General Discussion
Related: Editorials & Other Articles, Issue Forums, Alliance Forums, Region ForumsThis is why I don't buy into the whole "internet of things" ( IoT):
Why Ring Doorbells Perfectly Exemplify the IoT Security Crisis
A new wave of reports about the home surveillance cameras getting hijacked by creeps is painfully familiar.
There's been a lot of creepy and concerning news about how Amazon's Ring smart doorbells are bringing surveillance to suburbia and sparking data-sharing relationships between Amazon and law enforcement. News reports this week are raising a different issue: hackers are breaking into users' Ring accounts, which can also be connected to indoor Ring cameras, to take over the devices and get up to all sorts of invasive shenanigans.
In Mississippi, a Tennessee news channel reported on Tuesday about a case where hackers hijacked an indoor Ring camera one family had placed in a bedroom and used it to talk to three young girls. And as Motherboard first showed, there are tools available online for breaking into Ring accounts by strategically guessing the login credentials. When account thieves record enough juicy audio from people's Ring feeds, there's even a podcast where they can broadcast it.
Though it sounds shocking, the situation with Ring is far from unique. At the beginning of the year, for example, hackers launched similar attacks against Nest cameras, complete with incidents where hackers were creepily talking to children through the devices. The manufacturers behind these devicesAmazon and Google, respectivelyare both billion-dollar tech giants with massive development resources. The fact that their cameras regularly feature in these kinds of cases reflects a broader industry failure to produce trustworthy internet-of-things devices that are easy for consumers to set up in a secure and private way.
snip
By not thinking through the risks, vendors leave consumers exposed to them. In theory, IoT security could be much more nuanced and robust, but researchers point out that it's hard to go deeper until the most basic IoT security issues are resolved.
snip
redstatebluegirl
(12,265 posts)Other neighbors have bought Ring and are trying to get us on board to buy one. My husband says no way. We also don't want an Alexa in the house and I'm not real fond of smart tv's but will most likely not have an option when ours dies.
defacto7
(13,485 posts)CloudWatcher
(1,850 posts)If you're concerned about your smart TV (and I would be, if I owned one), you can simply not connect it to the Internet. Keep it off your WiFi and Ethernet and it'll be pretty difficult to compromise. The power and HDMI connections are pretty safe
dansolo
(5,376 posts)I don't have to pay a monthly fee, and the video is stored locally. I don't trust Ring at all.
MineralMan
(146,318 posts)until the owner sets a strong password. No password; no function. Instead, such devices come with a default password already set. Far too many people simply don't bother to change it, which is how these intruders find and access them.
Try creating a login at your bank's website. Typically, you can't do it unless you set a strong password. There is no default password.
It would be simple for makers of such devices to implement a similar security scenario.
Response to MineralMan (Reply #2)
Post removed
MineralMan
(146,318 posts)I'd be interested in having them? It's true that I have nothing to hide, but I also have little worth breaking into my house and stealing. All of it is replaceable and covered by my homeowner's insurance. I have excellent locks, but nobody has tried them.
I'm puzzled why you would make such a statement, which amounts to sort of a personal attack on me.
tblue37
(65,432 posts)secure, but aren't framing basic security seriously because they don't want consumers to think it's too complicated.
MineralMan
(146,318 posts)a person would need. The "hackers" of those systems are just opportunists, looking for cameras that use the default passwords. They aren't capable of figuring out reasonably hard passwords.
The thing is that very many people never think about security at all until something happens. They just leave the default password in place and go on with their lives.
I've never installed such a camera, so I don't know what the process is, exactly. I assume there is a step where you can set a password of your own. Many people simply skip that step, I suppose. Such is human nature, for which Amazon is not to blame. Me? I'd set a password of my own selection if I installed such a thing.
NYC Liberal
(20,136 posts)customer support. Any added complexity (even something simple) makes it more likely that more people will need help.
ramen
(790 posts)I don't mess with anything of the internet-of-things sort, but password security would solve an awful lot of these 'creepy' situations.. put a camera in your house and use low-security passwords, get low-security results. This is not rocket surgery.
That said, I just don't personally have the need to have a camera attached to the internet in my home. Others' results may vary.
dewsgirl
(14,961 posts)top 10 dark sites from the deep web. In it there was a site, where you could pay to watch hacked security cams inside homes. I find the whole idea terrifying.
bronxiteforever
(9,287 posts)I am now terrified too!
dewsgirl
(14,961 posts)minor compared to the rest, but it was one of the ones the could possibly affect me personally.😳
bronxiteforever
(9,287 posts)I appreciate you making us aware of the risks!
