You Invited Creepy Dude Into Your Kid's Room!
The Market Ticker - Commentary on The Capital Markets
Logging in or registering will improve your experience here
Main Navigation
Display list of topics
Sarah's Resources You Should See
Sarah's Blog Buy Sarah's Pictures
Full-Text Search & Archives
Legal Disclaimer

The content on this site is provided without any warranty, express or implied. All opinions expressed on this site are those of the author and may contain errors or omissions.

NO MATERIAL HERE CONSTITUTES "INVESTMENT ADVICE" NOR IS IT A RECOMMENDATION TO BUY OR SELL ANY FINANCIAL INSTRUMENT, INCLUDING BUT NOT LIMITED TO STOCKS, OPTIONS, BONDS OR FUTURES.

The author may have a position in any company or security mentioned herein. Actions you undertake as a consequence of any analysis, opinion or advertisement on this site are your sole responsibility.

Market charts, when present, used with permission of TD Ameritrade/ThinkOrSwim Inc. Neither TD Ameritrade or ThinkOrSwim have reviewed, approved or disapproved any content herein.

The Market Ticker content may be sent unmodified to lawmakers via print or electronic means or excerpted online for non-commercial purposes provided full attribution is given and the original article source is linked to. Please contact Karl Denninger for reprint permission in other media, to republish full articles, or for any commercial use (which includes any site where advertising is displayed.)

Submissions or tips on matters of economic or political interest may be sent "over the transom" to The Editor at any time. To be considered for publication your submission must include full and correct contact information and be related to an economic or political matter of the day. All submissions become the property of The Market Ticker.

Considering sending spam? Read this first.

2018-11-02 11:00 by Karl Denninger
in Small Business , 131 references Ignore this thread
You Invited Creepy Dude Into Your Kid's Room!
[Comments enabled]

See, I told you so....

Nearly every day, after school, this mother, who asked PIX11 to hide her identity, said her 5-year-old son chats with her husband through the Nest cam, a home monitoring system users can connect through their cell phones.  This time, however, it was a complete stranger on the other end.

“He asked my son if he took the school bus home and he was asking him about the toys he was playing with and when my son said 'mommy, mommy,' he told him to shut up,” she recalled.

When she walked into her child’s playroom, the ominous voice addressed her directly.

Now she’s frightened and wonders how long a complete stranger was watching her family. Since this frightening violation, this mother called police, who, while sympathetic, said there was little they could do.

Nest, of course, claims there's no hacking involved and someone's password was compromised.

Uh huh.

Where was it compromised?

Nest claims that this has happened due to people losing passwords on "other sites", but then says this:

We are proactively alerting affected customers to reset their passwords and set up two-factor authentication, which adds another layer of account security. 

If the breach didn't involve the cloud-based system in question how do they know who is affected?

This is why if you're going to have something like this in your house you want the connection to be directly between your devices - never in a "cloud" environment, ever, period, end of discussion.

Which is exactly what HomeDaemon-MCP was designed from the ground up to accomplish.

Break the glass, disrupt the model.  Buy it out and have at it - email me for details using the contact info on the right.

Go to responses (registration required to post)
 

 
Comments.......
User: Not logged on
Login Register Top Blog Top Blog Topics FAQ
Showing Page 1 of 2  First12Last
User Info You Invited Creepy Dude Into Your Kid's Room! in forum [Market-Ticker]
Ckaminski
Posts: 4962
Incept: 2011-04-08

Report This As A Bad Post Add To Your Ignored User List
Is there a nice tropical island you can move to that would be amenable to you bootstraping HomeDaemon-MCP.com ?

No one is seriously approached you, I'm sure because the Cloud is a feature - a way to intrude and get all sorts of data you as a consumer don't want anyone to have.

A small amount of hardware engineering and you could replace old ADT hard-wire panels to boot. ADT doesn't even do hardwired residential anymore. Everything's zwave. Which sucks for my parents place with a 25yo panel that no longer has parts available and has 60+ door, PIR, window, fire and glass break sensors hardwired in.
Asimov
Posts: 110156
Incept: 2007-08-26

East Tennessee Eastern Time
Report This As A Bad Post Add To Your Ignored User List
Quote:
I'm sure because the Cloud is a feature


No, the cloud is a way for them to make more money off of you.

Indeterminate amounts over indeterminate periods of time. But there's definitely a lot of value there. Or at least enough people THINK there is value there that currently there is. Think of it like bitcoin.

----------
It's justifiably immoral to deal morally with an immoral entity.

