LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - News
User Name
Password
Linux - News This forum is for original Linux News. If you'd like to write content for LQ, feel free to contact us.
All threads in the forum need to be approved before they will appear.

Notices


Reply
  Search this Thread
Old 02-28-2017, 09:48 AM   #1
Jeebizz
Senior Member
 
Registered: May 2004
Distribution: Slackware 14.2 64-bit with multilib
Posts: 2,373

Rep: Reputation: 636Reputation: 636Reputation: 636Reputation: 636Reputation: 636Reputation: 636
Post Children's messages in CloudPets data breach


"An open database containing links to more than 2 million voice messages recorded on cuddly toys has been discovered, cybersecurity researcher Troy Hunt has revealed."

http://www.bbc.com/news/technology-39115001

So, are IoTs really that insecure?
 
Old 02-28-2017, 10:22 AM   #2
TenTenths
Senior Member
 
Registered: Aug 2011
Location: Dublin
Distribution: Centos 5 / 6 / 7
Posts: 2,448

Rep: Reputation: 889Reputation: 889Reputation: 889Reputation: 889Reputation: 889Reputation: 889Reputation: 889
Security of many of these things is an afterthought, I found this a fascinating read:

https://www.amazon.co.uk/When-Gadget.../dp/0465031382
 
Old 02-28-2017, 12:48 PM   #3
Jeebizz
Senior Member
 
Registered: May 2004
Distribution: Slackware 14.2 64-bit with multilib
Posts: 2,373

Original Poster
Rep: Reputation: 636Reputation: 636Reputation: 636Reputation: 636Reputation: 636Reputation: 636
Relevant here.

Quote:
http://www.bbc.com/news/technology-39101533

A leading security company says it has discovered 22,000 hackable internet-connected baby monitors and other types of webcam in Barcelona.

Avast carried out the check to coincide with the first day of the Mobile World Congress trade show in the city.

"MWC 2017: '22,000 hackable webcams in Barcelona'
 
Old 02-28-2017, 01:02 PM   #4
273
LQ Addict
 
Registered: Dec 2011
Location: UK
Distribution: Debian Sid AMD64, Raspbian Wheezy, various VMs
Posts: 6,766

Rep: Reputation: 1933Reputation: 1933Reputation: 1933Reputation: 1933Reputation: 1933Reputation: 1933Reputation: 1933Reputation: 1933Reputation: 1933Reputation: 1933Reputation: 1933
The only reason "web connection" is there in these things is to share data with those who wish to buy it.
I'm doing the same on this snooping-piece-of-excrement Android typing this.
"Get with the propgram, nobody cares!".
It's expected that all and any potentially valuable information will be given to corporation in exchange for rubbish.
I'm just glad I'll not have children and will likely not see more than a decade or so.
 
Old 02-28-2017, 01:08 PM   #5
Jeebizz
Senior Member
 
Registered: May 2004
Distribution: Slackware 14.2 64-bit with multilib
Posts: 2,373

Original Poster
Rep: Reputation: 636Reputation: 636Reputation: 636Reputation: 636Reputation: 636Reputation: 636
What worries me is that this is also going into the medical field. Someone who has malicious intent can pretty much kill someone with a pacemaker (may not be net enabled, but bluetooth enabled) - though I am sure other types of devices might have some kind of net connectivity, for example a heart monitor that can be access through the net, if not secured there goes someone's medical info.

Lets not stop there, I am sure some evil person may have already figured out how to compromise even gaming consoles to be used as a bot , so imagine PS4s, Xbox One's and the upcoming Nintendo Switch. It is only a matter of time the net will see another major DDoS like the one saw a few months back. This time it could be even worse though.

Imagine, a hijacked army of printers, webcams, smartphones, gaming consoles, tvs, medical devices gathered for a major attack.

Last edited by Jeebizz; 02-28-2017 at 01:09 PM.
 
Old 02-28-2017, 01:30 PM   #6
dijetlo
Senior Member
 
Registered: Jan 2009
Location: RHELtopia....
Distribution: Solaris 11.2/Slackware/RHEL/
Posts: 1,491
Blog Entries: 2

Rep: Reputation: Disabled
I'm more concerned with the multiplication of voice activated "assistants" for home use. They, by definition, are always on, always listening and cloud connected. The vendors generally point out only meta-data is being stored on their servers however as this article demonstrates, who's to say who has access to their systems ? The other question that always runs through my mind is what kind of meta-data are they collecting and who are they selling it too.
 
Old 02-28-2017, 01:32 PM   #7
273
LQ Addict
 
Registered: Dec 2011
Location: UK
Distribution: Debian Sid AMD64, Raspbian Wheezy, various VMs
Posts: 6,766

Rep: Reputation: 1933Reputation: 1933Reputation: 1933Reputation: 1933Reputation: 1933Reputation: 1933Reputation: 1933Reputation: 1933Reputation: 1933Reputation: 1933Reputation: 1933
Quote:
Originally Posted by Jeebizz View Post
What worries me is that this is also going into the medical field. Someone who has malicious intent can pretty much kill someone with a pacemaker (may not be net enabled, but bluetooth enabled) - though I am sure other types of devices might have some kind of net connectivity, for example a heart monitor that can be access through the net, if not secured there goes someone's medical info.

