Difference between revisions of "Talk:1966: Smart Home Security"

Explain xkcd: It's 'cause you're dumb.
Jump to: navigation, search
m
 
(3 intermediate revisions by 3 users not shown)
Line 6: Line 6:
  
 
Hmm. Isn't the concern for smart appliances usually that since they're internet-connected, they can be used to for DDoS and other nefarious purposes? I mean, a smart thermostat doesn't really have the capability to spy on its owners, right?
 
Hmm. Isn't the concern for smart appliances usually that since they're internet-connected, they can be used to for DDoS and other nefarious purposes? I mean, a smart thermostat doesn't really have the capability to spy on its owners, right?
:They can spy on your temperature preferences! (Dun dun dah!). You do have a point though. I originally was thinking more like smart home assistants, as that seems to be the craze now. That is ignoring the majority smart devices in the market though. You could get some information from most though, even it is minimal. You could get a rough floorplan from a roomba, you could get an idea what kind of products people buy with smart fridges... etc. We may never know what Randall's original intention was though. I wonder if he reads this wiki... Does he ever edit it?
+
:They can spy on your temperature preferences! (Dun dun dah!). You do have a point though. I originally was thinking more like smart home assistants, as that seems to be the craze now. That is ignoring the majority smart devices in the market though. You could get some information from most though, even it is minimal. You could get a rough floorplan from a roomba, you could get an idea what kind of products people buy with smart fridges... etc.[[User:Linker|Linker]] ([[User talk:Linker|talk]]) 11:29, 19 March 2018 (UTC)
 
:A smart thermostat often knows when you are home and not. It could easily be used to develop a pattern of behavior to determine when would be the best time to rob your house. Then there's smart door locks, with the obvious consequences of hacking. But yes, botnets are one of the biggest problems. Note that the graph (accurately!) shows a not-so-great best case on day 1, as most IoT security is awful.[[Special:Contributions/173.245.52.67|173.245.52.67]] 17:18, 12 March 2018 (UTC)
 
:A smart thermostat often knows when you are home and not. It could easily be used to develop a pattern of behavior to determine when would be the best time to rob your house. Then there's smart door locks, with the obvious consequences of hacking. But yes, botnets are one of the biggest problems. Note that the graph (accurately!) shows a not-so-great best case on day 1, as most IoT security is awful.[[Special:Contributions/173.245.52.67|173.245.52.67]] 17:18, 12 March 2018 (UTC)
 
:Agreed. A much more likely scenario is that your device is being used for a botnet.  Smart appliances aren't updated as reliably as personal computers (since they're "set and forget" devices), and the owner is less likely to notice if they've been hacked (because you won't notice if your thermostat is running a little slow), so they're a prime target for hackers.  That's also why the graph shows the risk increases as time goes by - the manufacturer stops patching the device, but the hacker will keep trying to get in. --[[Special:Contributions/162.158.79.89|162.158.79.89]] 17:24, 12 March 2018 (UTC)
 
:Agreed. A much more likely scenario is that your device is being used for a botnet.  Smart appliances aren't updated as reliably as personal computers (since they're "set and forget" devices), and the owner is less likely to notice if they've been hacked (because you won't notice if your thermostat is running a little slow), so they're a prime target for hackers.  That's also why the graph shows the risk increases as time goes by - the manufacturer stops patching the device, but the hacker will keep trying to get in. --[[Special:Contributions/162.158.79.89|162.158.79.89]] 17:24, 12 March 2018 (UTC)
  
 
:The risk in a smart thermostat is not the information it sends, but the fact that it is connected to your network. If the security on the thermostat is weak, it provides a gateway to the rest of your network. Hack the thermostat and install malware that sits there silently trying password combinations to the rest of your devices. [[User:Rtanenbaum|Rtanenbaum]] ([[User talk:Rtanenbaum|talk]]) 13:32, 13 March 2018 (UTC)
 
:The risk in a smart thermostat is not the information it sends, but the fact that it is connected to your network. If the security on the thermostat is weak, it provides a gateway to the rest of your network. Hack the thermostat and install malware that sits there silently trying password combinations to the rest of your devices. [[User:Rtanenbaum|Rtanenbaum]] ([[User talk:Rtanenbaum|talk]]) 13:32, 13 March 2018 (UTC)
 +
 +
::The risk of IOT devices is that they control physical objects and that can be used to do physical harm.  A smart thermostat controlling an A/C or heat pump switch a multi-kilowatt load.  Switching a few thousands, or a few hundreds of thousands, of those synchronously may do real damage to the power grid.  If your more selfish the evil doer can wait till your out of town (data from the thermostat) and turn the heat to minimum or maximum so you come home to an expensive mess.  [[Special:Contributions/162.158.74.213|162.158.74.213]] 17:39, 14 March 2018 (UTC)
  
 
I’m going to give them an update they can’t refuse
 
I’m going to give them an update they can’t refuse
Line 21: Line 23:
 
:::In that scenario, having your device be part of a botnet eventually becomes the best-case scenario, as the hackers would be providing the "support" and updates you need to keep the device working, as per the title text.
 