The technology is so easy to use that it insinuates itself into daily life but it so damaging in the wrong hands.
MineralMan
(146,318 posts)I know it exists, but am not curious enough to go look around.
dewsgirl
(14,961 posts)other than child porn and drugs, we rarely hear about much else. From looking at those lists, its a cornucopia of horrifying depravity. Also there are government operatives operating from the deep/dark web(this piqued my interest).
MineralMan
(146,318 posts)There's nothing there that I care anything about. So...
Baclava
(12,047 posts)First, Deep web and Dark web are two completely different things.
There simply is no regular web server that connects to the true Dark web
Regular browsers cant access Dark web web sites, the Dark web uses whats called the Onion Router, Tor servers, which are undetectable from regular search engines and instead of .com they end in .onion
Everything and everyone is anonymous, its dangerous, full of Trojans and malware, scammers and hackers, very wild west, be very afraid
getagrip_already
(14,768 posts)There have been several high profile arrests of tor users who accessed child porn on the dark web.
It's not anonymous. Far from it. Sure, your partner may not know what you are looking at or buying, but the feds certainly can. And if the feds can track you, so can bad actors of all forms.
It's just a cat and mouse game, and the cats are getting smarter where it matters.
And don't get me started on encryption. RSA 512 has fallen, and most ecommerce is back at 256.
Be aware. If you do baaad things, be afraid. If you value what' passes for privacy, just give up now.
Baclava
(12,047 posts)People that just want to go poking around need to use a VPN to protect themselves, and never give out any personal information like their email address.
Thats how people get in trouble, and cover your webcam with a piece of tape! lol
MineralMan
(146,318 posts)I have no desire to, either. But, it's something I'm aware of. Thanks!
Maraya1969
(22,486 posts)connected to the internet. I don't see the gain in asking the air to do something and having it done. There is too much opportunity for my business to go where it shouldn't go.
That's just me.
defacto7
(13,485 posts)Those devices are designed to seem local, but they're not. None of them.
tblue37
(65,432 posts)TheBlackAdder
(28,209 posts).
There's a fallacy that open-source software is more secure because it is reviewed by others.
In reality, no one really reviews it besides academia, nation states and hackers. They do not have to disassemble the code because the source is given to them to exploit. On top of that, many of the open-source groups are infiltrated with hackers and nation state developers to inject rogue code or malware.
Many companies are moving to this Spring Open Development platform, because it's free. It's also rife with hundreds of vulnerabilities.
Read the following article and then travel to Sonatype, register and get the free download of the report.
https://www.theregister.co.uk/2018/09/25/open_source_security/
Just search: SONATYPE OPEN SOURCE SECURITY
.
dalton99a
(81,531 posts)hunter
(38,321 posts)... nominally "open" or "closed." There's an equal likelihood of back doors. A closed source software "blob" doesn't have to be disassembled to accomplish this. Raw data from cameras, keyboards, or microphones can be intercepted before it's encrypted. Encryption can be compromised in many ways. The most common flaw is hard coded passwords in closed source software. More subtle encryption flaws involve timing, energy use, etc.
U.S. security agencies are as pernicious as Chinese, Russian, etc..
Here in the U.S.A. it's already "1984" just as it is in China, but with a lighter touch. You are allowed to say anything you like so long as you are ineffective. Shit only gets real when people start listening to you and acting on it.
I don't trust the Chromebook I'm writing this on any more or less than my Windows laptop, or my Linux desktop. I don't have any Apple devices or Android phones, but I wouldn't especially trust them either.
The worst security risks are machines, both open and closed source, that the manufacturer no longer updates because the manufacturer doesn't care or no longer exists, and machines utilizing complex software that can't be updated.
TheBlackAdder
(28,209 posts).
Well, I was staying on topic about new wireless security devices, but I'll play.
Some of the mainboards we have in this county are comprised as such with Chinese backdoors. The Intel & AMD processors have their versions of management systems that allow remote access without leaving a trace. Our home routers and mainboards have NSA logic or chipsets in them that allows for bulk warrant access to a person's desktop in seconds.
I have an X1 laptop that is used for restricted development and it never attaches to a network, no updates, no wireless, nothing. It is secured, and if there are any transfers, they are one-way--to other devices via jump drives. The jump drives are scanned first on a Linux system. Five years from now, it doesn't matter, because it is never updated and never network connected.
.
