Download the Full Version of textbook for Fast Typing at textbookfull.

com

IoT security issues Gilchrist

https://textbookfull.com/product/iot-security-issues-
gilchrist/

OR CLICK BUTTON

DOWNLOAD NOW

Download More textbook Instantly Today - Get Yours Now at textbookfull.com

 Recommended digital products (PDF, EPUB, MOBI) that
you can download immediately if you are interested.

Security in Iot Social Networks Fadi Al-Turjman

https://textbookfull.com/product/security-in-iot-social-networks-fadi-
al-turjman/

textboxfull.com

Antimicrobial stewardship 1st Edition Gilchrist

https://textbookfull.com/product/antimicrobial-stewardship-1st-
edition-gilchrist/

textboxfull.com

Ubiquitous Computing and Computing Security of IoT N.

Jeyanthi

https://textbookfull.com/product/ubiquitous-computing-and-computing-
security-of-iot-n-jeyanthi/

textboxfull.com

Industrial IoT Challenges Design Principles Applications

and Security Ismail Butun

https://textbookfull.com/product/industrial-iot-challenges-design-
principles-applications-and-security-ismail-butun/

textboxfull.com
Demystifying Internet of Things Security: Successful IoT
Device/Edge and Platform Security Deployment Sunil Cheruvu

https://textbookfull.com/product/demystifying-internet-of-things-
security-successful-iot-device-edge-and-platform-security-deployment-
sunil-cheruvu/
textboxfull.com

Flexible Network Architectures Security : Principles and

Issues First Edition Rudra

https://textbookfull.com/product/flexible-network-architectures-
security-principles-and-issues-first-edition-rudra/

textboxfull.com

IoT: Security and Privacy Paradigm (Internet of Everything

(IoE)) 1st Edition Souvik Pal (Editor)

https://textbookfull.com/product/iot-security-and-privacy-paradigm-
internet-of-everything-ioe-1st-edition-souvik-pal-editor/

textboxfull.com

The IoT Architect's Guide to Attainable Security and

Privacy 1st Edition Damilare D. Fagbemi

https://textbookfull.com/product/the-iot-architects-guide-to-
attainable-security-and-privacy-1st-edition-damilare-d-fagbemi/

textboxfull.com

Security designs for the cloud, IoT, and social networking

First Edition Chintan M. Bhatt

https://textbookfull.com/product/security-designs-for-the-cloud-iot-
and-social-networking-first-edition-chintan-m-bhatt/

textboxfull.com
Alasdair Gilchrist
IoT Security Issues
Alasdair Gilchrist

IoT Security
Issues

First Edition

PRESS
ISBN 978-1-5015-1474-6
e-ISBN (PDF) 978-1-5015-0577-5
e-ISBN (EPUB) 978-1-5015-0562-1

Library of Congress Cataloging-in-Publication Data

A CIP catalog record for this book has been applied for at the Library of Congress.

Bibliographic information published by the Deutsche Nationalbibliothek

The Deutsche Nationalbibliothek lists this publication in the Deutsche Nationalbibliografie;
detailed bibliographic data are available on the Internet at http://dnb.dnb.de.

© 2017 Walter de Gruyter Inc., Boston/Berlin

Printing and binding: CPI book GmbH, Leck
♾ Printed on acid-free paper
Printed in Germany

www.degruyter.com
|
To Rattiya and Arrisara
Acknowledgements
Much of the research in this book stems from Internet research based on published
industry reports from Gartner, Cisco, Beecham’s, Pew Research Center among
many others. I would also like to acknowledge the many security resources availa-
ble on the Internet such as Privacy International, OWASP, Microsoft Technet, and
the Online Trust Alliance. Additionally, little of the section on Internet surveillance
would have been possible to verify had it not been for the Guardian and Washing-
ton Posts published articles on the Edwards Snowden files and the Guardian’s arti-
cles on the Investigatory Powers bill in the UK.
I would also acknowledge the efforts of Jeffrey Pepper and Megan Lester at
De Gruyter for their efforts in publishing this book, as well as Stephanie Defrayne,
Angie MacAllister and Scott MacAllister for their copy editing, technical verifica-
tion and formatting help.
Contents
Introduction | 1

Part I: Making Sense of the Hype

Chapter 1 – The Consumer Internet of Things | 5
A Wave of Technology, or a Wave of Hype | 5
IoT Skeptics and the Role of Security Issues | 6
The Internet of No-thing | 7
Where are these IoT devices? | 8
Why the ambiguity in IoT uptake? | 9
The Media and Marketing Hype | 9
Lack of Killer Applications | 11
There be Monsters | 11
Buying Secure IoT Devices? | 12
Making Things That Just Work | 16
Is this a consumer Internet of things? | 16
Skepticism, but the future looks bright | 17
Consumer Trust – or Lack of It | 19
Losing Control? | 19
Toys for the Rich | 21
IoT isn’t DIY | 22
Is Security a Major Inhibitor? | 23

Part II: Security

Chapter 2 – It’s Not Just About the Future | 27
Looking back to move forward | 27
Security by Design | 29
Data Mobile Networks | 30
A Confluence of New Technologies | 32
Basic Security Practices | 34

Chapter 3 – Flawed, Insecure Devices | 35

Why are so many insecure devices on the market? | 35
A Manufacturer’s Perspective | 35
The Device Production Cycle | 36
Software development in an agile market | 37
x | Contents

Clash of Cultures | 37
Developers and the Security Puzzle | 38
Reputational loss | 40

