Looming wireless problems with IoT security

Security experts have two common laments:

  • Security is an afterthought, and
  • Security is hard to get right.

No place else has this been more true than in wireless security, where it took the better part of two decades to get us to where we are today.  “Wireless” can mean many different things.  It could mean 3G cellular service or Wifi or Bluetooth or something else.  In the context of Wifi, we have standards such as WPA Personal and WPA Enterprise that were developed at the IEEE.  Similarly, 3GPP has developed secure access standards for your phone through the use of a SIM card.  With either WPA Enterprise or 3G, you can bet that if your device starts to misbehave, it can be uniquely identified.

Unfortunately that’s not so much the case with other wireless standards, and in particular for IEEE’s 802.15.4, where security has for the time being been largely left to higher layers.  And that’s just fine if what we’re talking about is your Bluetooth keyboard.  But it’s not fine at all if we’re talking large number of devices, where one of them is misbehaving.

mesh-insecurity

Here we have a lighting network.  It might consist of many different light bulbs.  Maybe hundreds.  Now imagine a bad guy breaking into one of those devices and attacking the others.  Spot the bad guy.  In a wired world, assuming you have access to the switch, you can spot the device simply by looking at which port a connection came into.  But this is wireless, and mesh wireless at that.  In the case where each device has its own unique key, you can trace per session per device.  But if all devices use a shared key, you need to find other means.  A well hacked device isn’t going to give you many clues; it’s going to try to mimic a device that isn’t hacked, perhaps one that isn’t turned on or one that doesn’t even exist.

These attacks can be varied in nature.  If the mesh is connected to other networks, like enterprise networks, then attacks can be aimed at resources on those networks.  This might range from a form of a so-called “Snow Shoe” attack, where no one device generates a lot of traffic but the aggregate of hacked devices overwhelm a target, to something more destructive, like attempts to reconfigure critical infrastructure.

Some attacks aren’t even intended as such, as Raul Rojas discovered in 2009, when a single light bulb took down his IoT-enabled house.

What to do?

The most obvious thing to do is not to get into this situation in the first place.  From a traceability standpoint, network managers need to be able to identify the source of attacks.  Having unique wireless sessions between leaf and non-leaf nodes that are bound to source addresses is ideal.  Alternatively, all communications in a mesh could tunnel to non-leaf nodes that have strong diagnostic capabilities, like IPFIX and port spanning.  At that point administrators can at least log traffic to determine the source of attacks.  That’s a tall order for a light bulb, but it’s why companies like Cisco exist- to protect your infrastructure.

If none of these alternatives exist, poor network administrators (who might just be home owners like Mr. Rojas)  are forced into a position where they might need to consider the entire mesh a single misbehaving device, and disconnect it from the network.  And even that might not do the job: a smart piece of malware might notice and quiet itself until it can determine that the mesh has been re-connected.

Some careful thought is required as these capabilities develop.

[del.icio.us] [Digg] [Facebook] [Reddit] [Twitter]

Not so fast on Cheney…

This LA Times Editorial discusses the complexities of the situation.  In a nutshell, it’s not clear that the program had advanced to the point to where it triggered a Congressional notification.  Furthermore, if the program was, as is being reported, designed to take out Al Qaida chiefs, the idea that we would not have had such a program is unbelievable, itself.

[del.icio.us] [Digg] [Facebook] [Reddit] [Twitter]

Baby Shaker Shakes Apple iTunes Model

iPhoneI have an expression that I have ruthlessly stolen from Star Trek IV: The Voyage Home, and it is,  “A double dumb-ass on you!”  Today I say that to Apple, for walking into a minefield with iTunes, and controlling what applications they allow on the iPhone and iPod Touch.  It seems that someone wrote an game called Baby Shaker, in which the idea is to cause the baby on the screen brain damage.  The game is sickening and tasteless, which I generally like, but in this case, it even turned me off.

So why is Apple in trouble?  They approved publication of the game and then after parental outrage they withdrew the approval.  Oops!  Somehow to Apple this debacle was not predictable.  Here is a lesson that many in the print media as well as the networking business already know.  If you attempt to control content at all, you take some responsibility for that content.  In no way can the iTunes store be viewed as an open market, in the same way, say as eBay.  And even eBay caves into pressure to remove some items from auction.

This is only the latest in a series of minor goofs they’ve made, the last one being the other side of this coin- they had a backlog of applications that people wanted approved for release on iTunes.  Instead of simply hiring more people they seem to have relaxed their standards.  Good news for developers, but bad news for consumers who are not careful, and bad news for Apple’s image.

The purpose of Apple’s review is nominally to ensure that an application does not interfere with the proper functioning of the consumer device.  When you have millions of these things out there, the last thing you want is to increase your support costs (such as people clogging Genius Bars) due to a poorly written application.  Of course, that’s not the only reason Apple has control.  They want a cut of the money for for-profit apps.  And indeed they would have profited from the distribution of this app, which sold for $0.99.  But if you want a piece of the action you have to work for it, and in this case Apple did not.  Even though the iPhone and iTunes largely sustained Apple’s top line growth, the company cut corners on the editorial review that they seemingly hold so dear.

[del.icio.us] [Digg] [Facebook] [Reddit] [Twitter]

Shame on Obama: “They were only following orders”

Attorney General Holder this week said that it would be unfair to prosecute members of the CIA who participated in war crimes, simply because someone in the Justice Department told them it was okay.  This is tremendously disappointing news.  President Obama and his team could have sent the message that no person is above the law, that your time will come if you break the law, and if you torture.  Instead, the message they sent was that it was okay to simply follow orders of an ideologically extreme administration.  And the administration sent the message to the rest of the world that America does not hold its own accountable.  Nothing could have undermined the president’s to mend fences with the world.

Someone once said that the worst evil is not committed by those who act, but by those who do not.  Shame on this administration for not acting.

[del.icio.us] [Digg] [Facebook] [Reddit] [Twitter]