5X
(3,972 posts)ismnotwasm
(41,995 posts)Christmas laser lights, my husbands new prescription drugs he left in the car at 1030 in the am, and lastly, our second car.
Each one of the the thieves is right there on video
None of them were caught.
Ok, we just have video of our car being driven away, (we got it back)
I am questioning the value of a security system at this point.
(I know your topic is different, but still)
tblue37
(65,432 posts)ismnotwasm
(41,995 posts)Its grainy at night, we were able to see the dark haired woman with a black and white dog, who quickly riffled through our car and hit junkie paydirtforwarded the video to the police, but her features werent particularly clear. The police have the video. Husband saw her at a store and confronted her. She just denied it.
I live in a relatively high crime area though my street is usually quiet.
MineralMan
(146,318 posts)caught because of home surveillance cameras aimed outward from homes. Typically, it is some neighbor's camera that sees what happened. I know of no cases where an indoor camera has led to arrests, although there might be some cases.
I haven't seen any need to install any cameras at all.
ismnotwasm
(41,995 posts)My backyard and carport are fully fenced, so I can see my dogs from work if they are out when my husband is home. Seeing things remotely is interesting sometimes
eppur_se_muova
(36,271 posts)It's all too easy to be taken in by a new item's sheer novelty, without questioning its utility, or its drawbacks.
TNNurse
(6,928 posts)None of the rest of that is. Our refrigerator does not give us a grocery list. We do not have a doorbell.
Went to get an Amazon Fire Stick so we could watch movies on Prime. A helpful clerk researched and you cannot disable the Alexa. So a Roku (which may have some issues) was purchased without Alexa.
I know you cannot avoid it all, but we are certainly not adding anything extra if we can.
cojoel
(957 posts)This is the only Alexa device that works with a button and the only one I have.
A HERETIC I AM
(24,371 posts)Huh...that's a pretty a pretty small number.
There is some technology that just isn't needed. Like a car that drives itself to you, or a camera and speaker connected to the internet, placed in your teenage daughters bedroom.
PatrickforO
(14,582 posts)and that is the the technological advances have far outstripped labor supply. There just aren't enough skilled people to meet market demand now, and the shortage will likely become critical by 2022.
SWBTATTReg
(22,144 posts)places.
These stories within this DU trend will keep me thinking and making sure that when I do get one or more of these devices (I'm pretty well waiting for prices to still drop more in price before I take the plunge), I'll make sure that I put in a strong password that can't be hacked/broken easily into.
Thing is, you got to have a smart phone too, from what I recollect (and all we have are trac phones, the tiny ones, that are literally 15 years old (we didn't want to pay $xx dollars to belong to a plan for xx years)).
Of course cameras can still be brought (the good ol' fashioned cameras) that don't interconnect via WIFI but via a cable of some type (I have these)...hackers of course can't break into this until they actually break into your home computer / device where you store the pictures etc. that you store your old fashioned camera pictures at.
Don't get me wrong, the NEST or RING cameras are nice, especially for those out working or on the road quite a bit, but for those at home quite a bit, perhaps the only security you might gain in addition, is seeing who is at your front door if someone is knocking at your door and you don't have a peephole (I don't have one).
Pompoy
(123 posts)I think they still need permission from the home owners, but for people who need reasons to be paranoid about government surveillance
into our lives, here are some more.
It's a great tool for investigations, but...
ToxMarz
(2,169 posts)as the vendors. Just as a car, or chain saw, or a ladder they are potentially dangerous if not used properly. If the vendors product is inherently flawed and can't be used safely, there should be seroius consequences. But you can't always fix stupid. If someone is incapable of or too lazy to use technology safely, then they shouldn't. The answer isn't always to dumb everything down to the least common denominator. There are many ways to achieve a high level of security using the internet, but they aren't always as convenient and may involve reading the instructions (as opposed to just plugging it in and expecting to be protected as a right with no responsibility) .
calimary
(81,350 posts)Im one of those who hates having to compute my lights on. What the hell is wrong with simply flicking a switch? UP for on. DOWN for off. Boom! Done.
I do NOT want to have to fuss with a lot of choices and variables. I do NOT want to be dependent on a lot of gadgets. I dont give a rats ass how many degrees of brightness or mood lighting or whatever molecularly slight variations of color it is. Fuck it! Turn it ON. Or turn it OFF. Period!
