[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ih] Your refrigerator probably hasn't joined a botnet

Hash: SHA256

> How do I *know* that my appliance is not a part of a botnet today?

As a residential consumer, that is a hard problem, but I believe
technologies like DNS RPZ [1] et al. will arise to assist in this area.

And residential broadband providers like Comcast [2] are already
starting to act responsibly to notify consumers (customers) of infections.

Again, as this idea known as IoT, connecting myriad residential (and
other mobile devices such as cars) devices to the Internet, we'll all
be learning. :-)

- - ferg

[1] https://dnsrpz.info/

[2] "Comcast takes free anti-botnet service nationwide"

On 1/19/2014 9:44 AM, Jack Haverty wrote:

> How do I *know* that my appliance is not a part of a botnet today?
> My home LAN has a bunch of devices on it, and many, maybe all, of
> them communicate with whatever is at a lot of other IP addresses.
> Some of these I recognize, like NTP servers.  Others are
> mysterious, but probably part of some mechanism for software
> updates, or advertising, or spying, or ???   I can't recall a
> single product manual that specifies what the product will do with
> the Internet.  So how can I tell it's doing what the manufacturer
> intended?  Or communicating with its master in a botnet, perhaps
> just keeping in touch stealthily at odd hours and even waiting for
> lots of other traffic to hide itself in.
> I agree that my appliances are probably not part of a botnet today
> - but only because I'm optimistic and it's probably too early in
> the technology timeline.   I don't know that it's true.
> Technology like Raspberry Pi and CuBox now puts serious computer
> power in a cheap 2x2x2-inch cube, all network-capable and even with
> WiFi, and easily programmable by anyone.   Fertile ground for
> botnets....
> /Jack Haverty
> On Sun, Jan 19, 2014 at 8:42 AM, Paul Ferguson
> <fergdawgster at mykolab.com <mailto:fergdawgster at mykolab.com>>
> wrote:
> No sense in writing this twice. :-)
> Here is something that I sent to libtech just a few minutes ago... 
> although not "historical", it is important, I think, to properly
> frame the situation as it stands today -- we're moving into new
> territory every day. Some it if is... predictably dangerous if
> proper safeguards are not incorporated up-front instead of "bolted
> on" after deployment (which usually always fails).
> - ferg
> -------- Original Message -------- Subject: [liberationtech] Your
> refrigerator probably hasn't joined a botnet Date: Sun, 19 Jan 2014
> 08:36:10 -0800 From: Paul Ferguson <fergdawgster at mykolab.com 
> <mailto:fergdawgster at mykolab.com>> Reply-To:
> fergdawgster at mykolab.com <mailto:fergdawgster at mykolab.com>,
> liberationtech <liberationtech at lists.stanford.edu 
> <mailto:liberationtech at lists.stanford.edu>> Organization: Clowns R.
> Mofos To: liberationtech <liberationtech at lists.stanford.edu 
> <mailto:liberationtech at lists.stanford.edu>>
> This nonsense about refrigerators being part of a botnet is not an 
> accurate depiction of the world we live in today, but more of a 
> warning of where things can go wrong in the future, while 
> technologists are rushing headlong into the Internet of Things
> (IoT).
> While there are certainly some interesting real-world examples of 
> unintended consequences of consumer devices being infected by
> Trojan Horse programs and other malware (e.g. digital cameras and
> picture frames coming directly into the retail market
> "pre-infected" from the manufacturer, hospital healthcare devices
> becoming infected by computer worms through incidental contact,
> etc.), most cases today are incidental.
> Via BoingBoing:
> "A mediagenic press-release from Proofpoint, a security firm, 
> announced that its researchers had discovered a
> 100,000-device-strong botnet made up of hacked 'Internet of Things'
> appliances, such as refrigerators. The story's very interesting,
> but also wildly implausible as Ars Technica's Dan Goodin
> explains."
> "The report is light on technical details, and the details that
> the company supplied to Goodin later just don't add up.
> Nevertheless, the idea of embedded systems being recruited to
> botnets isn't inherently implausible, and some of the attacks that
> Ang Cui has demonstrated scare the heck out of me."
> http://boingboing.net/2014/01/18/your-refrigerator-probably-has.html
>  Don't get sucked in by the IoT marketing hype, but -- and it is a 
> *big* but -- there definitely is a potential for this headlong
> rush into the Internet of Things can develop into the unfortunate
> situation where no one spent enough time thinking about the
> security posture of such actions. If no one spends time up front
> thinking about these implications, we can have a real mess on our
> collective hands.
> - ferg

- -- 
Paul Ferguson
PGP Public Key ID: 0x54DC85B2

Version: GnuPG v2.0.22 (MingW32)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/