Tag: security

Episode 248: Should I put my IoT devices on a guest network?

This week’s Internet of Things Podcast is a bit different from our typical format. Instead of discussing a range of topics and sharing a guest interview, we’re tackling the question we get so often from our listeners who are rightfully concerned about their home network security with smart devices installed: Should all of these webcams, smart locks, thermostats, and other devices be segmented to a guest network?

On the surface, that sounds like a smart idea. The main reason is that any compromised smart devices won’t be able to infect computers and other things on your primary network. A secondary reason is to limit access to your smart home when guests are over.

Credit: Google

So here’s what we did: We both created guest networks in our home and migrated all of our smart devices over to them. And we found out some very interesting things. For starters, we didn’t lose access to any of our devices through this setup, which is good. However, we also found out that the reverse situation is a bad one. When on our guest networks with devices on the regular network, we still had access to many of them unexpectedly, which is bad.

Our takeaway is that if you want to put your smart home devices on a guest network, that’s fine but it may not add much more security. In particular, if your smart device credentials are stolen, as was the case with recent “hacks” of the Ring and Nest systems, this setup won’t really help you. We’re thinking that using a network monitoring system such as a Firewalla is a better solution. And better yet would be installing a router that supports VLANs, or Virtual LANs, for your smart home devices. Tune in and let us know what you think or if you have additional related network concerns or solutions.

Hosts: Stacey Higginbotham and Kevin Tofel

 

Podcast: Play in new window | Download | Embed

Subscribe: RSS

Episode 90: Spend the holidays with Stacey’s family

We’re heading into the holidays with a guest appearance from my family who share their thoughts on what it’s like to live in a smart home, the products they like and what’s missing so far. My husband has been on the show before, but I also invited my 10-year-old daughter on to talk about her favorite toys and what she thinks of Philips Hue bulbs and the Amazon Echo (and Google Home). It’s a short and sweet reality check for us all.

Zuckerberg’s Jarvis ties together several smart home systems. Image courtesy of Mark Zuckerberg.

Before bringing on my family, Kevin and I discuss Mark Zuckerberg’s smart home and how his Jarvis isn’t all that different from what’s already on the market. And because it’s Thursday, we’ve got another security flaw in routers to talk about. Then we hit a solid budget smart watch and the new GPS system that can fine tune location sensing to a few inches. Finally, Kevin and I share some of our go-to home automation tricks to help you get started in making your own home smarter.

Hosts: Stacey Higginbotham and Kevin Tofel
Guests: Andrew (Stacey’s husband) and Anna (Stacey’s daughter)
Sponsors: Samsung ARTIK and Level Education

  • Zuck built Jarvis and Stacey makes a confession
  • Check your router again
  • From toddlers to teens, we have some home hacks for you
  • The smart home needs more personality

Podcast: Play in new window | Download | Embed

Subscribe: RSS

Episode 35: Raspberry Pi creator Eben Upton shares ideas for the Pi Zero

Sure it’s a week after Thanksgiving, but we are all about Pi with this week’s episode. Yes, I went there! With the launch of the Raspberry Pi Zero, the cheapest Linux computer yet at $5, we invited Raspberry Pi founder Eben Upton on the show to discuss how Google’s Eric Schmidt helped inspire the cheaper computer, when it might be available to buy again and his ideas for connected projects. We also discussed what’s missing and how to add things like connectivity and battery life. He also gives a bit of advice for engineers and non-engineers alike.

The Raspberry Pi Zero. Photographer: Matt Richardson
The Raspberry Pi Zero.
Photographer: Matt Richardson

But before we get to Pi, Kevin and I discuss the VTech hacks and a scary survey from SEC Consult, that lays out how many vendors of connected products are sharing code and thus, sharing static keys used for encryption. This is a big problem as connected devices proliferate, and one the industry is already addressing. Still, it’s worth delving into. We also got a little holiday cheer going, as I described how I used my Amazon Echo and SmartThings (or Wink) plus my GE/Jasco outdoor modules and Wemo indoors to create a voice command that lets me “Turn on Christmas.” So please, listen up and enjoy the show.