Chapter 4 – Securing the Unidentified | 43

The Scale of the Problem | 44
What Type of Devices to Secure? | 44
Unplanned Change | 44
The Consumer’s View on Security | 45

Chapter 5 – Consumer ConvenienceTrumps Security | 49

Plug n’ Pray | 49
Easy install – no truck rolls | 51
Convenient but insecure | 51
Many home networks are insecure? | 53
Customer Ignorance | 53

Chapter 6 – Startups Driving the IoT | 55

Installing IoT Devices | 56
Security knowledge is lacking | 56

Chapter 7 – Cyber-Security and the Customer Experience | 57

Pushing Security onto the Consumer | 58
Industry regulations and standards – where are they? | 58
The home ecosystem | 59
Security negativity | 60
Security Anomalies | 61
What device can be trusted | 61

Chapter 8 – Security Requirements for the IoT | 65

Why security issues arise | 65
Security and product confidence | 66
Me-too manufacturing | 66
Cutting development costs | 67
Security is not an extra | 67
Loss of product trust | 68
Designing appropriate security | 69

Chapter 9 – Re-engineering the IoT | 71

Comparing Apples and Oranges | 73
The Bluetooth lock saga | 74
Device vulnerabilities and flaws | 75
 Contents | xi

Flawed firmware | 76
Code re-use | 76
The issue with open source | 77

Chapter 10 – IoT Production, Security and Strength | 79

Manufacturing IoT Devices | 80
ODM design | 81
The tale of the Wi-Fi Kettle | 83
Push Vs. pull marketing | 83

Chapter 11 – Wearable’s – A New Developer’s Headache | 85

IoT by stealth | 87
The consumer IoT conundrum | 90
Designing in Vulnerabilities | 91
Passwords are the problem | 93
Why are cookies important? | 94

Chapter 12 – New Surface Threats | 97

Hacking IoT Firmware | 97

Part III: Architecting the Secure IoT

Chapter 13 – Designing the Secure IoT | 107
IoT from an Architect’s View-Point | 109
Modeling the IoT | 109
IoT communication patterns | 111
First IoT design principles | 113

Chapter 14 – Secure IoT Architecture Patterns | 117

Event and data processing | 118

Chapter 15 – Threat Models | 121

What are threat models? | 121
Designing a threat model | 122
6 steps to threat modeling | 122
Advanced IoT threats | 124
Devices | 124
Networks | 125
Infrastructure | 127
Interfaces | 127
xii | Contents

Part IV: Defending the IoT

Chapter 16 – Threats, Vulnerabilities and Risks | 131
IoT threats & counter-measures | 131

Chapter 17 – IoT Security Framework | 135

Introduction to the IoT security framework | 135

Chapter 18 – Secure IoT Design | 141

IoT Network Design | 145
IoT protocols | 148
The IoT Stack | 149
Link layer | 150
Adaption layer | 152
IPv6 & IPsec | 154
Routing | 154
Messaging | 157

Chapter 19 – Utilizing IPv6 Security Features | 159

Securing the IoT | 162
Confidentiality | 162
Integrity | 162
Availability | 163
Link layer | 164
Network layer | 164
Transport layer | 165
Network security | 165

Part V: Trust
Chapter 20 – The IoT of Trust | 169
Trust between partners – there isn’t that much about | 170
IBM Vs. Microsoft | 171
Apple vs. Samsung | 171
Uber Vs Crowdsources drivers | 172
Manufacturer and customer trust model | 172
Dubious toys | 173
Kids play | 174

Chapter 21 – It’s All About the Data | 175

Appropriating data | 176
The Data Appropriators | 177
 Contents | xiii

Where is the fair barter? | 178

Trust by design | 179

Chapter 22 – Trusting the Device | 185

Hacking voicemail | 188
Unethical phone hacking | 189

Chapter 23 – Who Can We Trust? | 191

Free is an Earner | 193
Pissing into the Tent | 193
IoT Trust is Essential | 194
The Osram debacle | 194
LIFX’s another Hack? | 195
Balancing Security and Trust | 196
So, Who Can We Trust? | 196
Open Trust Alliance | 197

Part VI: Privacy

Chapter 24 – Personal Private Information (PIP) | 201
Why is the Privacy of our Personal Information Important? | 201
Collecting Private Data | 204
Data is the New Oil, or Is It? | 204
Attacks on data privacy at Internet scale | 205
Young and Carefree | 206
Can we Control our Privacy? | 207
Ad-blockers – They’re Not What They Seem | 207
Google and the dubious ad blockers | 208
Privacy Laws Around the Globe | 208
United States of America | 209
Germany | 210
Russia | 211
China | 211
India | 212
Brazil | 212
Australia | 213
Japan | 213
UK (Under review) | 213
Different Laws in Countries – What Possibly Could Go Wrong | 214
Facebook’s EU Opt-out Scandal | 214
xiv | Contents

Chapter 25 – The U.S. and EU Data Privacy Shield | 217

When privacy laws collide | 219
Losing a Safe Harbor | 219
After the closure of the Safe Harbor | 220
Model and Standard Contractual Clauses | 220
The new EU – US Privacy Shield | 220
New shield or old failings | 221
Contradictions on privacy | 222
Leveraging the value of data | 224

