Getting a bit metaphysical for me but if by saying security is never absolute then I think the vast majority would agree but that doesn’t mean you don’t try to avoid obvious risks. I know I can die every time I get behind the wheel yet I buckle up even though I know it doesn’t guarantee my safety. Is the seat belt there to make me feel secure ? Btw I used to sleep with the bedroom windows open until we had our son and the wife came out strongly against it.
1 Like
You are right. See it’s a conflict. Are you safety with the seatbelt on? Or are you just safer than with it off? Hopefully you’ll never know.
Adjusting the risk levels we take are the decisions we make every day. Do we? Or do we not?
Security, by definition is not possible. More secure or less secure is the actual choice we face.
Now, don’t get me wrong. I firmly believe that a company absolutely must take all measures to secure their clients information. Then we as the client must choose our level of perceived security.
If we are to obtain the security that everyone demands then we as the consumer can have only one choice, complete isolation. And even then it dies not exist.
To use technology we must accept the fact that our information is vulnerable, and always will be. We must accept it as it is presented.
2 Likes
False. Not easier to steal.
IOT is much easier to hack than a bank. Where are the leagues of trained defense organizations protecting IOT? Where are the government regulators?
Plus the banks almost always have strict liability.
When you get robbed… the liability is yours. You may choose to insure some of it away for a price, but only the monetary things.
But it’s probably just as easy to hack someone’s bank account in much the same way these particular ‘IoT’ hacks were carried out and if someone steals your money that way, you might find that you ARE liable and you’ve lost your money that way.
Hacking the bank directly is not the only way to steal people’s wealth from a bank.
Benji -
Banks are aware of this and long ago starting instituting measures to deal with this. 2 Factor Auth, Not allowing a 3rd party app to auth without appropriate limited privileges (for a bank - read only is pretty safe), advanced Intrusion and Fraud heuristics, etc. Financial Institutions, albeit still lacking IMO, have some of the most advanced security practices there are.
So no. Not as easy to hack someone’s bank account in the same ways.
Just because a bank has 2FA, doesn’t mean they force their users to use it and that’s besides the number of big banks that still don’t have 2FA options at all.
Doesn’t matter how regulated banks may be if they’re still at the mercy of weakest link which is usually the end user.
People still write passwords on paper and stick them to their computers.
Your reply ignores the other layers of the security models used by banks.They are not perfect by any means, but this idea of comparing banks to IOT is asinine. They are at much different stages of maturity in terms of their security. They have different laws and different risks associated with their business models.
Even if banks were completely hackable and pwned 24x7x365, and I kept my money in one - that doesn’t mean I want some dipsh*t to be able to hack into my smarthome. For one, lives are more important that cash.
All of which can also easily be avoided. You’re still thinking in terms of ‘hacking’ the bank rather than ‘hacking’ the weakest link, the user.
Oh, really Benji? I am quite aware of this works Benji.
Users are phished and credentials are stolen, but then guess what? Fraud Detection and Prevention SHOULD kick in. Does this account regularly transfer funds? Do they transfer more than x over x? Do they transfer to lithuania? Automated algos.
Most consumer bank accounts require advanced authentication for any such transfers. You will get a phone call to authenticate, etc. These are but examples.
But again, I am sure you will tell me how it all works.
Tell me Benji. If you are phished - what is the bank’s liability?
1 Like
I take it all back, you’re right, I’m wrong 
Very upsetting.
This has been making circles all day. I don’t know why is upsetting? The author says…
“…when a piece of malware can trigger that fire alarm at four in the morning or unlock your front door for a stranger” well…ask @JDRoberts we don’t need any malware, we have ST. This is my dirty joke about ST, but seriously though, why the scare. Any piece of software is vulnerable to malware so why HA software would be different. If you stick your fingers in an outlet, you will get electrocuted.
4 Likes
Your money is online, and easier to steal. Criminals who can hack like this simply aren’t interested in showing up at your door and meeting your dog or seeing if you believe in the second amendment.
This is overblown like most news these days. Still ST should fix obvious holes, but please don’t overreact and make it arduous for developers and users.
3 Likes
And I’m sure that shiny Kwikset gives up the goose pretty quickly when picked or bumped.
3 Likes
It’s easier to break a window. Takes seconds, and absolutely zero effort. The only real security is deterrents and video. Everything else is a pacifier or at best an annoyance to the thief.
2 Likes
don’t use ST for a security system its a home automation “hobby” with some security type notifications. if you want a security system pay someone the monthly fee and have it professionally installed. I worry more about my car being hacked than my front door.
2 Likes
Tell that to SmartThings. They sell it as a security system, with a monthly fee for professional monitoring.
2 Likes
Ehh, wait till some asshole unlocks the doors of all smartthings users with a few lines of code. I’m more concerned with something like this surfacing http://www.forbes.com/forbes/welcome/#4b4e928e174c
Penetrating the security of thousands of homes without anyone potentially knowing it. It’s like saying ADT could be circumvented over the internet, Smartthings should not sell its products as a security substitute if it cannot live up to the exceptions of a substitute.
@Cino, trade in your Japanese car and get an Audi.
1 Like
I think people missed my point about banks versus homes. It’s the physical aspect thats blocking. Of course banks have better security, but thieves can’t suck diamond rings through the internet.
I’ll attempt to setup a likely scenario: Let’s say a guy with some skills decides to unlock some of his neighbor’s houses. First he has to figure out what neighbors have ST. How does he know that? Then he unlocks this neighbors house (assuming they have smart locks) and disables notifications and cameras if any. Now that hacker has to do real work and walk into this home and chance that there is no dog or other security including someone still home. Really?
Anyone think that’s easier than downloading lists of stolen credit card numbers online or stealing CC numbers while running them at a restaurant and then ordering to your heart’s content online. Silly.