Hosts: Kevin Tofel and Stacey Higginbotham
Guest: Eben Upton, creator of the Raspberry Pi

  • Exploited kids accounts and everything is vulnerable
  • Have a connected holiday with Alexa
  • What on earth is the Raspberry Pi?
  • Let’s talk about specs
  • Whew, now let’s talk about how this whole cheap computer thing happened

Podcast: Play in new window | Download | Embed

Subscribe: RSS

Episode 24: HomeKit surprise and no more passwords for the internet of things

Apple didn’t cover HomeKit in its massive event last week, but Kevin and spent a good chunk of time explaining what we we knew. Sadly, it’s not a lot, but it should be worth downloading iOS 9 and waiting a few more weeks. In enterprise news, we covered Salesforce’s IoT Cloud news, which will compete with IBM’s IoT foundation cloud. We also talked about a new access point from Samsung that adds Zigbee and Bluetooth to the mix before delving into a review of the OnHub router from Google. You’ll have to listen to the show and Kevin’s review to see if it’s worth the $199 price tag.

The OnHub router. Image courtesy of Tp Link.
The OnHub router. Image courtesy of TP Link.

After all of that, Paul Madsen, who works in the office of the CTO at Ping Identity, came onto the show to discuss the future of an identity layer for the Internet of things. This may sound esoteric, but it’s really important for all of us who hate having multiple passwords for every app on every device we have in the house, if you are one of those people, you may want to read more into these reviewed password managers. It also could help with guest authentication. The conversation gets a bit techie, but its worth it to understand how we may access our devices in the near future. He does threaten some kind of two-factor authentication for our smart home, guys. Enjoy.

Hosts: Stacey Higginbotham and Kevin Tofel
Guests: Paul Madsen of Ping Identity

  • HomeKit gets new tricks as part of iOS9 but where are the devices?
  • Comcast and AT&T are supporting new third-party devices.
  • Salesforce gets into the Internet of things and here’s why.
  • Does Kevin like the Google OnHub router?
  • Managing identity for smart home might look a lot like the web.
  • Are you ready for two-factor authentication in your home?

Podcast: Play in new window | Download | Embed

Subscribe: RSS

Episode 2: Is it too late to secure the internet of things?

Fans of the connected home got some exciting news when Amazon showed of its Dash Buttons, a simple, connected button that consumers could press to order a single products from the e-commerce giant. The idea is consumers would pop a Tide button by their washing machine, a Cottonelle button by their toilet and an Oil of Olay or Gillette Fusion button by their medicine cabinet, and as they run low, press the button to order more. It was an idea so simple that it seemed ridiculous and people wondered if it was an April Fool’s prank.

So Kevin Tofel and I discussed the Dash on this week’s show and you won’t believe why Kevin doesn’t like the idea. We also discuss the newly launched Hue Go wireless LED light, which I review ahead of its May or June launch. For $99.95 it’s a splurge, but if you like lights, I think it makes a nice gift. We kicked off the show with me sharing a segment that I recorded with Nightline, the ABC late-night news program. The show came to my home and hired a hacker to film a segment on smart homes and security. You can see the segment below:


ABC Breaking US News | US News Videos

The experience prompted me to ask this week’s guest Joshua Corman to come on the podcast to speak about his efforts with an organization called I am the Cavalry, a collective of hackers, researchers and activists trying to build a more secure connected future. We spent a lot of time discussing the group’s framework for connected cars, but it’s a framework that will translate well to other aspects of the internet of things. So get ready to feel very insecure (watch Corman’s TED talk to feel worse) and to learn a bit more about Kevin Tofel’s odd network habits.

Listen at Soundcloud and get the download

Download the MP3 file for this week’s show here

Hosts: Stacey Higginbotham and Kevin Tofel
Guests: Joshua Corman, co-founder at I am the Cavalry

  • How your Nightline smart home sausage was made
  • A review of the new Hue Go wireless light
  • Amazon Dash is a cool retrofit, but Kevin doesn’t want it
  • Here is the bare minimum for a secure internet of things
  • Are today’s cars a BP oil spill waiting to happen?

Podcast: Play in new window | Download | Embed

Subscribe: RSS