Podcast: Play in new window | Download
Subscribe: Apple Podcasts | RSS
- Did you know you can suggest guests for The Amp Hour? Be sure to check out our posts of past guest shows first though.
- Chris is starting to do pro-bono engineering. Check out the details and submit an application for help on his blog.
- Jesse from Keyboardio did a box o’ stuff from the Shenzhen markets. We also featured his tweet a while back comparing the smart watch to starbucks breakfast.
- Dave really liked the Wired video special about Shenzhen.
- Wired also did a video about the production of a 737 at Boeing.
- If you’re going into production, Jim from Mindtribe wrote about the tests to consider.
- Mouser tracked an order through their warehouse on video. Pick and pack for warehouses is still the domain of humans but solutions like Amazon’s Kiva could speed that up.
- We enjoyed devttys0’s “Faux Intelligent Light Switch“. A nice analog circuit!
- More attacks from IoT devices. Recode asks, “Should the manufacturers be held responsible?“
- XKCD gives guidance on passwords. Chris prefer’s the “Ready Player One” method of quoting songs for passwords (to log into VR), his favorite being “No one in the world gets what they want and that is beautiful.” (They Might Be Giants)
- Shenzhen is copying Kickstarters before they even finish funding. Good or bad?
- Dave is flabbergasted at how much money a juicer raised ($120M). We are planning to have a VC on soon to discuss similar issues.
Thanks to Barnaby Walker for the picture of monster feet
+1 for seveneves and ready player one! Highly recommend them despite Dave’s reticence 😛 Thanks for a good show!
real-world monster scale automation:
used to work for a supplier to Boeing (Titanium bearings for MD-x). For their closer suppliers they would ask that we keep a cage of a few hundred SKUs in our warehouse and release them as needed.
Often their JiT process would hiccup and we’d get a call: “uh, there is wing coming down the assembly line and we need part x in less than 20 minutes”. The kid who sat next to me would drop his lunch, throw the part in his pack, and zip over to the airport on his crotch-rocket motorcycle.
Okay, IP camera attack part 2: How it is done.
These security systems have a few interfaces, a monitor (CRT), they serve web pages, a smart phone app, and telnet. Yes, telnet, command line typey typey stuff.
Most of these systems are being installed in little companies and they plug them into their modems. Not routers – modems. They are directly on the internet.
The network people have never come up with a way to easily bore holes in routers so that mom and pop can get at their IP security system from home. You have to get at a particular IP address and port to talk to the camera, and without mucking about with the router these calls are blocked.
The alternative is to have to camera call out to a server somewhere, then the customer can call that same server and see their video feed. BUT, that means that the camera company has to run a server. This is the kind of crap you get with Belkin with their “smart” wall sockets or Hue lightbulbs. To hop on your phone and tell your lights to turn on. You actually get on the internet and call down to California and talk to the servers, the servers then send a message back to your house to turn the bloody lights on. This sucks, what happens when a DDOS attack happens? You can’t turn on your lights.
The alternative, that these security systems use, is to not buy a router and just plug into the internet directly. Yeah, yeah, wide open ports, virus’, trojans, all of those first world issues.
The trick is that these systems are not little embedded systems (shameless plug: listen to the embedded.fm podcast), they run a stripped down version of Linux called BusyBox. BusyBox runs from FLASH, but you can hop onto telnet and load programs onto it and run them from RAM. If you reset these systems, they boot from FLASH and are just security systems again; leave them alone for a while and they will be taken over again.
A lot of these systems will let you put a password on the web pages, but that password was not used on the telnet port. Plus the password setting telnet command did nothing.
I tracked down one strange pattern that I saw in my access logs. Two telnet calls 5 seconds apart. It turned out to be incoming telnet calls from security systems. Someone had figured out that these systems had no ability to change the password and the defaults were one google search away. They had been hijacked and were being used to crunch bitcoins in their spare cycles, and to search out similar systems to inhabit. I managed to reboot 6 in one night. Those were just the ones that had tried to access my system here in The Great White North.
These systems were all over the world, Brazil, Pakistan, India, China, and the USA, on that particular night. So telling a bunch of first world people to reset their router password wouldn’t work. First, the worst router around will not allow admin access from the internet side, and second these boxes mostly were not in the first world and they didn’t use routers.
By default, routers block incoming telnet calls. The cameras used in the DDOS attack were wide open and were picked off like sitting ducks, waiting for someone to send them a message containing a target IP address to attack. Gather together 145,000 of them and twitter and Facebook go away.
Great show guys. One item though, if you read what Bruce Schneier writes about regarding “Choosing Secure Passwords,” using words and phrases are some of the least secure means of choosing a secure password. Crackers will use dictionaries, even from different languages, to attack a password, so using known words in a password just makes it easier for them to crack it. His advice is to take a phrase or sentence and turn it into something that is not in a dictionary such as “This little piggy went to market” might become “tlpWENT2m”.
Thanks for creating awesome shows.
ANDREI you got one part wrong
>The network people have never come up with a way to easily bore holes in routers
they actually did and its TERRIBLE, its called UPnP. Routers nowadays will happily automagically map external public IP facing port to device behind NAT with _zero_ authentication, just a simple upnp request.