Home
Artists
Search Recent Random
Posts
Search DMs Popular Hash Lookup Tags Random
Importer
Import FAQ
Register
Partychan Telegram AI JERK OFF🫦 ThePornDude
Home Artists Posts Import Register

Do you own any IoT devices? (Patreon)

Published:
2017-11-15 16:00:01
Imported:
2022-07

Content

I own an Amazon Echo. Sometimes I receive the response of: "as an infosec expert, why do you have an NSA audio receiver in your house?"

After I roll my eyes :P I usually go into the whole "it's in a room I don't frequent; I've already wiresharked the thing; convenience over security; delete the voice recordings periodically through the app" thing... or I just hit ignore.

What's your opinion on IoT devices? Are there any that you've allowed in your home? Do you use a guest network for them? How do you allow yourself the convenience of an IoT device while also keeping your privacy / security intact?

Comments

Anonymous

Own a small army of IoT devices, though as an embedded Linux hobbyist since the late 90s and as a security consultant on IoT in my spare time, it comes with the territory. I've got Echos deployed and kept out of the main part of the house due to its occasional desire to listen and transmit audio heard to Amazon. My favorite device is a FlightAware ADS-B node where I'm providing aviation digital traffic captured from commercial and private flights overhead and relaying it to FlightAware for greater fidelity in their tracking and reporting. Since I'm 60 miles from the closest city, I fill a gap that surprisingly has Dallas to Hong Kong, LA to Milan, and countless other flights crossing the center of the USA going by daily. Here's my FlightAware node profile - the unit runs on a Raspberry Pi 3 and runs their bundled Debian installation for the Pi. <a href="https://flightaware.com/adsb/stats/user/cosmotraumatika" rel="nofollow noopener" target="_blank">https://flightaware.com/adsb/stats/user/cosmotraumatika</a> Te #1 tip I share with friends is to absolutely use network segmentation and place your IoT devices on their own wifi AP and segmented layer three. Numerous home firewall solutions like Sophos UTM can help you there. Keep them separate, spend some time with SecurityOnion tapping and monitoring their segment if you're a proper semi-paranoid cybersecurity geek, and have fun.

Anonymous

TV's, BluRay players, a photo frame, and XBox (or does that count?). Briefly had an Ecovacs robotic vacuum. Amazon Dash wand. I haven't yet moved them to a guest network, but hopefully soon. Some of the devices are on a media bridge, so I just need to point that at the guest network. And incur the wrath of the family if anything breaks for the next month...

Anonymous

The only IoT device I own at present is one Echo Dot. 99.999 percent of the time I ask what the time is, what the date is, or what the weather is. If someone at Amazon is so hard up for entertainment that they want to have Alexa spy on me while I'm talking to my dogs and bird, I would hate to deny such a sad individual their happiness. The only issue I ever have with Alexa is I've learned to *always* turn her off while watching Tekthing ;)

Anonymous

Aside from electronics and game consoles that are internet-connected, my only IoT devices are a connected light switch (WeMo) and a connected thermostat (Honeywell). Neither have voice control (that I know of :) ). I use them on a guest network. On the other hand, my TV, AVR, cable box, and game consoles are on the house network. Maybe I should reconsider that, except I have a media server that I would also have to move, which means moving it to a separate box, which I don't have at the moment.

Anonymous

I really like them and have quite a few, but they're designed to be as internet and other-people's services independent as possible. I also don't send sensor readings, etc. outside the network because data miners suck. I have a large army of "IoT" devices controlled by Raspberry Pi + Node-RED based local system on a separated VLAN and Wifi network. Some of the devices are Z-Wave or Zigbee, some are off-the-shelf devices I have replaced the firmware on, and some are devices I've designed and built myself - usually based on ESP8266 microcontrollers. There are also a few Raspberry Pis that act as controllers and sensor hubs in places where I have a high density of controls or sensors like the garden. I have also implemented out-of-band hardware guard timers on high-amperage controls to prevent fast switching or turning many of them on at once (a heater/portable AC for the shop). Beyond that I host a custom SSL-wrapped API that I can use to remotely operate certain controls. I also have that set up with per-device credentials that can operate some subset of the controls depending on what I want that device to have control access to. I have an Alexa device in the lab that I'm toying with integrating into specific controls and sensors - but I really don't want to use it for much or in an room or place I spend a lot of time. The first Alexa skill I'm writing actually turns the Echo Dot off via a hacked IoT outlet.

Anonymous

And I thought I was cool when I built a Heathkit television in 1968. I could learn a lot from you.

Anonymous

The NSA thing is too tin-foil hat to discuss. In my opintion, IOT devices present a problem of backdoors into home networks. I seriously doubt the average homeowner is going to update firmware or apply security patches. Manufacturers don't see they have any responsibilities after purchase.

Shannon Morse
>>8349162

Agreed. I forgot to mention it in my post but I've moved all of my it devices to a guest Network so there's less chance of serious breach there.

Shannon Morse

So it sounds like IoT device security is an important topic to everyone listening to my show. That's great to know! I'll continue to pay close attention to stories breaking about iot security for y'all.