Festina lente.
Robc
Posts: 37
Incept: 2009-09-10

Cincinnati
Report This As A Bad Post Add To Your Ignored User List
The police didn't want to open a case because they wouldn't be able to solve it. That is the one thing they are supposed to do, investigate crimes, even ones that are going to be obvious dead ends. It might be good for the nation if everyone knew how many unsolved digital crimes there were.
Wa9jml
Posts: 255
Incept: 2017-04-29

DeKalb, Illinois
Report This As A Bad Post Add To Your Ignored User List
Only a complete idiot would have a system like this. And it would take a complete idiot to have an Alexa in their house, or use Siri on their cell phone. Or have their TV hooked in to their internet connection with its live microphone.

Obviously God likes complete idiots, because He has obviously made plenty of them.
Whitehat
Posts: 778
Incept: 2017-06-27

The People's Republic of New York
Report This As A Bad Post Add To Your Ignored User List
@Robc -- same issue with fraudulent credit card and bank charges originating online. even if you have a shipping address for the thief, the police will not even take a report. the industry makes so much money that they just eat the transaction or make the merchant bear the cost.

----------
There are two ways to be rich: One is by acquiring much, and the other is by desiring little.
snow, seasons, distance and dirt roads: SSDD
"Be not deceived; God is not mocked; for whatsoever a man soweth, that shall he also reap" (Gal. 6:7)
Lenguado
Posts: 2447
Incept: 2010-01-12
A True American Patriot!
Orlando, FL
Report This As A Bad Post Add To Your Ignored User List
At no point in the article did I note that the family DISCONNECTED the Nest cam . . .

As Wa9jml notes, "Obviously God likes complete idiots, because He has obviously made plenty of them."

smiley

----------
I just realized... they aren't saying, "Keynesian Economics"
they're saying "Kenyansian Economics". Grass Huts for everyone!
smiley
Welcome to historys first Double Dip Depression
Burke13
Posts: 82
Incept: 2010-02-22

Report This As A Bad Post Add To Your Ignored User List
It's been 23 years now (roughly 1995) since the internet went mainstream. That means we have now had 23 years of examples that everything that touches the internet gets hacked given enough time. That includes your cell phone and GPS data, Nest devices, your Amazon Alexas, your Smart TVs, the Vtech camera toy you bought for your kids, your refrigerators with cameras inside, etc. All are collecting data and all have (or WILL be hacked) with you never knowing who has that data and how it will be used against you. This includes child predators, thieves looking to rob your house, someone wanting to blackmail you in the future, insurance companies looking for any excuse to raise prices, etc. After 23 years, I've run out of sympathy for people when I hear stories like this, as these devices are all Trojan horses.

My personal favorite are the Sleep Number beds which (optionally?) come with a monitor that allows you to see your sleep history and gives you a score. 5-6 years ago I tested it out for a few weeks, knowing I'd be blocking it soon. You could monitor movement AND force in real-time. That feature went away (obscured no doubt, still collected) with the only software upgrade I saw them push. Think these bed manufacturers don't know the frequency and duration you spend f*cking your wife? Anyone who obtains the Sleep Number info is one data point away from correlating bed activity/frequency/force with the location(s) of the wife/husband. Anyone remember the Ashley Madison hacks years back? There were numerous blackmail cases and at least two suicides directly linked to the breach.
Whitehat
Posts: 778
Incept: 2017-06-27

The People's Republic of New York
Report This As A Bad Post Add To Your Ignored User List
i fear for my children and yours in that there will come a point that stupid or not when there will be no option to purchase necessary products that can be or are disconnected. perhaps some legislation or interpretation of existing law needs to be put into place to preserve this option. let it be known as the right to disconnect. it must also be paired with another legislative item to be known as the sunlight law. everything about a person known by any entity must be made available in full and with complete interpretation as can be used in evaluation of to the subject individual.

the latter recommendation will not doubt lead to spilled blood, however without we will be living with secret dossiers, the case already for a long time. for these principles i would give my life.

----------
There are two ways to be rich: One is by acquiring much, and the other is by desiring little.
snow, seasons, distance and dirt roads: SSDD
"Be not deceived; God is not mocked; for whatsoever a man soweth, that shall he also reap" (Gal. 6:7)
Gable
Posts: 860
Incept: 2009-07-04

Retired in NC Mountains
Report This As A Bad Post Add To Your Ignored User List
Related question. We are going to need a new TV soon and all of them seem to be "Smart". Is the easiest way to block all internet access by blocking its MAC address on the router to the internet?