My husband is gadget-obsessed. I guess the one drawback for him is having to deal with a Luddite every day. Heaven to him is either everything set up on voice-command or thousands of buttons and touch pads with hundreds of thousands of options and choices and degrees of variation. But if I had to live in his idea of a modern home, Id have a house I couldnt live in, because I wouldnt be able to make anything work.
Hav
(5,969 posts)of their children? The invasion of privacy sort of starts right there before the criminals even come into play.
I'd understand security cameras for outside and the entrances.
I'll never get Alexa and I'd only consider installing cameras at home if I'm away for a long time, never if I'm at home.
Kind of off-topic, but I already hate that you can't even get a laptop without a built-in camera anymore. I don't want that and I'd also like the option to have mobile devices without cameras.
Kaiserguy
(740 posts)a piece of black tape and it will see no more.
KY_EnviroGuy
(14,492 posts)any cameras on my computers and smart TVs. Doesn't apply here, but anyone having a computer or TV with a built-in microphone would probably have to disable it through software settings in control panel.
I had a blind neighbor who had a laptop with a built-in microphone that he occasionally used to talk to a virtual assistant (maybe Google?) that I felt was pretty risky security-wise.
getagrip_already
(14,768 posts)Is it next to you on your bed stand? You have a camera in the bedroom, and there are many exploits that can access it.
Android just confirmed one, now patched, in the past couple of months. Apple has also confirmed now patched exploits.
But exploits are always occurring, and you won't know until someone issues a press release, which is often only a third party. Exploits found by a manufacturer are rarely disclosed. Some are never even patched. As long as it isn't public, it is often live.
And law enforcement has tools that would shiver your timbers. All legal, all intrusive.
So don't get all high and mighty. If you own a cell phone, you carry a surveillance device. It's just a question of whether anyone is using it.
klook
(12,159 posts)Deny microphone permission, turn off location tracking. Also, dont keep the dang thing in the bedroom.
getagrip_already
(14,768 posts)Most apps don't give you a line item veto over the rights they claim. It's usually all or don't install.
That doesn't work for most people. We need legislation that mandates the right to choose which rights to give which apps... Why should a game need rights to email or contacts or location (well, location maybe if its vr)?
CrispyQ
(36,482 posts)lambchopp59
(2,809 posts)I know when I was on a job assignment, stationed at a house in a high-crime 'hood but convenient to work, I installed window bars, and fashioned my own security system with cameras that were less than ten bucks, wired to VCR's, continually recording the whole time I was at work. The police found a few of them interesting, hidden cams infrared revealed several prowlers lurking about. Only once did an actual break-in occur, and they were busted as direct result of the recordings. A second charge of vandalism was added because they were insanely destructive, turning over bookshelves, smashed the big screen TV, just being drunken, meth'd up idiots. There were several minutes of footage caught both their faces beyond all doubt.
None of it was wireless. I used a router extensively to keep the wires hidden and inaccessible.
Worked like a charm, closed system, caught the criminals, no worries about cyber-intrusions.
MineralMan
(146,318 posts)but it's a bit beyond the skills of most people. I could do it, and had a couple of cameras in my mineral museum, since it was mostly unattended and there were valuable items in it. A sign that couldn't be ignored mentioned the cameras, and nothing was ever stolen from the place.
However, for most people, installing a wired system is beyond their skills, and having one installed costs a good deal. So, the wifi cameras from Amazon and others are very tempting to such people. They know how to connect WiFi devices, because they're so handy in other ways. That has led many people to install Ring and other systems in their homes, for whatever reasons they might have.
However, many of them seem to be ignoring even the basic password protection offered by such systems. I suspect all the news stories will stimulate their interest in passwords for them now.
I don't know what the apps for them are like on their cell phones, but I'm sure the password-setting is pretty darned easy to apply.
patphil
(6,186 posts)Soon we'll be up to our necks in it, let's just hope we don't drown.
MineralMan
(146,318 posts)There are cameras everywhere, including all of those cameras in all of those cell phones. People are making video of just about everything these days. My niece, for example used Facebook live to video my family's Christmas gathering. I looked in on it briefly. Everyone on her friends list had access to it. She had her cell phone propped up on a table to do the video.
I doubt she even thought about it for a second. She could do it, so she did.
FreeState
(10,572 posts)I have over 50 devices (lights, cameras, outlets, doors etc). None of them can be hacked in the way as Googles devices.
Stay away from Google home devices and anything that doesnt require double sign in to access.
bluedye33139
(1,474 posts)I can handle my thermostat and lights pretty well, thank you. I suppose if I lived in a house with 10,000 square feet I would feel different.