Lets not stop there, I am sure some evil person may have already figured out how to compromise even gaming consoles to be used as a bot , so imagine PS4s, Xbox One's and the upcoming Nintendo Switch. It is only a matter of time the net will see another major DDoS like the one saw a few months back. This time it could be even worse though.

Imagine, a hijacked army of printers, webcams, smartphones, gaming consoles, tvs, medical devices gathered for a major attack.
That's irrelevant to both the people producing these things and the people buying them.

Android only exists because so many people (and, sadly, I'm one) have actually allowed such an appalling thing to exist. I do so because I'm gambling on not being alive when these things get worse and I know my data is worthless to advertisers (I know everyone thinks that but with my lifestyle I know it).

We're all complicit in this and we keep on being complicit.

Edit: This post is kept on record for at least 12 months because Chairman Theresa May has deigned that every person residing within the United Kingdom of Great Britain and Northern Ireland is a Paedophile and Terrorist so everything single scrap of data they exchange must be recorded for anybody with even the lowest level of government clearance to see.

Last edited by 273; 02-28-2017 at 01:35 PM.
 
Old 02-28-2017, 01:36 PM   #8
astrogeek
Moderator
 
Registered: Oct 2008
Distribution: Slackware [64]-X.{0|1|2|37|-current} ::12<=X<=14, FreeBSD_10{.0|.1|.2}
Posts: 4,458
Blog Entries: 6

Rep: Reputation: 2395Reputation: 2395Reputation: 2395Reputation: 2395Reputation: 2395Reputation: 2395Reputation: 2395Reputation: 2395Reputation: 2395Reputation: 2395Reputation: 2395
Quote:
Originally Posted by 273 View Post
We're all complicit in this and we keep on being complicit.
Not all...

Last edited by astrogeek; 02-28-2017 at 01:38 PM. Reason: Added quote
 
Old 02-28-2017, 01:37 PM   #9
Jeebizz
Senior Member
 
Registered: May 2004
Distribution: Slackware 14.2 64-bit with multilib
Posts: 2,373

Original Poster
Rep: Reputation: 636Reputation: 636Reputation: 636Reputation: 636Reputation: 636Reputation: 636
Quote:
Originally Posted by 273 View Post
That's irrelevant to both the people producing these things and the people buying them.

Android only exists because so many people (and, sadly, I'm one) have actually allowed such an appalling thing to exist. I do so because I'm gambling on not being alive when these things get worse and I know my data is worthless to advertisers (I know everyone thinks that but with my lifestyle I know it).

We're all complicit in this and we keep on being complicit.

Edit: This post is kept on record for at least 12 months because Chairman Theresa May has deigned that every person residing within the United Kingdom of Great Britain and Northern Ireland is a Paedophile and Terrorist so everything single scrap of data they exchange must be recorded for anybody with even the lowest level of government clearance to see.
Well Stallman warned us about this too, and he also stated that it is convenience over the continuous stripping of privacy.
 
Old 02-28-2017, 01:45 PM   #10
273
LQ Addict
 
Registered: Dec 2011
Location: UK
Distribution: Debian Sid AMD64, Raspbian Wheezy, various VMs
Posts: 6,766

Rep: Reputation: 1933Reputation: 1933Reputation: 1933Reputation: 1933Reputation: 1933Reputation: 1933Reputation: 1933Reputation: 1933Reputation: 1933Reputation: 1933Reputation: 1933
Quote:
Originally Posted by astrogeek View Post
Not all...
I would be surprised if you hadn't been complicit but I will allow you to judge for yourself.
Quote:
Originally Posted by astrogeek View Post
Not all...
Quote:
Originally Posted by Jeebizz View Post
Well Stallman warned us about this too, and he also stated that it is convenience over the continuous stripping of privacy.
Which is why we need people like RMS and why I take exception to anybody dismissing Free Software, GNU and the like out of hand -- it's important to us all even if, especially if, we choose to use something else.
 
Old 02-28-2017, 10:49 PM   #11
Jeebizz
Senior Member
 
Registered: May 2004
Distribution: Slackware 14.2 64-bit with multilib
Posts: 2,373

Original Poster
Rep: Reputation: 636Reputation: 636Reputation: 636Reputation: 636Reputation: 636Reputation: 636
*shakes head*


Quote:
http://www.bbc.com/news/magazine-38999403

Protect your toaster from cyber-attack

How do you make home appliances safe from hackers? Computer security expert Mikko Hypponen has a personal view.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Jury convicts hacker over AT&T-iPad user data breach etech3 Linux - News 1 11-22-2012 07:45 AM
Verizon Data Breach Investigations Report 2012 (frequently made security mistakes) salasi Linux - Security 0 10-29-2012 05:37 AM
ACS:Law fined over data breach Jeebizz Linux - News 0 05-11-2011 10:09 AM
Google in 'significant breach' of UK data laws Jeebizz Linux - News 0 11-03-2010 04:16 PM
2010 Data Breach Investigations Report Released unixfool Linux - Security 0 08-05-2010 01:38 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - News

All times are GMT -5. The time now is 09:07 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration