Internet Dangers


#1

Many newly made IOT or Internet of Things devices are easily hacked on launch because of poor design choices.

If the Mugsy has an internet connection it should also have a hardware switch for it probably


#2

A couple of things to point out here. Mugsy doesn’t require an internet connection to make coffee. Lots of the advanced functionality does require internet but if you just want to a brew a cup you can simply not connect to your wireless.

As for IOT security issues, this is often the case but it is usually caused by two things:

  1. Using proprietary software
  2. Appliance manufacturers with zero real world software experience

Mugsy uses software that is used by billions of people every day. If there is a security issue with Apache for example, a security patch will go out extremely quickly. People are already hacking the LAMP stack all day, every day so. IOT devices with propriety software get none of these benefits and typically rely on “security through obscurity”.

Now, anything a human makes, another human can break. So I will not pretend that any system is 100% secure. But by sticking with battle tested software and keeping our source code open and available we are in a much better position to handle any new security threats.

Additionally, earlier in my career I was a Senior Info Sec Admin for a very large ISP. That doesn’t mean that
I should be considered an expert in the field at all, especially because things change extremely quickly in the info sec world. But it does mean that security has never been an afterthought for this project. Every design decision that has been made has been made with security as a top priority.


#3

Hi, all. First post, yay!

I’m still reading through forum posts, etc, so apologies if this already addressed.

Is there some pre-built OS image I’ll download when setting up Mugsy that’s already setup to auto-update security packages, etc?

If not… just thinking about the Apache updates – is there a document somewhere that describes hardening the OS config files and setting up auto-updates for security patches? This isn’t necessarily a Mugsy-specific thing, but such a doc written from a Mugsy-centric perspective might be useful as people start to build/setup their machines.


#4

Open Source is awesome!

I’m really glad that the Mugsy is so secure


#5

As long as you haven’t done anything to make your home network available to the outside world, you should be fine, right?


#6

Yup, and NAT is not needed for any of the advanced functions.


#7

I would say that 90%+ of security breaches are preventable simply by using best practices from a security standpoint. What I have seen so far I don’t see obvious flaws in mugsy not that I am an expert by any means, but from what I do see as long as packages are kept up to date it should not be vulnerable to much other than zero day attacks. Most of that could be mitigated with running something like a properly configured selinux on the system.


#8

Unfortunately there are ISPs out there that do weird stuff and customers may not always be behind a NAT/Firewall/etc. See the recent ‘attack’ on Internet-accessible Chromecasts…

Having said that, not sure there’s anything Matt needs to do for Mugsy, but a “PSA: Don’t be stupid” might be a good compromise :slight_smile:


#9

First I would say that even though ISPs sometimes do weird stuff if you have a home router you should be protected at least on a basic level. Also though I would say that basic TLS and some form of authentication on any requests coming to the API from outside mugsy should be available to fix that whole internet accessible issue. All of this is available and easy on any commonly used web server so it should not be a problem.


#10

It really is more of a coffee computer than a trusty rusty so good idea!