Part VII: Surveillance, Subterfuge and Sabotage

Chapter 26 – The Panopticon | 229
The good, the bad and the ugly | 229
Home surveillance | 229
Law enforcement – going dark | 231
Dragnet Exploits | 233
The 5-Eyes (FVEY) | 235
PRISM | 237
Mastering the Internet | 241
Project TEMPORA | 241
XKEYSTORE | 243
Windstop | 244
MUSCULAR | 244
INCENSER | 246
Encryption in the IoT | 249
The Snooper’s charter | 251
Nothing to hide nothing to fear | 254
Its only metadata | 255

Index | 257
Introduction
IoT Security Issues looks at the burgeoning growth of the multitude of devices
controlled by the Internet, where product comes first and security second. In this
case, security trails badly. This book examines the issues surrounding these prob-
lems, vulnerabilities, what can be done to solve the problem, investigating the
stack for the roots of the problems and how programming and attention to good
security practice can combat the problems today that are a result of lax security
processes on the Internet of Things.
This book is for those interested in understanding the vulnerabilities on the
Internet of Things, such as programmers whose primary focus is not the IoT, se-
curity professionals, and a wide array of interested hackers and makers. This
book assumes little experience or knowledge of the Internet of Things on the part
of its readers. To fully appreciate the book, limited programming back- ground
would be helpful for some of the later chapters, though the basic con- tent is
explained.
The author, Alasdair Gilchrist, has spent 25 years as a company director
in the fields of IT, Data Communications, Mobile Telecoms and latterly Cloud/
SDN/NFV technologies, as a professional technician, support manager, net-
work and security architect. He has managed both agile SDLC software devel-
opment projects as well as technical network architecture designs. He has ex-
perience in the deployment and integration of systems in enterprise, cloud,
fixed/mobile telecoms, and service provider networks. He is therefore knowl-
edgeable in a wide range of technologies and has written a number of books in
related fields.

DOI 10.1515/9781501505775-001
|
Part I: Making Sense of the Hype
The hype surrounding the IoT that consumers have been subjected to over the
last decade is truly astonishing. We have been told that 50 billion devices will be
connected to the Internet and communicating with one another, and that they
will deliver untold of pleasures. An Internet of 50 billion devices all sharing data
and collaborating will produce a lifestyle experience that was impossible to con-
sider even a decade ago. We will have autonomous vehicles, drones delivering
parcels, even drones as air taxis, bots answering contact centres and even the
possibility of cyber-sex with virtual reality robots.
The problem is that we cannot just accept the hype as consultants, security
practitioners and regurgitate this to our clients – we must keep an open mind and
try to balance evangelism versus skepticism.
So, where has the promise of the Internet of Things gone astray? After all, we
were promised a new world not so long ago, a world that heralded the connectiv-
ity of devices that would make our lives so easy and fulfilling.
Did the proponents of the IoT overstate their case? Did they perhaps believe
that the IoT would escalate to a disruptive level, such as the smartphone and the
tablet? Perhaps they did, but we are still not seeing that through future projec-
tions, which still look optimistic.
In this section, we will consider why the IoT has not grown exponentially as
predicted, and why consumers are so reticent to embrace the technologies. After
all, when we think in terms of securing the IoT, we need to understand why the
public has not embraced a truly innovative array of solutions and products as
they have other technologies.
Therefore, in this opening chapter, the consideration in regard to how con-
sumers can analyze the hype and come to realistic terms with the IoT.

What the reader will learn is:

1. Hype is often misconstrued through evangelists vs. skeptics
2. ‘Things’ are very ambiguous and dependent on the definition of IoT
3. The public doesn’t always know what they want or understand IoT
4. Companies and media are often technologically biased in surveys
5. Public surveys and results are contradictory
6. Poor enthusing examples of the IoT are holding IoT adoption back

DOI 10.1515/9781501505775-002
Chapter 1 – The Consumer Internet of Things
The Internet of Things, is a real enigma, not only is it such a vague term, covering
all sorts of network capable connected things, which can be anything from a light
bulb to a car to a home security system. It also appears to have almost unlimited
scope bringing just about any modern consumer gadget or technical appliance,
under its umbrella by virtue of its very loose definition.

Here are some common definitions:

The “Internet of Things” (IoT) is a system of interrelated computing devices, mechanical

and digital machines, objects, animals or people that are pro- vided with unique identifiers
and the ability to transfer data over a network without requiring human-to-human or hu-
man-to-computer interaction.

From WhatIs.com:

“The Internet of Things (IoT) describes the revolution already under way that is seeing a
growing number of Internet-enabled devices that can network and communicate with each
other and with other web-enabled gadgets. IoT refers to a state where Things (e.g. objects,
environments, vehicles and clothing) will have more and more information associated with
them and have the ability to sense, communicate, network and produce new in- formation,
becoming an integral part of the Internet.”
By Technology Strategy Board – IoT Special
Interest Group

There are many more definitions of the IoT that can leave us bemused, but if we
cannot agree on a definition then how can we secure it?

