[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[ih] Your refrigerator probably hasn't joined a botnet
How do I *know* that my appliance is not a part of a botnet today? My
home LAN has a bunch of devices on it, and many, maybe all, of them
communicate with whatever is at a lot of other IP addresses. Some of
these I recognize, like NTP servers. Others are mysterious, but probably
part of some mechanism for software updates, or advertising, or spying, or
??? I can't recall a single product manual that specifies what the
product will do with the Internet. So how can I tell it's doing what the
manufacturer intended? Or communicating with its master in a botnet,
perhaps just keeping in touch stealthily at odd hours and even waiting for
lots of other traffic to hide itself in.
I agree that my appliances are probably not part of a botnet today - but
only because I'm optimistic and it's probably too early in the technology
timeline. I don't know that it's true.
Technology like Raspberry Pi and CuBox now puts serious computer power in a
cheap 2x2x2-inch cube, all network-capable and even with WiFi, and easily
programmable by anyone. Fertile ground for botnets....
On Sun, Jan 19, 2014 at 8:42 AM, Paul Ferguson <fergdawgster at mykolab.com>wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
> No sense in writing this twice. :-)
> Here is something that I sent to libtech just a few minutes ago...
> although not "historical", it is important, I think, to properly frame
> the situation as it stands today -- we're moving into new territory
> every day. Some it if is... predictably dangerous if proper safeguards
> are not incorporated up-front instead of "bolted on" after deployment
> (which usually always fails).
> - - ferg
> - -------- Original Message --------
> Subject: [liberationtech] Your refrigerator probably hasn't joined a
> Date: Sun, 19 Jan 2014 08:36:10 -0800
> From: Paul Ferguson <fergdawgster at mykolab.com>
> Reply-To: fergdawgster at mykolab.com, liberationtech
> <liberationtech at lists.stanford.edu>
> Organization: Clowns R. Mofos
> To: liberationtech <liberationtech at lists.stanford.edu>
> This nonsense about refrigerators being part of a botnet is not an
> accurate depiction of the world we live in today, but more of a
> warning of where things can go wrong in the future, while
> technologists are rushing headlong into the Internet of Things (IoT).
> While there are certainly some interesting real-world examples of
> unintended consequences of consumer devices being infected by Trojan
> Horse programs and other malware (e.g. digital cameras and picture
> frames coming directly into the retail market "pre-infected" from the
> manufacturer, hospital healthcare devices becoming infected by
> computer worms through incidental contact, etc.), most cases today are
> Via BoingBoing:
> "A mediagenic press-release from Proofpoint, a security firm,
> announced that its researchers had discovered a 100,000-device-strong
> botnet made up of hacked 'Internet of Things' appliances, such as
> refrigerators. The story's very interesting, but also wildly
> implausible as Ars Technica's Dan Goodin explains."
> "The report is light on technical details, and the details that the
> company supplied to Goodin later just don't add up. Nevertheless, the
> idea of embedded systems being recruited to botnets isn't inherently
> implausible, and some of the attacks that Ang Cui has demonstrated
> scare the heck out of me."
> Don't get sucked in by the IoT marketing hype, but -- and it is a
> *big* but -- there definitely is a potential for this headlong rush
> into the Internet of Things can develop into the unfortunate situation
> where no one spent enough time thinking about the security posture of
> such actions. If no one spends time up front thinking about these
> implications, we can have a real mess on our collective hands.
> - - ferg
> - --
> Liberationtech is public & archives are searchable on Google. Violations
> of list guidelines will get you moderated:
> Unsubscribe, change to digest, or change password by emailing moderator
> at companys at stanford.edu.
> - --
> Paul Ferguson
> PGP Public Key ID: 0x54DC85B2
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.22 (MingW32)
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
> -----END PGP SIGNATURE-----
-------------- next part --------------
An HTML attachment was scrubbed...