IOT - The Internet Of Things

Post Reply
User avatar
RTH10260
Posts: 21101
Joined: Tue Mar 02, 2010 8:52 am
Location: Near the Swiss Alps

IOT - The Internet Of Things

#1

Post by RTH10260 » Wed Jun 19, 2019 1:24 pm

Computer driven appliances connected to the internt - LAN or WWW

User avatar
RTH10260
Posts: 21101
Joined: Tue Mar 02, 2010 8:52 am
Location: Near the Swiss Alps

Re: IOT - The Internet Of Things

#2

Post by RTH10260 » Wed Jun 19, 2019 1:31 pm

LIDL the German retail distributor

https://www.androidpit.de/thermomix-klo ... sicherheit translated by Google
Thermomix by Lidl: Monsieur Cuisine Connect is catastrophically unsafe

Steffen Herget

When Lidl began to offer its cheap clone of the expensive Thermomix in the previous year with the Monsieur Cuisine Connect to Germany in the previous year, the interest of the customers was enormous. Tumultuous scenes were observed in the shops, the people almost beat themselves around the food processor. Now it turns out that the Thermomix clone from Lidl is not only cheap, but also anything but safe - in a variety of ways.

Buy for just 359 euros quasi a Thermomix, otherwise costs 1,299 euros? Many customers do not say no. The second generation of the Monsieur Cuisine Connect has a 7 inch touchscreen and is much more modern than the first one. Reason Enough for the two Frenchmen Alexis Viguie and Adrien Albisetti to get a closer look at the smart food processor. When disassembling amazed the two hobbyists not bad: The cheap Thermomix clone of Lidl has a microphone behind a small hole on the front. This is neither in the manual mentioned even needed, because the Thermomix Lidl has no voice control. Why such a microphone, with which the food processor can easily be misused for espionage? One thing is clear: The hidden microphone is available and can be used via detours.

Lidl emphasizes in a statement to the French media that the microphone of Monsieur Cuisine Connect is not active. First of all, that's not easy to verify, and secondly, it's still there, of course. Activation via Lidl's Thermomix clone software is quite simple - Alexis Viguie and Adrien Albisetti have finally made it. Since the device is integrated into the domestic WLAN , can be with such a microphone and the underlying, not very well-protected Android system can wreak havoc on things,

Anyone who wants to see for themselves, what the two hobbyists could do with the Thermomix Lidl and its software, should watch the following video . Although it is in French, but also without language skills quite impressive.
Note: the integrated computer and display is nothing else than a mini tablet. Youtube can also be activated :doh:


User avatar
Judge Roy Bean
Posts: 411
Joined: Mon Aug 15, 2016 12:26 pm
Location: West of the Pecos
Occupation: Isn't it obvious?

Re: IOT - The Internet Of Things

#3

Post by Judge Roy Bean » Wed Jun 19, 2019 7:13 pm

I fear the rush to connect everything and gather information about us from it is just too tempting and the vendors are taking shortcuts to get products into the market as fast as possible. Using a generic off-the-shelf tablet as an appliance's brain makes perfect sense if you don't give a damn about how it could be abused. :x

One can only hope device manufacturers, especially those involved in healthcare, are making more responsible security decisions than the consumer-product/appliance people.
“Where all think alike, no one thinks very much.”
Walter Lippmann

User avatar
Dan1100
Posts: 3369
Joined: Sat Oct 18, 2014 3:41 pm

Re: IOT - The Internet Of Things

#4

Post by Dan1100 » Wed Jun 19, 2019 7:28 pm

Judge Roy Bean wrote:
Wed Jun 19, 2019 7:13 pm
I fear the rush to connect everything and gather information about us from it is just too tempting and the vendors are taking shortcuts to get products into the market as fast as possible. Using a generic off-the-shelf tablet as an appliance's brain makes perfect sense if you don't give a damn about how it could be abused. :x

One can only hope device manufacturers, especially those involved in healthcare, are making more responsible security decisions than the consumer-product/appliance people.
The cGMP validation process for medical devices is pretty strict. Nothing like that is going to slip by the FDA.
"Devin Nunes is having a cow over this."

-George Takei

User avatar
tek
Posts: 3402
Joined: Fri Nov 16, 2012 6:02 pm
Location: Happy Valley, MA
Occupation: Damned if I know

Re: IOT - The Internet Of Things

#5

Post by tek » Thu Jun 20, 2019 5:58 am

cGMP is more for manufacturing I think, but I haven't worked on a med device for a long time..

15 years ago, before we had the wonders of IoT, I worked on a smart pill bottle.. all it did was alert the patient's provider if the patient hadn't opened the bottle within the prescribed time.. no agency cared at all about its security.

I see the seeds of this in the work I do with the engineering school at a local university.. students can easily get out with a CS or CSE degree without ever being exposed to ANY security concepts... so when they get out in the working world, security isn't on their minds.. or in their work product.

Bolting on security after the fact rarely works out well.
There's no way back
from there to here

User avatar
RVInit
Posts: 8043
Joined: Sat Mar 05, 2016 4:31 pm

Re: IOT - The Internet Of Things

#6

Post by RVInit » Thu Jun 20, 2019 7:47 am

In the early days of beginning a second career I was hired to do contract work for the Health Department. Even as a contractor I was required to go through HIPAA and Compliance training. It would horrify me to find out anyone would be able to do work that touches in any way on the health industry, including devices, and not have to comply with the laws and ethics that apply to that industry. :eek2:
"I know that human being and fish can coexist peacefully"
--- George W Bush

ImageImage

User avatar
Judge Roy Bean
Posts: 411
Joined: Mon Aug 15, 2016 12:26 pm
Location: West of the Pecos
Occupation: Isn't it obvious?

Re: IOT - The Internet Of Things

#7

Post by Judge Roy Bean » Sun Jun 23, 2019 12:06 am

I think the problem is that so many device manufacturers rely on existing technology to accelerate their product development and deployment. Thus we wind up with deployment of devices being rapidly introduced into the clinical environment because of their apparent value in terms of data collection.

But how can they thoroughly test and integrate product "X" that has some variant or subset of an operating system as a basis for their technology? Shouldn't they have to worry about what happens when the system is actually deployed in a medical enterprise? I think now they simply rely on the customer's existing IT network security platform which is typically overwhelmed and way under-budgeted.

Like all regulation, technology quickly outpaces it.
“Where all think alike, no one thinks very much.”
Walter Lippmann

Post Reply

Return to “Computers & Internet”