Spying through Internet of Things

Closely related to self-defense, this Board focuses in other aspects such as Communications, and Financial.
Post Reply
User avatar
notmartha
Posts: 896
Joined: Mon Jul 22, 2013 1:16 pm

Spying through Internet of Things

Post by notmartha »

The Whole POINT of the Internet of Things Is So Big Brother Can Spy On You

Posted on February 10, 2016 by WashingtonsBlog
http://www.washingtonsblog.com/2016/02/ ... n-spy.html
The government is already spying on us through spying on us through our computers, phones, cars, buses, streetlights, at airports and on the street, via mobile scanners and drones, through our credit cards and smart meters(update), television, doll, and in many other ways.

Spying in the U.S. is worse than under Nazi Germany, the Stasi, J. Edgar Hoover … or Orwell’s 1984.

Yesterday, U.S. Intelligence Boss James Clapper said that the government will spy on Americans through the internet of things (“IoT”):


In the future, intelligence services might use the [IoT] for identification, surveillance, monitoring, location tracking, and targeting for recruitment, or to gain access to networks or user credentials.


Yves Smith has the definitive comment on Clapper’s statement:


Oh, come on. The whole point of the IoT is spying. The officialdom is just trying to persuade you that it really is a big consumer benefit to be able to tell your oven to start heating up before you get home.


Personally, I’m a tech geek, and love the latest gadgets and toys. But I don’t want my dishwasher or refrigerator sending messages to me … let alone the intelligence agencies. Despite all of the hype about IoT, I don’t know anyone who does.

We’ve previously noted that the CIA wants to spy on you through your dishwasherand other “smart” appliances. As Slate notes:


Watch out: the CIA may soon be spying on you—through your beloved, intelligent household appliances, according to Wired.

In early March, at a meeting for the CIA’s venture capital firm In-Q-Tel, CIA Director David Petraeus reportedly noted that “smart appliances” connected to the Internet could someday be used by the CIA to track individuals. If your grocery-list-generating refrigerator knows when you’re home, the CIA could, too, by using geo-location data from your wired appliances, according to SmartPlanet.


“The current ‘Internet of PCs’ will move, of course, toward an ‘Internet of Things’—of devices of all types—50 to 100 billion of which will be connected to the Internet by 2020,” Petraeus said in his speech. He continued:


Items of interest will be located, identified, monitored, and remotely controlled through technologies such as radio-frequency identification, sensor networks, tiny embedded servers, and energy harvesters—all connected to the next-generation Internet using abundant, low cost, and high-power computing—the latter now going to cloud computing, in many areas greater and greater supercomputing, and, ultimately, heading to quantum computing.


And see these comments by John Whitehead and Michael Snyder.

The Guardian notes:


Just a few weeks ago, a security researcher found that Google’s Nest thermostats were leaking users’ zipcodes over the internet. There’s even an entire search engine for the internet of things called Shodan that allows users to easily search for unsecured webcams that are broadcasting from inside people’s houses without their knowledge.

While people voluntarily use all these devices, the chances are close to zero that they fully understand that a lot of their data is being sent back to various companies to be stored on servers that can either be accessed by governments or hackers.


***

Author and persistent Silicon Valley critic Evgeny Morozov summed up the entire problem with the internet of things and “smart” technology in a tweet last week:

In case you are wondering what "smart" – as in "smart city" or "smart home" – means:

Surveillance
Marketed
As
Revolutionary
Technology

— Evgeny Morozov (@evgenymorozov) February 1, 2016



Update: The highest-level NSA whistleblower in history (William Binney) – the NSA executive who created the agency’s mass surveillance program for digital information, 36-year NSA veteran widely regarded as a “legend” within the agency, who served as the senior technical director within the agency, and managed thousands of NSA employees – read this post, and told Washington’s Blog:


Yep, that summarizes it fairly well. It does not deal with industry or how they will use the data; but, that will probably be an extension of what they do now. This whole idea of monitoring electronic devices is objectionable.

If forced to buy that stuff, I will do my best to disconnect these monitoring devices also look for equipment on the market that is not connected in any way


Postscript: As security expert Bruce Schneier points out, the entire concept of the IoT is wildly insecure and vulnerable to hacking.
User avatar
editor
Site Admin
Posts: 701
Joined: Thu Feb 21, 2013 9:24 am
Contact:

Re: Spying through Internet of Things

Post by editor »

This will become an increasing problem over the years, and is accelerating quickly.