:::In that scenario, having your device be part of a botnet eventually becomes the best-case scenario, as the hackers would be providing the "support" and updates you need to keep the device working, as per the title text.
 
:::The curve indicates that the older the device gets, the more likely it is it would be considered a best-case scenario for the device to be part of a botnet, for the aforementioned reasons. [[Special:Contributions/162.158.126.76|162.158.126.76]] 06:46, 13 March 2018 (UTC)
 
:::The curve indicates that the older the device gets, the more likely it is it would be considered a best-case scenario for the device to be part of a botnet, for the aforementioned reasons. [[Special:Contributions/162.158.126.76|162.158.126.76]] 06:46, 13 March 2018 (UTC)
 +
::::I must admit that nothing written here above or the new explanation helps me understand the curve or the legends in the graph. Also it seems people disagree so it is not just me ;-) To me it seems that it shows that the older the device is the better a case you are with. Maybe because you will have regular updates from the owners of the bot net, more so than from the company you bough it from even to begin with, and the dip is when they slow down the updates, at which point you are overtaken by the bot net and get's more updates. But it still doesn't really make sense... :D --[[User:Kynde|Kynde]] ([[User talk:Kynde|talk]]) 14:20, 14 March 2018 (UTC)
  
 
In all honesty, being added to a botnet is not really a disadvantage for the average joe. 99.99% of all "undocumented administrators" have no interest in the user, only in the power and network speed of their device. So who cares if your "smart lightbulb" is mining bitcoins for the russian mafia? Average Joe certainly doesn't
 
In all honesty, being added to a botnet is not really a disadvantage for the average joe. 99.99% of all "undocumented administrators" have no interest in the user, only in the power and network speed of their device. So who cares if your "smart lightbulb" is mining bitcoins for the russian mafia? Average Joe certainly doesn't
Line 26: Line 29:
  
 
I read this as Smart Home-Security, not Smart-Home Security. In other words, that it's talking about IOT home security cameras and other security devices, not just generic IOT stuff. This seems to explain the "rescued from peril" and "organized crime" parts a bit better. [[User:TheAnvil|TheAnvil]] ([[User talk:TheAnvil|talk]]) 16:05, 13 March 2018 (UTC)
 
I read this as Smart Home-Security, not Smart-Home Security. In other words, that it's talking about IOT home security cameras and other security devices, not just generic IOT stuff. This seems to explain the "rescued from peril" and "organized crime" parts a bit better. [[User:TheAnvil|TheAnvil]] ([[User talk:TheAnvil|talk]]) 16:05, 13 March 2018 (UTC)
 +
 +
 +
Is this really about white hat hackers? It seems more like a commentary on the state of manufacturer security updates for Smart Devices. With a 50% chance that your software is already depreciated. With the title text suggesting that maybe organised crime might end up providing the updates. [[Special:Contributions/108.162.238.101|108.162.238.101]] 02:45, 14 March 2018 (UTC)

Latest revision as of 11:29, 19 March 2018


When I went to explainxkcd right after the comic posted, I saw this in the incomplete tag: "Created by ORGANIZED CRIME". Today is the day this website has officially swallowed its own tail. Djbrasier (talk) 15:50, 12 March 2018 (UTC)

Oh no! We must eradicate this enemy- We must start violent purging- No one can be trusted! Linker (talk) 16:46, 12 March 2018 (UTC)
(We are talking about McCarthyism right now in class while I write this... heh.) Linker (talk) 16:46, 12 March 2018 (UTC)

Hmm. Isn't the concern for smart appliances usually that since they're internet-connected, they can be used to for DDoS and other nefarious purposes? I mean, a smart thermostat doesn't really have the capability to spy on its owners, right?

