[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ih] Your refrigerator probably hasn't joined a botnet

How do I *know* that my appliance is not a part of a botnet today?   My
home LAN has a bunch of devices on it, and many, maybe all, of them
communicate with whatever is at a lot of other IP addresses.   Some of
these I recognize, like NTP servers.  Others are mysterious, but probably
part of some mechanism for software updates, or advertising, or spying, or
???   I can't recall a single product manual that specifies what the
product will do with the Internet.  So how can I tell it's doing what the
manufacturer intended?  Or communicating with its master in a botnet,
perhaps just keeping in touch stealthily at odd hours and even waiting for
lots of other traffic to hide itself in.

I agree that my appliances are probably not part of a botnet today - but
only because I'm optimistic and it's probably too early in the technology
timeline.   I don't know that it's true.

Technology like Raspberry Pi and CuBox now puts serious computer power in a
cheap 2x2x2-inch cube, all network-capable and even with WiFi, and easily
programmable by anyone.   Fertile ground for botnets....

/Jack Haverty

On Sun, Jan 19, 2014 at 8:42 AM, Paul Ferguson <fergdawgster at mykolab.com>wrote:

> Hash: SHA256
> No sense in writing this twice. :-)
> Here is something that I sent to libtech just a few minutes ago...
> although not "historical", it is important, I think, to properly frame
> the situation as it stands today -- we're moving into new territory
> every day. Some it if is... predictably dangerous if proper safeguards
> are not incorporated up-front instead of "bolted on" after deployment
> (which usually always fails).
> - - ferg
> - -------- Original Message --------
> Subject: [liberationtech] Your refrigerator probably hasn't joined a
> botnet
> Date: Sun, 19 Jan 2014 08:36:10 -0800
> From: Paul Ferguson <fergdawgster at mykolab.com>
> Reply-To: fergdawgster at mykolab.com, liberationtech
> <liberationtech at lists.stanford.edu>
> Organization: Clowns R. Mofos
> To: liberationtech <liberationtech at lists.stanford.edu>
> This nonsense about refrigerators being part of a botnet is not an
> accurate depiction of the world we live in today, but more of a
> warning of where things can go wrong in the future, while
> technologists are rushing headlong into the Internet of Things (IoT).
> While there are certainly some interesting real-world examples of
> unintended consequences of consumer devices being infected by Trojan
> Horse programs and other malware (e.g. digital cameras and picture
> frames coming directly into the retail market "pre-infected" from the
> manufacturer, hospital healthcare devices becoming infected by
> computer worms through incidental contact, etc.), most cases today are
> incidental.
> Via BoingBoing:
> "A mediagenic press-release from Proofpoint, a security firm,
> announced that its researchers had discovered a 100,000-device-strong
> botnet made up of hacked 'Internet of Things' appliances, such as
> refrigerators. The story's very interesting, but also wildly
> implausible as Ars Technica's Dan Goodin explains."
> "The report is light on technical details, and the details that the
> company supplied to Goodin later just don't add up. Nevertheless, the
> idea of embedded systems being recruited to botnets isn't inherently
> implausible, and some of the attacks that Ang Cui has demonstrated
> scare the heck out of me."
> http://boingboing.net/2014/01/18/your-refrigerator-probably-has.html
> Don't get sucked in by the IoT marketing hype, but -- and it is a
> *big* but -- there definitely is a potential for this headlong rush
> into the Internet of Things can develop into the unfortunate situation
> where no one spent enough time thinking about the security posture of
> such actions. If no one spends time up front thinking about these
> implications, we can have a real mess on our collective hands.
> - - ferg
> - --
> Liberationtech is public & archives are searchable on Google. Violations
> of list guidelines will get you moderated:
> https://mailman.stanford.edu/mailman/listinfo/liberationtech.
> Unsubscribe, change to digest, or change password by emailing moderator
> at companys at stanford.edu.
> - --
> Paul Ferguson
> PGP Public Key ID: 0x54DC85B2
> Version: GnuPG v2.0.22 (MingW32)
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
> bgZaDBCkeXpHi6nZNEQBAIWxnLzkHI/rqIc3gz6ntcrErfGLHaC1ypn7M3bFdscz
> =wh9j
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://elists.isoc.org/pipermail/internet-history/attachments/20140119/1ac3d62a/attachment.html>