One of the best ways to learn how to protect yourself is to visit this thread.

Knowledge is power, and in this case a little knowledge will go a long way in helping you protect yourself. I'm going to explain something that looks a little long, but I'm going to use common language to make it easy to understand. Please bear with me, when you get to the end you'll see why this is important.

Most of us these days have broadband Internet of some kind. Of those who do, most have several computers and/or devices which access the Internet including phones, tablets, televisions, etc.

Whether the source of your Internet is cable (such as Comcast) or DSL (such as AT&T), or satellite (such as Hughes), the Internet comes into our house by way of a device we'll call a "modem". Most modems have one jack on the case (called an "ethernet" port) which provides a source for your Internet.

Since we want to use multiple devices on the Internet, we connect a second device called a "router" to this single jack on the modem. The router's job is to allow access to multiple devices (phones, computers, etc.); to manage all those little bits of information, and make sure they get to and from the correct device. A typical residential router has four ethernet ports, and a radio transceiver which will provide the wireless connections for up to roughly 200 devices.

Some Internet service providers will give/sell/rent you a single device which is both a modem and a router. I don't like these combined devices, for reasons I'm about to make clear.

Routers are essentially mini-computers which run software specifically designed to route network connections and handle all those little bits of info. As far as I'm aware, all the routers you'll see in the stores run Linux. This includes routers from companies like Linksys (a division of Cisco), Netgear, Belkin, etc.

These companies sell a lot of cheap residential routers for around the $60 to $100 range. They also sell more expensive routers to corporations, running in the $600 and up range. Interestingly, most of the hardware in these routers are identical. It would be more expensive for the manufacturers to make two different circuit boards, than it is for them to make one circuit board for all their routers. The difference between the cheap and expensive routers is the software. They put better software on the expensive routers.

Since Linux is licensed under the General Public License (GPL), that means it is free, which is just one of the pretty good reason why router companies like it. The one hitch is that the GPL requires companies who make changes to Linux and distribute those changes, to also make the source code available to the public. So, long ago, router manufacturers made their source code available to the public.

As a result, several open source projects have sprouted up. Some of the most popular are DD-WRT, OpenWRT, and Tomato. These projects produce software that can be made to replace the software running on your $60 router, and turn it into a $600 router.

The cheap router you probably have in your home has a software interface which lets you control the router from a connected computer, via your browser (Firefox, Internet Explorer, Safari, or whatever you use). Usually you can get to this interface by entering the address of the router into your browser's location bar. Typical addresses are 192.168.1.1, or 192.168.1.256. If these don't work, try changing the 168.1 to 168.0, or change the 256 to 255. Some routers might use 10.0.0.1 Look on the router's case, it might give you specific instructions.

When you get to the software, look around through the menus. You won't hurt anything as long as you don't change anything.

The reason for me explaining all this to you is this: If you install the better software from one of these projects onto your router, you will have a lot more control over what can access the Internet and what can't. What's more, you can view logs and watch to see what all the devices connected to your router are doing.

Bottom line, you can blacklist any device you want so it can still have access to the local network, but is not allowed to access the Internet. Maybe you have an HP printer that works through wireless. You find out it phones home to HP (trust me, it does). Maybe you refill your cartridges and you'd rather HP didn't know about it. In any case you don't want HP to snoop on you. Using this software, you can cut the printer's access to the Internet, but still use its wireless feature to print from any computer in your home.

Most combined modem/router devices are not supported by these open source projects, which is why I don't like those devices. I've been using DD-WRT for something like ten years. It gives me way more control over my window to the world than I would have otherwise. I haven't yet tried any of the other projects, but I'm sure they have similar value. In any case I would not even consider running stock software on any router under my control.

Pause now, and ponder the consequences of having such awesome control. Was it worth the read? If so, then maybe you'll also like my next post which I'll split off for Readers' convenience.
--
Editor
Lawfulpath.com
User avatar
editor
Site Admin
Posts: 701
Joined: Thu Feb 21, 2013 9:24 am
Contact:

Re: Spying through Internet of Things

Post by editor »

In my last post I wrote about router software, and how you can control which of your devices have access to the Internet. If you think something in your house is spying on you, it's easy to cut off its communications using this software.

