This week’s podcast is light on the smart home and heavy on the infrastructure required to make the internet of things work. Kevin and I explain why Qualcomm’s $37 billion buy of NXP makes sense, the details behind NB-IoT, which is yet another low power wireless network and how Microsoft is stepping up to protect security for the internet of things. Speaking of security, we also talk briefly about Netatmo’s new outdoor security camera as well as the best cheap wireless security camera money can buy. For fun, I talk about my visit to the B8ta store in Palo Alto, which was a connected gadget lover’s dream.
After all this, I bring out the second of my two security interviews, Brian Knopf, who is the director of security research at Neustar. Knopf has a deep history in working security for connected devices have worked at Belkin and Wink. We talk a bit about the challenges exposed by the Mirai botnet and what consumers should look for in connected devices.
Some people may also find that having security measures on their property can help lower their home insurance rates. If you have these installed, there is no reason to wait for coverage, as you can look online to find the one that suits your needs best.
In the meantime, enjoy the show!
Hosts: Stacey Higginbotham and Kevin Tofel
Guest: Brian Knopf, director of security for Neustar
Sponsors: ARM and AtlasRFID (Use coupon code IOTPODCAST)
- Qualcomm needed NXP for cars, customers and a new sales plan
- Microsoft’s the first to create an IoT security service
- The best store for gadget fiends
- No one wants to pay for security
- Steps the industry must take to protect security
Podcast: Play in new window | Download | Embed
Subscribe: RSS
Another great show. With regards to creating a separate network for your IoT devices, what I ended up doing was add another router to my existing home network that I use for all of my IoT devices as well as the multiple dev boards I am working on that are network connected. This second router is set up with a separate subnet from the main router. This is easy to do and should not require having to take down the existing network to add another router to the mix and should keep your IoT devices separate from the rest of your computers and connected devices.
I do have one comment regarding what Brian Knopf said about telnet being enabled on the compromised devices from the recent bot attack. Telnet does not allow one to transfer files to a device and is more of an command line interface to the device. This could be used to edit security related files on the compromised device if root is enabled or some other superuser login which may have been the case in the bot attack. If companies need to use something like telnet to debug a device and leave it enabled after shipping, then they should lock down root and use a non root user with a protect password that could be based on something like a combination of the serial number and a shipped date code as a default password. This will keep it unique to each device.
I like this idea. (Because it’s way easier!) But by keeping it a subnet can one still worm his way into the main network from there?
Hey Stacey,
Depending on the devices on the network, it would be very difficult to completely secure a IoT network but there are things that can be done to make it more difficult to crack in. With the separate subnets, as long as the subnets are not bridged and the devices on each subnet can not reach each other directly, then if you get something like a worm on a PC on one subnet it will not be able to find the IoT devices on the other subnet and vice-versa. However, some of the home smart devices require a connection to the Internet like the Phillips Hue or require the SSID from the router to broadcast like the Wemo Hub. The Wemo Hub is a double whammy since it broadcasts it’s own SSID and then requires the router to have the SSID visible which leaves the SSID open to being scanned and discovered both within the personal network as well as anyone within broadcast range of the router; some war hackers can reach a wifi signal from miles out so its not a good idea to broadcast the SSID. One big vulnerability with Linux based devices, especially for folks like me that use a Raspberry Pi or Beaglebone for creating home automation, is that the router SSID and Passcode is in plain view in the network interface file. If an IoT device is using a Linux operating system like the RasPi does, then the router settings are in plain view if a cracker can get a login to the device; I believe there has already been instances of this type of attack.
There are steps that can be performed with the router to try to prevent both exposure and accessibility by undesirables. The Makeuseof site has some pretty good steps to follow to help lock down the router.
http://www.makeuseof.com/tag/configure-router-make-home-network-really-secure/
Cheers,
Jon
Thank you. This is next week’s project so I’m currently overwhelmed with my options. You guys are great.
Hi Stacey, in the show you mention a list of known Mirai susceptible devices. Can you share please?
Here is one version of that list. It’s not complete. https://krebsonsecurity.com/2016/10/who-makes-the-iot-things-under-attack/
Thanks Stacey. Love the show by the way, great coverage of fresh news/opinions from both you and Kevin/and good interviews. Its a regular staple of my podcast brain-enhancement programme 🙂
RFID systems, like most electronics and networks, are affected to both physical and electronic attacks. As the technology matures and becomes more widespread, so do hackers who aim to gain private information, entrance to secure areas, or take a system down for personal gain.
long-range rfid scanner is china based company.