A Wave of Technology, or a Wave of Hype

The IoT rides on a wave of promise that its supporters claim will revolutionize our
lives and the way we interact with the world, and what is more, this will happen
within only the next decade or so. Indeed, depending on whom you listen too,
some of the ardent IoT supporters such as Cisco, believe the IoT will be responsi-
ble for 50 billion (things) devices being online and connected to the Internet by
2020. Cisco does have a more expansive conceptual view where they include
sources of data such as people, machines or even cows, in an agricultural sce-
nario, within an Internet of Everything. There is no doubt we are seeing and will

DOI 10.1515/9781501505775-003
6 | Chapter 1 – The Consumer Internet of Things

continue to see a significant industrial and agricultural increase in the role sen-
sors and other IoT devices will play. But the consumer market continues to trail
expectations.
Gartner and General Electric have major interests in the field; however, they
are a bit more reticent and have a restricted scope of the IoT to sensors and de-
vices. As a result, they are making a more conservative forecast of the IoT’s short-
term growth and financial potential. Hence they are speaking 20-25 Billion de-
vices and 1.9 trillion new dollars spent by 2020.
These forecasts, regardless of the variance between the two sets of figures,
are astonishing predictions. Yet, perhaps not; this may well be due to the ambig-
uous nature of these things. Initially, when we consider these new things it is
typical to think of network-connected devices and gadgets such as wearable’s,
like the smart watch and the fitness bands. Some other, commonly identified con-
sumer IoT devices are the smart thermostat, light bulbs and the smart TV.
Cisco and their fellow supporters of IoT, with some justification, claim that
this wave of new consumer buying will produce trillions in new dollar spending
across the IoT in the consumer, industrial, enterprise and commercial land-
scapes. Furthermore, in 2015, Gartner said that 6.4 billion ‘things’, might be con-
nected and in use in the consumer IoT ecosystem alone by 2016. Furthermore,
they predicted an acceleration of 5.5m devices per day joining the consumer IoT
from 2016 onward.

IoT Skeptics and the Role of Security Issues

Not everyone in the industry however shares the common belief of the massive
potential of the IoT. There are some in the industry that are becoming more skep-
tical as the years roll on and are even challenging how realistic even the conserva-
tive figures are. Remember, the IoT has been around since 2000 – actually a bit
earlier – but has been hyped aggressively since 2010 and that is being generous.
Gartner has had IoT on the peak of hype for several years now. Others agree the
hype is at its peak, but that issues over lax security, concerns over privacy and
loss of consumer trust will inhibit growth. There is also the mess of incompatible
technologies and incomprehensible protocols that will also ensure consumers
stay away. Many of the skeptics’ claim the market will tumble down Gartner’s
trough of disenchantment, and will never reach anything like the implementa-
tion and financial forecasts, while others are slightly more optimistic believing in
a much longer timeframe for adoption.
 The Internet of No-thing | 7

The skeptics do have a point; for even if we accept the lower forecasts of 20
billion IoT devices, installed and networked by 2020, this would require a tremen-
dous amount of spending and installation effort over the coming years. Further-
more, what areas will see the greatest adoption and deployment? Recent surveys
indicate that it will not be in the consumer IoT environment, which is contrary to
much of the market’s belief. Will it be in the enterprise, commercial or the indus-
trial ecosystems?
The industrial IoT is the obvious area of adoption as it has had M2M for dec-
ades and the IoT conceptually at least is merely a slight evolution. Indeed, many
engineers in operational technology mock the term IoT as being nothing more
than the M2M (with hype) as they have worked with this technology under a dif-
ferent name for decades. From a security perspective, this is actually good news,
because it means that at least one major sector of the IoT domain has the potential
risk well-in-hand.

The Internet of No-thing

Some doubters will claim that most of the industry generated forecasts are
based on mere speculation, are unrealistic, or are inclusive of the already vast
number of existing sensors and devices installed in enterprise, commerce and
industry. The term ‘Internet of No-things’ arises from the more challenging ob-
servations of recent survey results. After all, where is the demand for this popu-
lar disruptive technology in the consumer market?
Take a look around; in 2016 Gartner predicted – at the lower end of the scale
– there would be 6.4 billion consumer devices installed and how many people do
you know have smart devices in their home? Those that challenge the IoT fore-
casts and the popular surveys which paint a healthy IoT future believe that the
vast majority of devices are indeed installed and active but they are in the indus-
trial IoT and not the consumer environment, and hence the term, the ‘Internet of
No-thing’ when addressing consumer IoT. Your new car, your new refrigerator,
and a wide range of consumer devices have devices embedded that you likely do
not even know about that add significantly to the existing and projected num-
bers. In these cases, the consumer may or may not be unaware of a price differ-
ential as a result of these technologies.
Supporting this assumption is a Deloitte poll that revealed a significant issue.
It appears the public considers the IoT to be a catchall term used to describe any
number of household appliances and personal devices, from cars to fridges,
which connect to the Internet and can talk to each other. However, despite con-
sumers saying they like the idea, the survey of more than 4,000 found high prices
8 | Chapter 1 – The Consumer Internet of Things

and skepticism prevailed over their initial desire for life- changing products. As
far as the majority was concerned, they were not ready to buy as they doubted
whether the technology had advanced enough, and that is preventing the IoT
from really taking off.
Seven in ten shoppers told Deloitte they would not be buying any connected
devices over the next twelve months and the only kinds of connected products
owned by more than one in thirty households were smart TVs, entertainment sys-
tems and games consoles, although they discounted smartphones.
Just three percent of people had a connected security system, the same num-
ber as owned a smart thermostat. Only two percent had any form of home appli-
ance, such as a fridge, cooker or kettle that connected to the Internet. However,
in a more upbeat sign of the IoT potential, 40 percent of consumers responded
that they would consider buying a smart device when they come to upgrading
their current appliances.
The IoT would not be itself without another example of its inherent contra-
diction and paradox. Gartner’s surveys in 2016 supports a contradiction to the
theory of the Internet of Nothing, in recent polls among others, the results did
suggest that the IoT had reached a tipping point in public acceptance. For just
over 35% of the respondents claimed to have bought an IoT device in the last year
(2015), which equates to just over 1/3rd of the population, and 70% – which is over
2/3rds – intended to buy an IoT device within the next 12 months (2016- 2017) so
at least the future looks bright.