----------
In all of history, no government became more honest, less corrupt, or respected its citizens' rights more as it grew in size. E.L. 2016
Tickerguy
Posts: 154886
Incept: 2007-06-26
A True American Patriot!
Report This As A Bad Post Add To Your Ignored User List
Yep

----------
Winding it down.
Asimov
Posts: 110156
Incept: 2007-08-26

East Tennessee Eastern Time
Report This As A Bad Post Add To Your Ignored User List
Seems like the EASIEST method to keep it off the internet is simply not supply it with your wifi password.

Of course if you ever go naked on your wifi, it would be able to connect and blocking the mac would keep that from happening...

*Shrug*

----------
It's justifiably immoral to deal morally with an immoral entity.

Festina lente.
Wearedoomed
Posts: 4345
Incept: 2009-01-14

slightly red state
Report This As A Bad Post Add To Your Ignored User List
Then again, if your TV gets its signal from a cable box or other device that outputs HDMI, DVI or other digital standard, then one option might be to get a large monitor (with or without speakers) instead of a "smart" TV.

----------
A collectivist defines peace as the silence of their enemies, through fear, imprisonment or death. That's how they define peace. - Mike Vanderboegh
Tickerguy
Posts: 154886
Incept: 2007-06-26
A True American Patriot!
Report This As A Bad Post Add To Your Ignored User List
Exactly.

Don't use the "in-TV" apps, which *require* you to connect it to your network. Feed it an HDMI or DVI signal from something else, and the something else has no access to your internet connection.

Of course if your cable box has spyware in it and it's on a 2-way network (all modern cable networks)......

----------
Winding it down.
Bodhi
Posts: 636
Incept: 2008-02-23

Georgia
Online
Report This As A Bad Post Add To Your Ignored User List
When I bought a Vizio big screen a couple of years ago I cobbled together a Win7 PC with an HDMI port and ran that into the TV. I also blocked all things Vizio in the PC's hosts file for good measure. No way that beast was getting a direct Internet connection.
Tickerguy
Posts: 154886
Incept: 2007-06-26
A True American Patriot!
Report This As A Bad Post Add To Your Ignored User List
I have a quite-nice flat-panel TV that's pretty new and it has no connection to the Internet at all. I feed it from my stereo/media system via HDMI for video only; the audio goes through the stereo.

I assume it has a microphone in it and may have a hidden camera. There's no ****ing way I'm giving that thing access to the network in the house. Some modern units (e.g. newer Vizio ones) no longer have remotes and require a connection since they use an App on your phone as their remote! No, no, and **** NO to that; return that piece of ****. If you utterly INSIST, however, then block the MAC of the TV at your gateway so while it can talk to things inside (e.g. your phone on the same WiFi link) it CANNOT get out at all. Just beware that nothing prohibits it from using your phone as a tunnel if you do that -- August's "smart lock" products do this which is a really ****ing sneaky trick.

----------
Winding it down.
Bodhi
Posts: 636
Incept: 2008-02-23

Georgia
Online
Report This As A Bad Post Add To Your Ignored User List
When I was visiting my son in NY I found that he was using his smart phone as a hot spot to stream programming via WiFi to his TV. I was less than enthusiastic about that. I'm unsure of the security risks, but it can't be good.
Tickerguy
Posts: 154886
Incept: 2007-06-26
A True American Patriot!
Report This As A Bad Post Add To Your Ignored User List
That sort of thing is increasingly common in the "cut the cord" sort of world, and it's serious trouble since your phone has no DMZ capability in it (intentionally; Goolag prevents it and so does Apple) which means you can't put a MAC filter into the hotspot forwarding tables.

I use my phone as a hotspot but only to a device I control (e.g. my laptop), never for "general" distribution purposes. The latter is a very bad idea but is going to become more and more common over time, especially with 5G showing up.

----------
Winding it down.

Bodhi
Posts: 636
Incept: 2008-02-23

Georgia
Online
Report This As A Bad Post Add To Your Ignored User List
I was afraid you were going to say there is no way to block the MAC in the hotspot.

After a quick search I read a couple of suggestions about using iptables to create MAC filtering rules. Is that possible in an Android device? Wouldn't root access be required?
Bluebird
Posts: 1857
Incept: 2008-05-02

SW Ohio
Report This As A Bad Post Add To Your Ignored User List
Someone actually wrote about setting their apartment as a test for the IoT. Creepy isn't the half of it...

2/7/18 The House That Spied on Me
by Kashmir Hill and Surya Mattu

Kashmir:
In December, I converted my one-bedroom apartment in San Francisco into a smart home. I connected as many of my appliances and belongings as I could to the internet: an Amazon Echo, my lights, my coffee maker, my baby monitor, my kids toys, my vacuum, my TV, my toothbrush, a photo frame, a sex toy, and even my bed.