Now I want to write about hardware, since that's ultimately what this Internet of Things is all about. I don't know about you, but I like gadgets too. All this cool technology that does things for us. Just so long as it doesn't do things to us. As in my last post, a little knowledge, and willingness to do things for yourself, will go a long way.

Raspberry Pi

Yes, I spelled it right. Raspberry Pi is a collection of small, inexpensive computers which use System on a Chip (SoC) technology. These computers are made in the U.K. by the Raspberry Pi Foundation, whose goal is to teach programming to children. Their concept is based on the idea that mom and dad don't want the kids to tinker with the family computer, because... well... they might screw it up. So kids never learn to tinker.

Enter the Raspberry Pi. It's hard to screw it up, but if you do, it's cheap to replace. Every kid can have his own. Or two, or three...

There are now five models of this computer on the market, although at least one has been discontinued. They are:
  • The original Raspberry Pi (discontinued; Ebay $10)
  • The B+ Raspberry Pi ($25, more memory than original)
  • The A+ Raspberry Pi ($20, smaller, fewer ports)
  • Raspberry Pi 2 ($35, faster and more memory than B+)
  • Pi Zero ($5, newest. Equivalent functionally to A+)
All these computers run Linux, and yes, you read that right, the Pi Zero is just five bucks. Expect to spend extra for things like:
  • Power supply ($5 phone charger, mini USB, required)
  • Display (HDMI and composit)
  • Keyboard
  • Mouse
  • Internet connector (ethernet and/or wifi)
  • Micro SD card (required)
Keep in mind that depending on what you're using one of these for, you may not need a display, keyboard, or mouse, or Internet connection.

The Raspberry Pi 2 is powerful enough to act as a regular desktop computer, as long as you don't push it too hard. So is the B+, although it's slower than the Pi2. The other boards are suitable for all kinds of hardware projects.

The Raspberry Pi Foundation has sold over six million of these computers over the past few years. The uses go way beyond the Foundation's original intentions. People are using them for all kinds of things: desktop computers, entertainment centers, robotics, sensors, switches, control modules-- the list is as long as the depth of imagination.

One of the things that makes the Pi really special is the twenty-six programmable pins that give it access to the outside world. Using these pins you can connect sensors, such as temperature, light, sound, vibration, magnetism. Not to mention lights, switches, relays, stepper-motors. I'm leaving out a lot. There are also many add-on boards that have popped up to add even more features and possibilities.

These boards are the embodiment of the future of the Internet of Things. Best of all, if you make those things yourself then you know who, if anyone, they're calling home to, and what they are saying. And it's all not as hard as you might think.

Water Pump Controller

On my farm I have a water system that services three households. We have an artesian spring from which water flows into a pump-box. From there, water is pumped hundreds of feet, both horizontally and vertically, into two large storage tanks. The households take their water from the tanks by gravity feed.

For years the only switch to turn the pump on was the breaker. So someone had to walk upstairs to the breaker box, and turn on the switch to fill the tanks, once a day or more. Worse, someone had to remember to turn the switch off, which didn't always happen. It doesn't hurt if the tanks overflow, but it wastes electricity. The switch is in my house, so I was always getting phone calls asking if I'd turn on the water (they can see the tanks, but they're too far from me; I'm closer to the pump).

I decided to use a Pi to make a pump controller. So I bought an A+ card. I also bought a relay board from Amazon with 8 relays on it, for ten bucks. Then I bought a USB wifi adapter, and a 24VAC transformer/relay-pair. Oh, and about 150 feet of CAT5 wire. Long story short, I made my own pump controller. It keeps the tanks full, with very little overflow, and no one ever has to call and ask for water.

My controller also solved this problem: A couple years ago my water pump went out, and I replaced it with one which pumps more gallons per minute than the old one. That's fine, except it would empty the pump-box in about a minute and a half, and the pump would suck air. This put the pump in danger of overheating. It may even be why the first one went out. I have a special controller that's supposed to sense when it overheats and cut it off, but that means it has to overheat first, which is bound to cause wear.

