[chbot] Wifi Controlled Power Sockets / Internet of Things

Tue Apr 21 07:51:02 BST 2015

On Tue 21 Apr 2015 18:05:42 NZST +1200, Richard Jones wrote:

> http://www.aliexpress.com/item/EU-AU-UK-US-Smart-plug-WiFi-Smartphone-Remote-control-socket-power/32272099666.html

> I'm still considering the security implications that were raised at last
> nights meeting.

The plug you mention above is cloud based: 
"use your smartphone to turn off appliances when you're out"
"Accurate feedback: ... whether you're in LAN or remote network"
And the giveaway:
"Double protection and more safety", "LonHand Server"

That means someone somewhere always knows exactly what you're doing in
your house, whether you're home or not. Assume that this info gets
stored permanently. Assume that this someone eventually gets bought out
by google or likewise, including your personality profile. Orwell would
have a field day.

As I must have said previously, personally I put this kind of thing into
the class of "consumer junk" with respect to network security.
Irrespective of what big words their marketroids come up with and how
many times they mention "password protected", bugs won't get fixed. The
key is a feel-good instrument if the lock doesn't need it when you look
at it sideways. For wifi I suspect that that unfortunately is a fairly
safe assumption. The firmware is complex and made for time to market and
low cost.

If you have a good firewall and don't allow these things to connect out
a technically advanced neighbour / passersby may turn your light/fridge
off. You might not care, assuming the thing still "works", which it
might not. It still is a gateway for attacks on your home network
though.

Volker

-- 
Volker Kuhlmann
http://volker.top.geek.nz/	Please do not CC list postings to me.