Seafood-related queries from own internet-connected vending machines brought college network to its knees


#1

Originally published at: http://boingboing.net/2017/02/13/seafood-related-queries-from-o.html


#2

Queue the Fish puns…you know, for the halibut…


#3

The Internet of Things: more shit for lazy folks who don’t want to stand up and flip light switches, or check the refrigerator for the items they need before they go shopping, or want a toaster to ping their phone when the bread is done. Literally bullshit gimmicky items built on the cheap and designed to make your life the most minuscule bit more convenient (maybe… although not that often actually) while destroying your home security.


#4

And people thought me mad for deploying VLANs on my home network.

Computers on one segment
IoT junk on another

Oh and Guest wireless for when that’s a concern.


#5

Kinda goes without saying…

https://youtu.be/a6iW-8xPw3k

but I do like me some Mel Brooks


#6

Actually no. I agree that IOT makes no fucking sense whatsoever in your home. However, this is a university campus. They spend millions of dollars every year just on maintenance. Being able to do stuff like monitor all the campus vending machines so they know which ones need refilling, or being able to monitor which light fixtures are broken over the network (two random examples) is a brilliant idea, at least on paper, with the potential to keep their infrastructure in a better state of repair with significantly less labour costs.

The problem, of course, is in the implementation, and it sounds like their IT department and/ or the contractor that installed their IOT devices fucked up big time.


#7

You’d think that, except that any implementation of IoT is going to be basically handing your network over to someone who can exploit all of that mostly idle processing power for whatever they want. Because for the amount of money you will need to spend to give yourself a reasonable suspicion that it’s secure (because you can’t guarantee security - you can only make yourself reasonably sure that you’re secure), you could hire a staff of maintenance workers who do nothing every day but walk from light fixture to vending machine to cooling system to whatever and check daily that it’s working.

It’s a great moneygrab for the folks who are selling IoT things to gullible institutions who would like to fire all of their workers and replace them with network monitoring software, but it’s mostly going to be a playground for criminals who can figure out ways to use the free processing power being handed over to them by people who think they’re “saving money” on staff.


#8

Compare the hourly rate for the guys replacing lightbulbs with the hourly rate of the guys maintaining the network. Probably closer that many people might think but still the difference says something about how many hours that you have to actually save to break even.


#9

I don’t know, sounds fishy to me.


#10

Yeah, and why can’t people make toast like they used to in the old days - was it so hard to have to flip your toast and check it every few minutes?


#11

It’s a good thing it wasn’t trying to figure out a cup of tea.


#12

Interest in Seafood? Hmmmmm sure


#13

You would think, that with the constant, very visible news that has come out over the past year of extensive IoT hacks more businesses, schools, etc would be attempting to secure their networks. Nice to see that’s not the case i guess.


#14

Not all IoT things require being connected to the internet. You can have plenty of networkable devices that are connected to their own area of the network and then accessed through a single communication point to the outside.


#15

That’s a $4500 fridge…for that kind of money I almost feel cheated it can’t do more than just show me the porn.


#16

More breaking news: Internet connected mini fridges in college dorm rooms across the country flood the network with “cheap beer” searches.


#17

Probably given a month to do it and $500 for parts.

But, we use Windows and it’s the most secure OS ever!!

Costs money and takes away from executive bonuses so no, we can’t do that.


#18

Who doesn’t?


#19

Technology: more shit for lazy folks that don’t want to stand on a chair to light their gas lamps, or walk out to their chicken coop to get an egg, or slaughter their own pigs. Literally bullshit gimmicky items built on the cheap (way cheaper than feeding chickens!) to make your life the most minuscule bit more convenient (maybe… although not that often actually - sometimes it takes me a whole day for the comcast guy to show up!) while destroying home security (good luck getting in to my house without waking the geese!)


#20

so the university used a packet sniffer to intercept a clear-text malware password for a compromised IoT device.

Doesn’t that violate the anti-hacking laws? :scream: (And before someone says that they own the hardware, do they really under current licenses?)