SoylentNews is people
SoylentNews
The Sydney Morning Herald has a report about a badly configured baby monitor.
[A mother in the Australian state of Western Australia] purchased the Uniden Smart Baby Monitor for $250 so her fly-in, fly-out partner could stay connected to their eight-month-old daughter
The device allows a user to view their child on their smart phone from anywhere in the world using a QR scan code and generic password.
However [the mother] said she was concerned about the security around the product, after it logged her into another stranger's nursery.
"I logged in through what the instructions told me to and it wasn't my daughters bedroom, it was somebody else's bedroom," she said.
[...] Uniden did not reveal if it had received any similar complaints about the smart camera.
Is any IoT device secure?
(Score: 3, Insightful) by mobydisk on Thursday January 24 2019, @10:11PM (1 child)
There is a reason that IoT is succeeding despite horrible security: there's no *easy to use* alternative. IoT "just works" no matter how insecure it may be.
My Mom bought me a Ring doorbell (A doorbell with a security camera built-in). It lets me view the video by streaming it to a cloud server and giving me an app to view it. I would rather it stream the video to a server I own in my own house. But there's a privacy -vs- ease dilemma here. To do that, I have to setup a server, put some software on it to store the video, purge it, and provide an HTTPS endpoint to stream the video. I need to open a port on my router. That's hard.
Now Ring could have made such a product, along with instructions on how to enable port forwarding. But that's much harder than providing their own cloud service. Back around Y2K, we geeks imagined a world with a server in every home. But nobody made that easy enough. So "home pages" were replaced by MySpace and Facebook, email was replaced with webmail, and centralized services replaced protocols. It's sad that camera apps have a "Share via YouTube" option but no "Upload via SFTP" option. Why support a proprietary system over a standard protocol? The internet is broken.
If we geeks want to change this, we need to do what Ring decided was not economical. We need to make home servers, and standards for them, and devices that connect to them. The problem is that's business not technology. And it might be too late since most people don't even know that they are buying an IoT device. It's a device that just works.
(Score: 2) by DannyB on Thursday January 24 2019, @10:32PM
That is a brilliant observation.
One reason why home servers are so hard is partly the scarcity of IP addresses. That scarcity leads to the ISP not giving every customer a fixed permanent IP address.
IPv6 could fix that. If you had a permanent IPv6 address, then an industry standard mechanism could be developed that would enable consumer products to tell the firewall to open a certain port. (With some sort of approval from the Firewall app to confirm this.)
Home "web servers" could become a consumer item. Different competing "web servers" might offer differing easy ways of constructing web pages. (Not editing raw HTML, JS, CSS, etc.)
I'm dancing around the issue of DNS. But buying and setting up a domain name to your fixed IPv6 address could be a standard feature in home routers.
The lower I set my standards the more accomplishments I have.