Where are these IoT devices?

The mystery of this contradiction between public interest and lack of devices may
actually be due to the way that different parties categorize IoT devices. After all,
the figures could include the existing consumer products that they already own,
such as smartphones, iPods, TVs, entertainment systems and game players such
as X-Box and Play Station amongst others. However, these products were pur-
chased several years ago before there was such a classification as the IoT, and
well before the hype had people thinking of them as such. This is an important
point. People buy products and generally not technologies; adding features to
products has always been the edge that turns markets and the markets adapt
quickly to change.
A possible reason for the lack of enthusiasm is that some IoT devices are hid-
ing in plain view, take these Amazon tags for instance for ordering washing pow-
der and other household consumables; these small consumer tags, for automated
one touch re-ordering are easily overlooked, and as they insidiously invade our
 The Media and Marketing Hype | 9

homes, could well go unnoticed. One product that would skew results signifi-
cantly in any poll is the classification of the smartphone.

Why the ambiguity in IoT uptake?

If a smartphone is classified as a consumer IoT device, which in some surveys it
clearly is, then of course this will skew results – similarly if we include people.
However, many people if asked, ‘do you own an IoT device?’ may not consider
themselves or their smartphone to be IoT. Therefore, some analysts have a tighter
definition of an IoT device that may not include smartphones, humans, dogs or
cows – and that would certainly move the figures in the other direction. Hence
the massive ambiguity with regards the poll results related to IoT uptake and pop-
ular adoption.
An interesting note on the smartphone IoT debate is that there are several
projects dedicated to turning your smartphone into an IoT device – if it isn’t one
already. These projects, such as Phonvert are taking advantage of the huge num-
ber of still capable smartphones, which are perhaps only two years old, that get
discarded each year. These devices still have all their working sensors, like the
camera, microphone, accelerometers, touch screens, Bluetooth radio and it
seems such a waste to have them end up on a landfill site. Instead of throwing
them away – Phonvert suggests 280 million smartphones were retired in 2015
alone without being recycled – why not turn them into IoT devices, such as a
fridge cam, baby monitor, or a Bluetooth/Wi-Fi gateway and they supply the
open-source software to enable this. Another bonus is that smartphones were de-
signed with security in mind and that is not something that can be said of most
consumer IoT products.

The Media and Marketing Hype

The media are extremely good at advertising and presenting new products to con-
sumers through the TV and through other marketing channels such as Google
and Facebook targeted advertising, it is how they make profit. The goal is to cre-
ate a demand from customers who decide that they need these products, and to
satisfy this projected appetite, vendors will pay to publicize their products. There-
fore, adverts are awash over all media channels delivering the message of the
potential capabilities of connected fridges, toasters or the smart kettle and how
these will transform the purchaser’s life-style.
10 | Chapter 1 – The Consumer Internet of Things

Before the consumer leaps in though, they might be wise to look under the
bonnet to see what they are actually purchasing. A risk assessment and cost/ben-
efit examination of the consumer ecosystem would be advantageous. What is the
IoT actually delivering as a benefit to the consumer that is worth them spending
their hard-earned money?
Customer’s do cost/benefit and risk assessments even though they might
know it. Yes, they will not know the terms, but they do know the process. For
example, when they purchase a Wi-Fi router they will almost certainly have been
informed about the security issues. The threat is obvious, yet they will decide to
implement or not bother with encryption or authentication. Why is that?
What tends to happen is that consumers do actually go through risk assess-
ment and cost/benefit analysis, in that they use their experience, and history to
evaluate the risk. For example, did having an open Wi-Fi or unauthenticated net-
work connection actually cause them visible harm? They may well have listened
to their technical friends and secured the Wi-Fi only to have found it a pain when
hosting guests to a barbecue to go around and configure everyone’s phone. In-
stead, they just switched of authentication and everyone was happy. After all,
how many people can claim to be hacked and that attack rendered actual harm?
This is of course not saying that they were not hacked, they most likely were, but
it just wasn’t harmful and the exploit invisible to them.
They may well be the most productive and virulent zombie within a botnet,
but it is transparent to them. Furthermore, the fact they are a prized zombie (sol-
dier) within that botnet may well be beneficial, as the botnet controller will make
efforts to protect their asset. For example, a malicious piece of malware doesn’t
need to be harmful to the host; indeed, it can be beneficial to the host. It can be
parasitic but also symbiotic, as the controller of the botnet will protect his assets
from other Internet predators – the device will host the malware and the malware
will do the host no harm, even protect it from other dangers.
This ambiguity with IoT security and value is where the marketing of di- verse
IoT products really does become an issue. There appears to be large amounts of
popular media hype, both positive and increasingly negative, that are throwing
out contradictory messages. The positive hype of course is required to create a
market, which enthuses the public, but it does contrast with a lack of fresh, im-
aginative and exciting products. This is noticeable in particular with consumer
IoT when it comes to selling the idea of the automated smart home to the cus-
tomer. It actually is disappointing to read or listen to presentation after presenta-
tion selling the concept of consumer IoT as being limited to a smart thermostat or
a smart fridge. So why do manufacturers and their marketing teams never come
 There be Monsters | 11

up with more enthusing examples of the consumer IoT, rather than smart fridges,
toasters and washing machines?