Our bed? asked my husband, aghast. What can it tell us?

Our breathing rate, heart rate, how often we toss and turn, and then it will give us a sleep report each morning, I explained.

Sounds creepy, he said, as he plopped down on that bed, not bothered enough to relax instead on our non-internet-connected couch.

I soon discovered that the only thing worse than getting a bad nights sleep is to subsequently get a report from my bed telling me I got a low score and missed my sleep goal. Thanks, smart bed, but I know that already. I feel like ****.
.
.
Surya:

Yes, I am basically Kashmirs sentient home. Kashmir wanted to know what it would be like to live in a smart home and I wanted to find out what the digital emissions from that home would reveal about her. Cybersecurity wasnt my focus. (I wasnt interested in hacking her sex toy or any of her other belongings.) Privacy was. What could I tell about the patterns of her and her familys life by passively gathering the data trails from her belongings? How often were the devices talking? Could I tell what the people inside were doing on an hourly basis based on what I saw?

much more...
https://gizmodo.com/the-house-that-spied....

Tickerguy
Posts: 154886
Incept: 2007-06-26
A True American Patriot!
Report This As A Bad Post Add To Your Ignored User List
Quote:
After a quick search I read a couple of suggestions about using iptables to create MAC filtering rules. Is that possible in an Android device? Wouldn't root access be required?

Yep -- and that's the problem. You are deemed to "not own" your phone's operating system and thus "can't" have root on it, and if you do it anyway and Goolag's code detects it you'll get locked out of many of their services including Android Pay (and likely, soon, Google Play entirely -- so no apps for you sucka!)

There are ways around getting caught but they're fraught with risk, especially now with Project Treble, which has a decent probability of bricking your phone on update if you use one of the "undetectable" root mechanisms and a system update comes down. You have to be VERY careful nowdays with playing with system partitions because of anti-rollback flags and the lack of factory reload images at the current patch level as it is entirely possible to wind up with a phone that won't boot the only patch level you can reload from a "zero base" since the updates forward from that point are all delta changes (not complete loads.) If that happens you're ****ed as there's no way to recover from it in the field.

----------
Winding it down.
Bodhi
Posts: 636
Incept: 2008-02-23

Georgia
Online
Report This As A Bad Post Add To Your Ignored User List
Thanks as always for your expertise, Karl. Not going there. :)
Budget-racer
Posts: 33
Incept: 2016-03-14

Virginia
Report This As A Bad Post Add To Your Ignored User List
One of the things I do on the side is help a local place change out dead tvs. They are older LG non smart tvs and I get to keep them to fix and sell. So far they have just been burnt out led backlights from being on 18 hrs a day. I specifically point out the spying issue when I list them for sale and usually unload them pretty quick.
Whitehat
Posts: 778
Incept: 2017-06-27

The People's Republic of New York
Report This As A Bad Post Add To Your Ignored User List
not giving the Smart TV access to the network hardwired or otherwise is an excellent idea. currently HDMI is not known as a two-way data transfer standard, but something must be coming since already digital content does not stream at HD when linked by HDMI to a monitor not having the security protocols. i am a firm supporter of cover (camera) and cut (microphone). i suggest that everyone gets good at doing this when home appliances get built-in access to the cellular networks.

other than when your children are old and mature enough to have their own computers since it is their personal space, what adult needs a TV or screen in the bedroom. all it does is mess with your sleep. not having one in the parent's bedroom also shows children by example what is best. they learn more from watching than by what we say to them.

----------
There are two ways to be rich: One is by acquiring much, and the other is by desiring little.
snow, seasons, distance and dirt roads: SSDD
"Be not deceived; God is not mocked; for whatsoever a man soweth, that shall he also reap" (Gal. 6:7)
Tickerguy
Posts: 154886
Incept: 2007-06-26
A True American Patriot!
Report This As A Bad Post Add To Your Ignored User List
HDMI has a security "handshake" protocol that is intended to prevent picking off the unencrypted data stream. It also carries control signals (e.g. "turn on the monitor") so you can, for example, turn on your receiver, select a video source and the monitor will power up.

It is not, however, general-purpose and thus as far as I know has yet to be perverted. It is bidirectional however, and can (for example) carry audio back to the stereo from your TV (which is quite useful as it reduces the cable requirement from said TV to and from the stereo to "1" cable instead of several.)

----------
Winding it down.
Login Register Top Blog Top Blog Topics FAQ
Showing Page 1 of 2  First12Last