being a problem with
IoT devices. Most of the IoT devices have rudimentary processors
not capable of high level security.
Just imaging some hackers from China or Russia hacking into your
device at home and turning the temperature way up in the summer.
Or, shutting down your car while driving in Houston traffic.
Total DISASTER. Total CHAOS.
*From:* BVARC [mailto:[email protected]
<mailto:[email protected]>] *On Behalf Of *Bruce via BVARC
*Sent:* Saturday, February 11, 2017 4:04 PM
*To:* BRAZOS VALLEY AMATEUR RADIO CLUB <[email protected]>
<mailto:[email protected]>
*Cc:* Bruce <[email protected]> <mailto:[email protected]>
*Subject:* Re: [BVARC] Presentation of Internet of Things (IoT)
at the Houston Hamfest
security is a big concern. that is why there are only about 100
approved devices for apple homekit vs. google's 250 devices.
apple devices must be secure. i like my wemo switches but they
are not secure. in my new house i have all homekit approved
devices for the security. from the ecobee 3 thermostat, to all
my phillip hue bulbs and ecobee motion/heat sensors.
73...bruce
Sent from my iPhone
On Feb 11, 2017, at 3:32 PM, Nizar Mullani via BVARC
<[email protected] <mailto:[email protected]>> wrote:
We are very fortunate to have Professor Edgar Sanchez-Sinencio
from Texas A&M present a lecture on Internet of Things (IoT) at
the Houston Hamfest.
The best definition of IoT is “connecting everything to
everything.” It is an exciting area that is growing very fast.
It will soon be part of our everyday life – whether we like it
or not. So, join us for this lecture and get acquainted with
IoT. Learn about what is coming in the future and discuss how
this will impact Ham Radio.
Please plan to attend this important presentation. You can read
the attached pdf file for more information or go to
www.Houstonhamfes.org <http://www.Houstonhamfes.org> . Learn
more about IoT by Googling it.
Nizar K0NM
<IoT.PDF>
_______________________________________________
BVARC mailing list
[email protected] <mailto:[email protected]>
http://mail.bvarc.org/mailman/listinfo/bvarc_bvarc.org
<http://mail.bvarc.org/mailman/listinfo/bvarc_bvarc.org>
_______________________________________________
BVARC mailing list
[email protected] <mailto:[email protected]>
http://mail.bvarc.org/mailman/listinfo/bvarc_bvarc.org
<http://mail.bvarc.org/mailman/listinfo/bvarc_bvarc.org>
--
Jonathan Guthrie
ARS KA8KPN
_______________________________________________ BVARC mailing
list [email protected] <mailto:BVARC%40bvarc.org>
http://mail.bvarc.org/mailman/listinfo/bvarc_bvarc.org
<http://mail.bvarc.org/mailman/listinfo/bvarc_bvarc.org>
_______________________________________________ BVARC mailing list
[email protected] <mailto:[email protected]>
http://mail.bvarc.org/mailman/listinfo/bvarc_bvarc.org
<http://mail.bvarc.org/mailman/listinfo/bvarc_bvarc.org>
_______________________________________________
BVARC mailing list
[email protected]
http://mail.bvarc.org/mailman/listinfo/bvarc_bvarc.org
--
_______________________________________________
BVARC mailing list
[email protected]
http://mail.bvarc.org/mailman/listinfo/bvarc_bvarc.org
