Why are IoT devices so easily hacked???

[Street]

I don't have one, but quite like the idea of being able to generate single use temporary access codes for tradesmen and the like, rather than entrusting them with a physical (easily duplicated) key.

To get my keys duplicated you need the security ID I got with them when I had them made so they can't just drop them off in a shop and get them recut.

 

[Edward78]

http://www.bbc.com/news/technology-41747074
Amazon service will let couriers open front doors

 

[Glaucus]

http://www.bbc.com/news/technology-41747074
Amazon service will let couriers open front doors

sign me up

 

[b0rn2sk8]

Hell No.

I can't see this taking off until Amazon can demonstrate that all their drivers are trustworthy. The system is much less of a worry than the people using it....

 

[Glaucus]

Hell No.

I can't see this taking off until Amazon can demonstrate that all their drivers are trustworthy. The system is much less of a worry than the people using it....

ill take the camera footage, driving license and a dozen other links over some notion of trustworthiness which cant be shown.
You abuse it you will be getting arrested, there's reams of evidence to show who it is

 

[jonneymendoza]

If you're running an old image make sure you disable ssh/change the password, otherwise they are wide open for crypto shenanigans

i am running am image thats proablably 6months old? doesnt it autp update?

 

[d_brennen]

i am running am image thats proablably 6months old? doesnt it autp update?

Nope. At the very lease change your passwords from default for the image. If you never use ssh, disable that too.

https://www.theregister.co.uk/2017/06/13/linuxmuldrop14_malware_for_raspberry_pi/

 

[Nasher]

"Smart" anything is just asking for trouble tbh. It's like a big label saying hack me becasue these devices are never very secure.

 

[Edward78]

Hell No.

I can't see this taking off until Amazon can demonstrate that all their drivers are trustworthy. The system is much less of a worry than the people using it....

I agree, but I wouldn't want anyone in my house when I was gone anyway...

 

[jpaul]

I posted back in Home threads, but case in point - lol
someone did a deep dive on Sonoff wireless switches

....
As I didn't get the switches working, I didn't dive too deeply into the API. I did spot this curious activity though.
When the light switch wasn't connected to the WiFi, the app assumes that it is on a different network to the switch and tries to communicate over a cloud service.

That IP is hard-coded into the app.

whois 58.96.172.115? An unknown server in Hong Kong! The venerable nmap reckons the server is running Microsoft Windows Vista Home Premium SP1, Windows 7, or Windows Server 2008. Ok...

Right, it's communicating on port 80 - but let's see what incredibly secure authentication it is performing...
.....
Ah. So it sends a packet with the light switch's ID number in it. That appears to be all. I assume that the switch makes a similar persistent connection to that IP address so it can listen out for instructions. I was too scared to port scan the light switch

 

[Destination]

And?
They did a deep dive, but would not scan a light switch......
A deep dive? Really?

 

[jpaul]

Well yes, it was not a dis-assembly of the source code that Kaspersky might have done for stuxnet - but probably deeper than the average OC'r

Setting up a tight firewall (as already commented) would seem to be the appropriate action.
I have never (naively ?) setup port access rules for the smart devices I use (chromecast/roku/tv), if that, is indeed, possible with the Virgin/TalkTalk routers I use.
(I guess the folks whose printers/cctv had contributed in last years Denial of service attacks had not either.)