Welcome to WebmasterWorld Guest from 34.238.192.150

Forum Moderators: phranque

Message Too Old, No Replies

Security Are your IoT gizmos music boxes smart home kit vulnerable?

     
3:57 am on Jun 21, 2018 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member tangor is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Nov 29, 2005
posts:10569
votes: 1124


A technique for attacking computer networks, first disclosed more than a decade ago, has resurfaced as a way to manipulate Internet-of-Things gadgets, smart home equipment, and streaming entertainment gizmos.

Researcher Brannon Dorsey this week posted an essay explaining how smart home hardware can be vulnerable to a trick known as DNS rebinding.

[theregister.co.uk...]
When convenience of use comes back to bite you in the ...

Sadly, the average user (or geeky webmaster who has to have the latest gizmo!) has no clue that this stuff is out there.

When Fridges Rebel! Echo Takes Over! Beware the Stalking Thermostat!
9:02 am on June 21, 2018 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Sept 26, 2001
posts:12913
votes: 893


Thanks for the reminder.

One of the reasons I use Chrome as my default browser on all devices that browse websites. Chrome uses unfoolable same origin detection. My Samsung TV has a web browser that I never use (for reasons like this.)

Also, using a higher-end router is a must for IoT devices since most have absolutely no security features of their own.

I use a dozen connected devices (studio & home combined.) All are secure. My router runs a scan every 6 hours. In addition, my TV has its own software and runs a scan every time it boots.
9:46 pm on June 21, 2018 (gmt 0)

Preferred Member from CA 

Top Contributors Of The Month

joined:Feb 7, 2017
posts: 579
votes: 60


I have none in my house. If and when I get an IOT device I will try to research and hack it first. Most of these devices have no security, so basically you are inviting a hack. Also most are made in China, so be careful, as there might be a back door.
11:04 pm on June 21, 2018 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Sept 26, 2001
posts:12913
votes: 893


most are made in China
That's a broad generality.

My IoT devices are all music studio recording, processing & storage devices in addition to Google Home, Chromecast and a couple tablets & computers. While some of the smaller components may be manufactured in Indonesia and/or China, none of the devices are.

Besides, as mentioned above, everything is behind a secure router.

The OP article is about unsecure web browsers inadvertently bringing in malicious scripting from infected websites and compromising your home network so that IoT devices could be remotely controlled. Most IoT gadgets do not surf websites.
8:11 am on June 22, 2018 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member tangor is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Nov 29, 2005
posts:10569
votes: 1124


That's a broad generality.

But pretty accurate. :)

I actually do look at labels these days to see where my critters come from. But that's probably a different conversation.
8:20 am on June 22, 2018 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member tangor is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Nov 29, 2005
posts:10569
votes: 1124


My IoT devices are all music studio recording, processing & storage devices in addition to Google Home, Chromecast and a couple tablets & computers. While some of the smaller components may be manufactured in Indonesia and/or China, none of the devices are.


All in with the goog. Got it. :)

Okay with China, Ditto.

Gotta ask, other then goog and the cheap Asian music stuff, why no USA or even EU hardware? (been there, am doing it myself so this is not a rip!) (Note: your SURFACE touted from time to time, is 75% overseas. MS jumped there years ago). Sounds like an argument, sorry in that regard. Just a comment that dang few "computer stuff" if NOT made in China or some Asian country.

Just sounds a bit disingenuous to make any declaration of okey dokey no harm no foul.
8:26 am on June 22, 2018 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Sept 26, 2001
posts:12913
votes: 893


Gotta ask, other then goog and the cheap Asian music stuff, why no USA or even EU hardware?
If you're directing that comment to me, I never said I used "cheap Asian music stuff."

Most of my studio *is* EU & US manufactured, besides a 7'6" Yamaha grand piano, which is hardly cheap. It's one of the finest pianos made.

...your SURFACE touted from time to time, is 75% overseas
I did say...
While some of the smaller components may be manufactured in Indonesia and/or China, none of the devices are

Even Qualcomm, which is located down the street from me, manufactures some of their processors and other components in Indonesia, but I consider Qualcomm a US company and my Qualcomm router to be US.
11:01 am on June 23, 2018 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member tangor is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Nov 29, 2005
posts:10569
votes: 1124


I rest my case. Not American. And devices like described have recently been subject to NSA and FBI warnings so... I rest my case, again.
11:07 am on June 23, 2018 (gmt 0)

Preferred Member from CA 

Top Contributors Of The Month

joined:Feb 7, 2017
posts: 579
votes: 60


If the device automatically sent data back to an IP, would your router block it?