Lack of Killer Applications

The reality is that within the consumer IoT ecosystem there currently are no killer
applications – as interconnected services that provide value – except for the
smart home. Unfortunately, the smart home is currently a muddled mess of in-
compatible protocols, non-existent standards and competing immature control-
lers or middleware technologies attempting to cobble things together. The fact
that even technologists find the architectures incomprehensible does not provide
a reasonable and powerful use case to the public.
Let’s face it, cobbling together a plethora of devices, using diverse wireless
protocols, will require a non-standard or open source controller or an abundance
of physical gateways to bind them all together and that is highly unattractive. An
example of the current state of the consumer IoT in the home is the requirement
for a hub or gateway for just about every appliance. This device (hub) is actually
a protocol translator and aggregator, and this device is currently a requirement
as it allows all the different manufacturers’ devices to at least connect – albeit not
communicate.
Some hubs have several inbuilt antennae or physical interfaces to support an
array of radio or wired protocols, for example, Sigsbee, Bluetooth, 802.15.4,
Ethernet, Wi-Fi, Z-Wave and Thread.
Now, Wink does this, and this is great for a technologist and an attacker, but
for the average consumer this is just confusing. To this extent, just being able to
install the devices is going to be such an onerous experience that it is debatable
whether the security of the devices will play a part in tempering the consumers’
appetite for smart goods. They will be just thankful that they were able to get the
device to work at all. After all, there is a disconnect somewhere between the pub-
lics’ perception of IoT security and the manufacturers.

There be Monsters
In a survey in March 2016, 66% of IT professionals stated that security concerns
were the main barrier to them embracing IoT in the enterprise – now this is a
theater where they are adept at securing diverse technologies, certainly since the
adoption of BYOD – although it is getting more difficult. However, when consum-
ers responded in similar market surveys held around the same time, over 70%
12 | Chapter 1 – The Consumer Internet of Things

said they planned to buy an IoT device during the next year. But, why are con-
sumers so ready to walk where IT professionals fear to tread?
If we cast aside skepticism for a minute and accept there are scenarios where
a diverse range of IoT devices that intercommunicate and are interconnected via
an intelligent IoT hub in the home can be wonderful … well the potential is in-
credible, so let’s think …

Buying Secure IoT Devices?

One of the problems with the IoT is its vast scale of products, manufacturers and
utility, therefore marketers cannot seem to get to grips with how to hone in on
benefits for the consumer. Here are a few typical examples of IoT use cases that
manufacturers or marketing houses push out to the public in order to sell the
concepts and benefits of the IoT lifestyle… and they leave a lot to be desired.
1. A connected fridge – A standard fridge with added Internet and computer
components which can alert the consumer to the current status of every prod-
uct that might need replenishing and suggest or automatically make a reor-
der – It is little wonder that IoT is not proving to be disruptive to the consumer
if marketing believes this to be a major benefit to the average consumer. Is
this not just using technology for the sake of it? Why not just open the door?
After all, for this to work every product would have to be fit- ted with a RFID
tag that was capable of determining the best-before-date of the product, its
current status and the usage rate of the product over a given number of days.
What is more, the fridge is going to have to learn over an extended period of
time the household’s consumption rates for each product, which of course,
could well vary depending whether it is a weekday or the weekend. In this
basic scenario, there is plenty of data that the fridge will be required to trans-
mit to the cloud in order to analyze the product quantities and the consum-
ers’ behavioral patterns. This data analysis is required to correlate patterns
and forge workable knowledge that is function- al in making predictive or-
dering possible.
However, over time, the fridge’s cloud application could collect suffi-
cient data to infer far more about the household than they might be particu-
larly comfortable with. Especially, if the data collected was sold on to third-
party marketing houses in order to target product advertising. Even if the
data was not sold on, it still might be intercepted and provide an embarrass-
ing loss of privacy, because many life-style issues can be inferred from the
accumulation of eating and drinking consumption data. An example is if
someone had an eating or drinking disorder. Furthermore, many medicines
 Buying Secure IoT Devices? | 13

are stored under refrigeration conditions and the consumer may not want
that information leaked out with the confines of the home. However, in more
complex scenarios where the fridge is learning the eating and drinking pat-
terns of each specific householder, in identifying an individual, then secur-
ing the data would be essential. As any data leakage, from a home that was
not anonymized could be a major privacy issue. Lastly, as the fridge, most
likely will have an embedded OS and computer components, it will be neces-
sary to protect the appliance just like any other computer on the home net-
work. This would mean at least protecting the fridge with AV software and
firewalls to prevent, as in one notorious case, the appliance becoming a
member of a botnet sending out spam emails.
2. Smart lights – This product is actually very popular despite the fact that a
smart bulb is approximately twenty times the cost of an ordinary light bulb
yet it is one of the success stories of the smart home scenario. It is simply an
expensive light bulb that changes its hue and intensity depending on control
from a smartphone app or going on the occupant’s past historic usage and
somehow inexplicably the occupant’s mood. Now how does that work if sev-
eral people are in the room? Are the bulbs going to start flashing during a
dispute and aggravate the situation?
Although, if the smart bulb can interface with a presence detector, it can
also switch on or off depending on when someone enters or leaves a room,
therefore, it could be an energy saving device. However, smart light bulbs,
despite being one of the poster-products of the smart home, have checkered
security.
3. Bluetooth door lock – This is another technology for the sake of it. A device
that has the capability to recognize an occupants approach and automati-
cally open the lock. How is this security improvement over a standard lock?
The dangers with using radio frequencies to control sensitive devices are that
they are very susceptible to frequency jamming. Bluetooth uses adaptively
frequency-hops over 79 channels, which makes it less susceptible to this
threat than other wireless technologies. However, it is still vulnerable to
some commercially available wireless jammers and importantly, Blue- tooth
eaves dropping tools. In addition, security analysts have exploited several
makes of commercial Bluetooth locks using proven field exploits. There will
be more about this later.
4. Smart thermostats – There is also the home thermostat, which learns the
occupant’s environmental preferences and can adjust temperatures
throughout the house in order to make the habitat pleasant and save costs
and energy. This is a good use of inter-connected devices if they could only
14 | Chapter 1 – The Consumer Internet of Things

