Different criminals, different targets. For example, there is a neighborhood about 5 miles from me where Mail gets stolen out of the mailboxes all the time. Doesn’t happen in my neighborhood. The difference is the other neighborhood is much wealthier, and their mail is more likely to be worth stealing.
The worst neighborhood in terms of hacking is one with affluent bored teenagers. You even see drive by hacking, where they drive around until they find an unsecured Wi-Fi signal and then just play. Maliciously. Clockwork Orange mentality.
Addicts who need to find something to sell are not going to pay any attention to your Wi-Fi network. Techno punks may, and they’ll likely go for targets of opportunity.
Although this is really meandering from the original topic (apologies, @tslagle13, I promise to stop it here), your last post reminded me of this recent article in the NY Times by Nick Bilton about a vulnerability in cars that use transponder fobs instead of keys or traditional remotes for locks & ignition: Keeping Your Car Safe From Electronic Thieves
There are a number of factors that contribute to the phenomenon described in the article, not the least of which is where a person parks in proximity to both where they spend enough time to become a victim and to where someone with preparation and intention to perform this exploit. But clearly some folks’ activity check all the boxes, and, as you said, become a target of opportunity.
I just wanted to mention also that you can buy additional security simply by using isolated networks.
I don’t use SmartThings for my home security. That’s a completely different system, not connected to my home wifi.
I have one wifi network used for VPN stuff.
I have a completely separate network for unimportant stuff, like Netflix, and, at my house, home automation.
So my hue bridge and SmartThings are not connected to the same computer or same wifi network I do my secure stuff on.
A lot of people don’t care about taking things to that level, and don’t want to hassle with multiple networks.
So I’m not suggesting most people will do that, just saying if you are worried about home automation being a breach point, that one’s easy to fix by putting it on a separate network altogether. There’s a dollar cost, but it’s easy to do.
I don’t know a whole hell of a lot about network stuff beyond changing passwords and accessing the router via its IP and whatnot. I’ve never created a VPN, but would there be some value to doing so? Additional security for ST and secure access from remote locations?
My ST hub should get here Thursday and then I get to really play. Stupid Wink is a child’s toy.
I’m not sure if it’s just my brain or your text, but it seems like you said it two different ways here (in the first sentence, the lower one is connected to ‘theirs’, but in the second sentence, you have the ‘upper’ one connected to theirs).
Any chance you could say it again?
I assume it depends on what kind of equipment I have as far as whether or not this is even possible, right?
If I do have what it takes, I will do this soon.
If not, I will put ‘Router Replacement’ higher on the priorities list.
all you need is two routers in addition to what the ISP give you. Then you can make a DMZ that they dont have access to and anyone wanting on your network from the internet has to crack three total routers Cable companies, your upper and your lower
Hey Tim, I know you recently mentioned this on the BloomSky thread, so I thought I give it a try and to my surprise, disabling the ssid broadcasting made my connection go nuts! How can you explain this? The trend on the left is my undisclosed ssid, once I turned it back on, my connection stabilized instantaneously. Thought I’d share, in case anyone attempts to do this and doesn’t know what caused the wifi to act up…
Alot of good information on here but i was expecting Security regarding Smartthings.
Does the Smart Home Monitor Security feature arm itself ARMED(AWAY) if everyone is away and does it go to ARMED (STAY) when someone comes home? Or is this meant to be a push/manual item where if your father for example has a key to get in your house…he comes in and Disarms it (within a time period) then arms it again on the way out?
Since I’m so fresh I didn’t know that you setup routines for that. Then I found a really good Smart App I think called “Routine Director” So far no false trips. I cannot have my motion sensors on it at all because of my cat.
You are responding to a post which is over a year old, and @slagle now has a new handle, but the vector described is exactly the one used in a “ping flood attack,” which also happens to be one of the most frequent vulnerabilities for IOT systems.
Disabling ICMP as was suggested is indeed One of the standard options for shutting down these attacks, and it can still be a useful approach in an emergency situation.
How is a Ping flood attack mitigated?
Disabling a ping flood is most easily accomplished by disabling the ICMP functionality of the targeted router, computer or other device. A network administrator can access the administrative interface of the device and disable its ability to send and receive any requests using the ICMP, effectively eliminating both the processing of the request and the Echo Reply. The consequence of this is that all network activities that involve ICMP are disabled, making the device unresponsive to ping requests, traceroute requests, and other network activities.
However, as you noted, this isn’t really a good preventative measure because it shuts down a lot of other necessary network traffic.
So for a largescale critical system, these days best practices is probably adding a secondary layer to handle the requests With a variety of fallover options should a ping flood attack occur.
I agree the consequences need to be considered, and that’s a very important point not discussed in the original post. But it is also true that there are attacks which involve not just an initial ping, but a flood of repeated pings.
Thanks - didn’t realize it was this old a thread … was actually looking for TFA for Smartthings when I stumbled across this thread (and got the info I needed for TFA - just had to look in right place).
Yeah, I was quick to jump on this thread … every day I see people having problems with various areas of networks and it’s often because they blocked all of ICMP and don’t understand the different types inside of ICMP. There are some things in ICMP that should always be blocked and some that are useful and even required in order for networks to function properly (varies of course). That being said, I don’t believe any IOT device should ever be on a public IP address - it should always be behind a stateful inspection firewall of some form. Assuming that is always the case (not a good assumption lol) then ping floods and stuff like that shouldn’t be a possible attack vector in the first place.