What are IoT's do and don't?

Question

I just bought a smart bulb, and while I did not connect it yet, I am wondering what are the dangers of IoTs.I was thinking of buying a wireless router that I will use for my bulb and eventually anything that I would use later.I don't have big worries like getting burned by my bulb or getting listened on since that's seem to not be probable, but it is not too hard to imagine my bulb DDoSing someone somewhere.

nonrandomstring · Accepted Answer

> I just bought a smart bulb, and while I did not connect it yet, I am wondering what are the dangers of IoTs.
I think you just demonstrated the main one.
If you'd thought about the dangers of IoT before buying it you'd actually have had a chance to take meaningful action, by not buying it.
Now you're stuck with an object that is either going to cause you problems you know about but choose to roll with, or problems that you're unaware of, or is a lump of e-waste that's going into a landfill where it will cause known and unknown problems for everybody else.
The universe in which you bought a benign and useful object is probably not the same one where you're posting on HN asking just how dangerous it is.
That said, I hope it brings you great joy and lights up your life in a danger free way.

waoush · Answer

A smart bulb by itself is not particularly likely to cause any kind of harm.
IoT in general can have some risks and these have been proven, especially if your devices are linked to services outside of your device provider such as "If This Then That" (or IFTT) [1]. I am a little fuzzy on the details, but I believe some smart home appliances such as TVs expose APIs that aren't particularly secure either...
Additionally, some devices do not secure the data they transmit to whatever nearby base station [2].
Overall it is fine to buy in to IoT, just be aware of what you are buying and things that can go wrong (i.e. how can people exploit this device?). If you get actuators that adjust windows or vents based on temperature, make sure they are secure physically and can't be gamed by intruders.
I should add that although your smart bulb may not have a microphone, people can determine other things about you from data analysis or machine learning.
[1] https://www.usenix.org/conference/usenixsecurity20/presentat...
[2] http://www.cse.msu.edu/~ghtu/published-papers/Lei-Mobisys20....

suramya_tomar · Answer

It can be used as a launch pad into the rest of your network as IoT devices are notoriously insecure. There was a case a few years ago where a bank was hacked via the internet connected thermometer in the fish tank.
One option (which is what I do) is to create a separate WiFi network for your IoT devices that is isolated from the rest of your network. A lot of the modern routers have the option of a 'guest' wifi so you can enable that and use it for the IoT devices.
You should also check for and apply any security updates/firmware updates for the device and then regularly check for the same.

johndoe0815 · Answer

The biggest danger is probably being hacked... you probably know that the "S" in "IoT" stands for security :).

m1gu3l · Answer

vlan with firewall rules to block it from the rest of you network. look at traffic logs every once in a while to see if anything weird is going on.