get them to work; as it is both sensible and based on sound energy and cost
saving principles. One of the issues is that programmable thermostats can
actually increase energy bills if deployed in an old building. The smart
home is the best example of diverse sensors and actuators inter-connecting,
communicating and co-operating through a controller, or a hub as they are
more commonly called, in order to produce a holistic lifestyle experience.
However, as there are so many diverse technologies and protocols typically
deployed in a smart home solution, it is also the most difficult to secure due
to the many diverse threat points.
5. Smart TV – A networked connected TV that connects to the Internet is an in-
teresting idea that utilizes the capabilities of the TV to harness the additional
functionality of the PC. However, by transforming a TV into an Inter- net-con-
nected computer, it is also opening it up to all the same vulnerabilities and
possible exploits. However, if the TV is similar to the other home network
devices placed behind a router using a network address translation, it will be
protected from the external threats out on the Internet. The configuration
flaw that many home Internet connected devices have is that they actually
allow incoming connection by default when they have no requirement to re-
ceive incoming connections. Outgoing connections are handled securely via
NAT. If or when the device requires check-in to a cloud server to look for any
firmware updates, it can do this from an internally initiated outbound con-
nection to a manufacturer’s cloud server. This might mean that a connection
URL is hardcoded into the firmware and that can be a security risk. But as
long as any local DNS servers are identified and secured and the home net-
work is secure, this is not a major issue. However, to mitigate the rogue DNS
threat there should be anti-virus and anti-malware software activated, up to
date, and running across all capable devices on the network. Firmware at-
tacks and hard coding are discussed later.
6. Smart garage door – These devices recognize the occupant’s car approaching
and opens the door but this requires inter-connectivity between the car and
the garage door – in this use case there has to be some method of securely
exchanging the identities of the car and lock mechanism to ensure proper
authentication takes place before the garage door is opened. This could be by
using low power radio protocols such as Z-wave, Bluetooth or ZigBee depend-
ing on the effective range required, but again this is not revolutionary but just
as insecure. Worse, many garage doors have fixed frequencies that they op-
erate on and can easily be hacked just by playing a sequence of frequency
combinations. This is discussed later
Discovering Diverse Content Through
Random Scribd Documents
 Hyvä, niinkuin kuutamolla kuljeskellessamme,
Ompi toivo, sielun valo, vaelluksessamme;
Pois, pois epäillys
Erhetyksen yöstä;
Pois, pois pimeys
Tunnosta ja työstä!

Kyllä kalma ennustaapi, ettäs olet multa,

Että kaikki katoaapi, kauneus ja kulta;
Pois, pois kuitenkin
Kuollon pelko peitä;
Pois, pois pikemmin
Murhe musta heitä!

Missä lienee muuttumata olo maamme päällä?

Tyytyväisyys ompi vasta onnen täyte täällä;
Pois, pois viipyköön
Murhe-päivä meiltä;
Pois, pois pysyköön
Itku ilon teiltä!

J. Juteini
ANNI

Kulkeissani vainiolla
Kuulin Annin laulavan,
Kuulin kuuset takalolla,
Kalliotkin kaikuvan:
Tulan, tulan, tee. :,:

Suksutellen mehu miellä

Annin kumppaniksi jäin,
Sanoen: kah, "laula vielä"!
Ja se armas laulo näin:
Tulan, tulan, tee. :,:

Niin hän lauloi hymy-huulin,

Sima-silmin, sulo-suin,
Hiljaa hengiten ma kuulin;
Enkä muista muuta kuin:
Tulan, tulan, tee. :,:

Taivas leimahti ja loisti.

Kuin hän istui vieressäin;
Suuta pyysin: "toisti, toisti!"
Wastas hän ja lauloi näin:
Tulan, tulan, tee. :,:

Wapaus on rinnastani,
Rauha, riemu rientänyt,
Yöt ja päivät korvissani
Soittaa sama ääni nyt:
Tulan, tulan, tee. :,:

Kallio
IKÄWÖITSIÄ

Nuotti "Jag kommer ifrån Nobis, jag" etc.

Woi kuinka mailma kolkka on,

Ja toivo valoton ja musta,
Se pieni sydän, levoton,
Ei löydä mistään huvitusta.

Sen yksin hauska huvitus

Ei täällä muu, kun sinä, ollut;
Nyt olet pois, ja kaipaus
On hauskuuteni siaan tullut.

Ja vaikkas kauvas minusta

Pois taisit ijäisesti mennä,
Ei luovu sydän sinusta,
Et poiskan sinä siittä lennä.

Jos miinkä ties sun johdattaa,

Jos poiskin haudan tuolle puolen,
Ja sua en täällä nähdä saa,
Saan sitte kumminkin kun kuolen.
 Ja vaikka tähti viimmenen
Sun uusi kotos olis siellä,
On matka hauska, lyhkönen,
Ja toivo kumppanina tiellä.