They can spy on your temperature preferences! (Dun dun dah!). You do have a point though. I originally was thinking more like smart home assistants, as that seems to be the craze now. That is ignoring the majority smart devices in the market though. You could get some information from most though, even it is minimal. You could get a rough floorplan from a roomba, you could get an idea what kind of products people buy with smart fridges... etc.Linker (talk) 11:29, 19 March 2018 (UTC)
A smart thermostat often knows when you are home and not. It could easily be used to develop a pattern of behavior to determine when would be the best time to rob your house. Then there's smart door locks, with the obvious consequences of hacking. But yes, botnets are one of the biggest problems. Note that the graph (accurately!) shows a not-so-great best case on day 1, as most IoT security is awful.173.245.52.67 17:18, 12 March 2018 (UTC)
Agreed. A much more likely scenario is that your device is being used for a botnet. Smart appliances aren't updated as reliably as personal computers (since they're "set and forget" devices), and the owner is less likely to notice if they've been hacked (because you won't notice if your thermostat is running a little slow), so they're a prime target for hackers. That's also why the graph shows the risk increases as time goes by - the manufacturer stops patching the device, but the hacker will keep trying to get in. --162.158.79.89 17:24, 12 March 2018 (UTC)
The risk in a smart thermostat is not the information it sends, but the fact that it is connected to your network. If the security on the thermostat is weak, it provides a gateway to the rest of your network. Hack the thermostat and install malware that sits there silently trying password combinations to the rest of your devices. Rtanenbaum (talk) 13:32, 13 March 2018 (UTC)
The risk of IOT devices is that they control physical objects and that can be used to do physical harm. A smart thermostat controlling an A/C or heat pump switch a multi-kilowatt load. Switching a few thousands, or a few hundreds of thousands, of those synchronously may do real damage to the power grid. If your more selfish the evil doer can wait till your out of town (data from the thermostat) and turn the heat to minimum or maximum so you come home to an expensive mess. 162.158.74.213 17:39, 14 March 2018 (UTC)

I’m going to give them an update they can’t refuse


Is it just me or is it strange that the older the device is the better the case? I just do not understand the graph and the explanation as it is now, does not make sense to me. In case it is just me that fails to understand it, then the explanation is still not good enough... Because: "Explain xkcd: It's 'cause you're dumb." :D --Kynde (talk) 19:26, 12 March 2018 (UTC)

It seems to me that you need to look at the area on either side of the curve. So, if a device is 10 years old, the section on the "worst case" side of the curve is larger. Therefore, it is more likely that your device is to be compromised. --Detroitwilly (talk) 19:38, 12 March 2018 (UTC)
I somewhat disagree. I don't think that it's a discrete best-case, worst-case only problem that's divided by the line, rather that it becomes so unlikely that there will be people protecting you, the best case scenario would be having your thing part of an organized crime. It's simple so unlikely that you're being protected, that having a hacked device is the best scenario. Perhaps there is some worse, unseen scenario that is so bad that having a hacked device is better in comparison. 172.68.211.244 20:12, 12 March 2018 (UTC)
It's referring to how, the older the device gets, the less likely it is the manufacturer is still maintaining it and keeping it working.
In that scenario, having your device be part of a botnet eventually becomes the best-case scenario, as the hackers would be providing the "support" and updates you need to keep the device working, as per the title text.
The curve indicates that the older the device gets, the more likely it is it would be considered a best-case scenario for the device to be part of a botnet, for the aforementioned reasons. 162.158.126.76 06:46, 13 March 2018 (UTC)
I must admit that nothing written here above or the new explanation helps me understand the curve or the legends in the graph. Also it seems people disagree so it is not just me ;-) To me it seems that it shows that the older the device is the better a case you are with. Maybe because you will have regular updates from the owners of the bot net, more so than from the company you bough it from even to begin with, and the dip is when they slow down the updates, at which point you are overtaken by the bot net and get's more updates. But it still doesn't really make sense... :D --Kynde (talk) 14:20, 14 March 2018 (UTC)

In all honesty, being added to a botnet is not really a disadvantage for the average joe. 99.99% of all "undocumented administrators" have no interest in the user, only in the power and network speed of their device. So who cares if your "smart lightbulb" is mining bitcoins for the russian mafia? Average Joe certainly doesn't 172.68.51.106 08:35, 13 March 2018 (UTC)

I read this as Smart Home-Security, not Smart-Home Security. In other words, that it's talking about IOT home security cameras and other security devices, not just generic IOT stuff. This seems to explain the "rescued from peril" and "organized crime" parts a bit better. TheAnvil (talk) 16:05, 13 March 2018 (UTC)


Is this really about white hat hackers? It seems more like a commentary on the state of manufacturer security updates for Smart Devices. With a 50% chance that your software is already depreciated. With the title text suggesting that maybe organised crime might end up providing the updates. 108.162.238.101 02:45, 14 March 2018 (UTC)