So while I was programming my new controller, I programmed it so that while it is running a pump cycle, it will pump for one minute, rest for four minutes, then repeat for as many times as necessary to complete the cycle. This way, the pump never runs long enough to empty the box, and it rests long enough to be sure it's full before it pumps again. This is functionality I could never have gotten from a dedicated pump controller.

Then I decided I'd like to have a heat lamp in the pump box for those really cold nights. I bought another 24VAC transformer/relay-pair. Connected it to one of the seven remaining Amazon relays, and plugged in a temperature sensor I bought on eBay for less than four bucks. Now the heat lamp only comes on when the temperature is less than 32 degrees. If it's above, then it shuts itself off.

This pump controller sits just inside my porch, and operates day in and day out. It was inexpensive and easy to build. I can communicate with it from any Internet device connected to my local network, and it doesn't dial home to anyone. If I figure out more things for it to do, I still have six relays left.

This is just one example of a real project I built with a Raspberry Pi. Now the $5 boards have come out, and I'm thinking of all kinds of things I can do with them.
  • Automated switch for my aging dehumidifier (the old switch is a glorified rubberband)
  • Automated gate opener
  • Security system
  • Washing machine controller (This is a whole other story by itself. Do you know that if the control mechanism in your washing machine goes out, the replacement cost is roughly the cost of a new machine? Well, you can now build one yourself for less than $20.)
  • Router
Did you notice the last one is router? That's right, the OpenWRT has made a version of its router software that runs on the Raspberry Pi. This means you can now have a high-end router for cheaper than ever. If my current router ever goes out, this is definitely how I will replace it. By the way this project is easy. Buy the Pi, a wifi adapter and a microSD card. Download an image file from OpenWRT's website, and copy that image to the microSD card. Insert the card into the Pi, power it up, and start configuring your router. I imagine the whole project takes less than an hour.

The point of these two articles is simply that you can have modern technology, without all the spying, if you are willing to learn just a little bit about how to protect yourself. This is not as hard as you might think.
--
Editor
Lawfulpath.com
User avatar
notmartha
Posts: 896
Joined: Mon Jul 22, 2013 1:16 pm

Re: Spying through Internet of Things

Post by notmartha »

This is good information for most to have. As for me, I like to keep things simple, and I know my limitations. ;) I'm impressed with your ingenuity. My design would be more Rube Goldberg. But it would work. lol

I don't figure the grid will be around for long, and I don't want my quality of life to change that much when it goes. The less electronic gadgets for me, the better. And they can't spy through devices you don't have.

I'm sure they'll try to force smartness down our throats. I'm having smart meter issues right now. But I refuse to volunteer to be spied on.

And while this isn't exactly on topic, how would you protect all your gadgets from an EMP?
User avatar
editor
Site Admin
Posts: 701
Joined: Thu Feb 21, 2013 9:24 am
Contact:

Re: Spying through Internet of Things

Post by editor »

If you believe the authors of The Matrix, the only way to protect your electronic gadgets from an electromagnetic pulse (EMP) is to turn them off before the pulse hits.

I think the real answer depends on two questions:
  1. What is the scale and intensity of the EMP?
  2. Would your adversary want to destroy your gadgets?
EMPs can be unpredictable. You might destroy your enemy's stuff, and yours too in the process.

There is also shielding you can use, depending on how big a pulse, and how it's directed. A microwave oven is an example of an electromagnetic pulse contained inside a Faraday Cage (the shielding). If it weren't for the Faraday Cage, you'd cook a lot more than your leftovers. Of course if your device needs radio communication, then you can't completely shield it, since the antenna is an open door into your device.

Getting back to your first point for a moment, I agree that the grid will probably go down at some point. One of the nice things about these devices like the Raspberry Pi, is they take very little power to operate.

There's an interesting story that goes with the ARM chip which makes up the computer that operates these devices. Sophie Wilson, the inventor, was experimenting with different chip designs, trying to make one with lower power consumption. She had a prototype chip running, and connected to several peripheral devices, when at one point she decided to shut down the experiment, so she turned off the power to the chip. Sophie was amazed to see that seemingly without a power supply, the chip was still running. Further investigation showed that one of the peripherals had it's own power supply, and the ARM chip was running on the tiny current it was able to siphon off the peripheral.
--
Editor
Lawfulpath.com
Post Reply