DDoS attack on Finnish automated buildings disabled heating controls


Originally published at: http://boingboing.net/2016/12/02/ddos-attack-on-finnish-automat.html


I hope that there is a very good reason why this fancy network connected system doesn’t include a “when in doubt, act like a dumb thermostat using these sensible defaults until further orders are available” feature; or somebody needs to be fed to the ice weasels.


Remember this when you think how awesome it would be to connect your appliances to your home network and then open it up for control off-site by smartphone.


We used to have a solution, it was called an air gap. it can still be defeated, but it’s really hard to attack it thousands of times per second. Is that too low-tech for the whiz-bang internet?


This was more fun when I saw it on Mr. Robot.


Is there a directory anywhere yet of open-source or proprietary IoT and home automation devices that meet best practises for IT security or allow the user to get under the bonnet?


There is no such reason.


And now I’ve got an idea for my next Shadowrun campaign…


I had read this article a few weeks back elsewhere online and some of the points left out in the blurb in the blog post (for those that have not read the article). From what i recall the system thankfully could be overridden locally, i think the problem was resolved within an hour or two.

I hope these occurrences makes engineers and designers push toward better safety protocols for IOT or connected systems. Thus far it seems like anything that is online is ripe for the taking.


Not everything needs to be networked and not every network needs to be connected to the entire world.

Some of this stuff just becomes silly and since there is no way to secure any system 100%, the basic rule of security is to limit access to only those who need to use a given thing.

You can’t remotely hack a thermostat that isn’t connected to the outside world no matter how “elite” you are.


I swear to the non-existent gods that I’m going to end my life as either Amish or living in a Zen monastery owning one robe and one bowl. This after a lifetime of tech starting at age 8.


Remind me again what other countries east Finland is closest to? Oh yeah, I remember now…




It might be a matter of life and death if it continues for days and it’s actually cold outside like −15°C or something. We don’t live in shacks you know. If the heat goes out and you have no family or friends with house you just go and buy a space heater if you have electricity.

The only person I know who died in the cold was teenager that passed out drunk in the snow.


People die of the cold every year in the UK, and it’s not even that cold here. Old, frail people, who may not have anyone to depend on, or money for a space heater.


Newest data I could find said that about 80 people die of cold yearly. 90% in those cases 3 top reasons we’re alcohol, heart conditions and falling down. Stuff like double or triple glazing, insulation and central heating are almost universal around here.


I don’t know that there’s a good reason, but the thinking might be that whoever manages the buildings wants to make sure that some penny-pinching tenants didn’t accidentally freeze themselves while also making sure that operating costs were kept in line by stopping anyone from trying to pretend they were in the tropics.


The solutionists who feel everything is better connected to the internet really need to read more science fiction.

[quote=“Grey_Devil, post:9, topic:90492”]
better safety protocols for IOT or connected systems.[/quote]

Like not connection critical systems to the internet.

Oh, it is. Anyone considering connecting something to the internet should assume it will eventually be compromised.


This topic was automatically closed after 5 days. New replies are no longer allowed.