A WiFi connected tea kettle, the iKettle, was recently tested by Pen Test Partners and found severely lacking, spewing forth WiFi access codes for encrypted networks to unencrypted clients with just a few tricks. As reported by geek.com:
Ken Munro, a researcher at Pen Test Partners, recently took to the stage in London to show off what he and his co-workers discovered. Their mark was the iKettle, which was proclaimed "the world's first WiFi kettle" by its creators on the crowd-funding site Firebox.
He was able to trick the kettle into connecting to an unencrypted WiFi network just by giving it the same name as the encrypted network it was originally connected to and using a directional antenna to make sure the signal was loud and clear. Once they'd hijacked the wireless connection, Munro and his partner were able to convince the iKettle to spill the key for the encrypted network.
All it took was two little commands sent via Telnet. And being the helpful little kettle that it is, it even handed Munro the key in plain text.
Original Story: http://www.geek.com/news/connected-kettles-found-brewing-up-security-problems-1637249/
(Score: 4, Insightful) by NCommander on Wednesday October 21 2015, @01:12PM
Programming is easy. You throw code at the wall until it sticks and ship it.
Engineering, on the other hand, is hard. You have to make sure you handle all your use cases, fail safely, don't leak data, etc. You do that before you even touch a line of code, and make sure its peer reviewed, and signed off by any relevant stake holders. In cases where lives can impacted, independent examination and cross-checking becomes even more vital (least we have another Therac-25 [wikipedia.org]).
Creating physical devices requires engineering. You can't hire someone with a programming-only background, give him a BSP, and tell him to get cranking. Otherwise you get this.
(NOTE, in an attempt to stave off nitpickers: some engineers call themselves programmers, and some programmers call themselves engineers. They are two separate things that have long been muddled in this field.)
Still always moving
(Score: 2) by VanderDecken on Wednesday October 21 2015, @02:08PM
Where I live it is illegal to use the word "engineer" in your title unless you are in fact a ring-knocking PEng. It removes a lot of confusion.
The two most common elements in the universe are hydrogen and stupidity.
(Score: 2) by NCommander on Wednesday October 21 2015, @02:44PM
Even though it would shaft me personally if that were true in the United States, I generally agree. I don't list an education section on my resume, nor do I list any certifications aside from my EMT-basic cert, (old) Firefighter 1, and my ham radio cert (once the FCC finally gets around to issuing it)
I also hope no one reads this as a slight to anyone who identifies as a "programmer". The difference between a programmer and an engineer is a programmer can make something work, and be awesome by creating whatever they can imagine. Software engineering is the thankless job for making sure it works 99.99% of the time, meets specification, and won't eat children. Most people do both to some extent, but most lean towards the former, and not the later.
The fact is at least in the United States, software engineering as a true discipline doesn't even exist, and given its been around since World War II, I doubt that's going to change anytime soon; its just cheaper to continue with status quo. We kludge around it by requiring certification of stacks for healthcare and similar, but I'm not aware of any type of software engineering certification (in general) that approves you do SE work. It may have changed since 2008, but computer science at my college deals with basically programming 101, and a lot of theory, and algorithms, and design considerations are at best footnotes. For recent college grads, I've yet to see something resembling the skills you actually need to build a fault reliable system; I have to go into resumes and drill on the interview to even know if a person is thinking along those lines.
I'll note that most people believe C is suitable for anything beyond "portable assembly", and C++ is suitable for anything* says plenty about the field.
You have to a certain mindset to even approach this work, and you either get it through experience, or getting it drilled into your head repetitively. I've done a lot of work to actually fix design issues with this site so it can survive sudden server existence failure (and multiples depending which ones go down) which is why our uptime is absurdly good. My attitude towards software engineering has rubbed off on most of the team.
* - No, I don't like C++. I've been told C++14 fixes plenty, but that's a discussion for another time. I'm happy to discuss this point at length; I love a good debate (that's open to anyone, but be prepared to cite sources and defend your position). Not just one sentence answers.
Still always moving
(Score: 3, Informative) by NCommander on Wednesday October 21 2015, @02:55PM
Hrm, I decided check after posting that. Wikipedia on the topic:
Need to change the resume, and look up the requirements of that professional engineer exam. Ah well, something to work towards \o/
Still always moving
(Score: 2) by PartTimeZombie on Thursday October 22 2015, @12:21AM
I'm not surprised either, and I suspect most Soylentils won't be.
This device will have been designed by some Marketing Graduate and built by the cheapest Chinese manufacturer available, with no QS.
I'm sure it will sell very well.