J. F. Granlund

[Ensikerran painettu 1856.]

KANTELEEN SOITTAJA.

Lännen ruskokukkasiin nyt

päivä kirkas nukkuu,
Lintu-parven vihertäissä
käki puussa kukkuu.

Lahti laski levollensa,

eikä värähdäkkään,
Eikä edes haavan-lehti
puussa välähdäkkään.

Metsä vastaa iloisesti

kanteleeni ääneen,
Sinne sanoi kanteleeni
huokaukset jääneen.

Nouse länsi-tuulinen ja
perhosena lennä,
Ett'ei kanteleeni suru
metsään saisi mennä.

Lennätä se kullalleni,
kauvas metsän taahan,
Yli suon ja yli järven,
toiseen taka-maahan!

Kuiskuta se hiljaa hälle

terveisiksi multa,
Että tulis iloiseksi
surevainen kulta!

Soi nyt kulta kanteleeni,

kohta tuuli herää,
Soi! ja sitte polvilleni
nuku täksi erää!

J. F. Granlund

[Ensikerran painettu 1848.]

INGEBORIN WALITUS

(Ruotsinkielisestä)

Syksy nyt on,

Taas meri kuohuva myrskystä on.
Ah, joka pääsis nyt sentään
Lainneille lentään.

Kaukana nä'in
Purjehen, lennossa läntehen päin.
Hauska on seurata vielä
Friitjoa siellä!

Lainneinen, so'!
Hiljastu! rientää se muutonkin jo.
Loistakaa tähtiset noille
Purjehtijoille.

Sitte kun tuo

Taas kevä kotio hänen, niin mua
Ei näe silmänsä tässä,
Rantoja lässä.
 Siks mun saa,
Rakkaudestani, tuonelan maa;
Taikka jos vieläkin hivun
Waivoissa kivun.

Haukka, hän sun

Juuri niin orvoksi jätti, kun mun;
Mutta en päästäkkän sentään
Pois sua lentään.

Muotoses saan
Neulojen liinasen kulmalle vaan:
Siiviss' on hopia multa,
Warpaiksi kulta.

Haukalta sai
Frejakin siivet, ja niillä hän kai
Lenteli lystinsä vuoksi
Kultansa luoksi.

Siipes, jos saan,

Niin mua eivät ne kannata, vaan
Kuolema minulle antaa
Siivet, kun kantaa.

Haukkanen so'!
Katsos nyt kanssani lainneille, jo!
Ah, mutta eipä nyt vielä
Näy häntä siellä.

Kuolluna mun
Löytää hän vissiin, ja hengissä sun.
Terveiset saa sitte sulta
Itkevä kulta.

J. F. Granlund

[Ensikerran painettu v. 1845 sanomiin "Åbo Tidningar" n:o 83.]

RAKKAUS

Wienan reunall’ koivun alta

Kuulu soitto kaunihin
Aurinkoisen taivahalta
Waipuessa aaltoihin.

Siellä istu ihanainen

Neitsy kanteleinensa,
Sulhoansa surevainen
Muilla mailla kaukana.

Ilakoiten ilta-henki
Ulpukoita uittelee,
Nukkuvaisen kukkasenki
Hieno-huulet suutelee.

Näitä neitsy niiskutellen

Kyynel-silmin katselee,
Wirran vienon pyörtehellen
Suru-suulla soittelee:

"Suotta (laine läikkyväinen,

Turha vetten vierimä)
Aik' on raukan rientäväinen,
Yksinäisen yljätä.

Koska saanen sylissäni

Suositella sulhoaan'?
Ikävissä itkeväni
Tietäneekö ollenkaan?

Uskollinen olevansa
Wanno varsin kuolemaan;
Eipä liene armastansa
Häntä saatu unhottaan.

Kukostus on tärkki liljan,

Surkastuu jo muotoni.
Kultan' kurja! Ah, jos hiljan
Tulet, löydät hautani".

Niin hän laulo, levollensa

Luonnotarten mennessä,
Katosi jo laulunensa
Leivonen, lintu kielevä.

Hiljasesti kyhkyläinen
Kumppaninsa kyljessä.
Laulurastas yksinäinen
Kuultelee hän tyttöä.

Yö jo maita peitteleepi
Warjohonsa; uupuva
Ääni viimein vaikeneepi
Walittava rannalta.
 Sinne aina iltasella
Palas nuori neitonen,
Siellä tahto odotella
Tulemista sulhasen.

Kuulu kerran ääni tuttu,

Tuli viimen viipynyt:
Ihanaksi mailma muuttu,
Katos kaikki tuska nyt.

Soi nyt harppu heljimmästi

Sanat, sulhon tultua,
Laula lintu lempiästi
Raiku metsä rannalla!

Tanssi kukka kauno-päinen,

hieno-helma heiluva,
Liehu lehti löyhyväinen
Leikki lumme lahdella!

Sulhasensa sai jo nainen,

Kyllä kauvan kaivatun;
Aika armas alkavainen
On nyt kanssa kihlatun.

Wiipymättä vihkiääpi
Rakkaus he rauhassa,
Suosiolla säilyttääpi.
Onnen oivan runsasna.

A. Warelius
NEITON KUOLLO

Neitto itki itseksensä

Pienen virran rannalla:
Kuuli soiton sulhasensa
Tuolla vuoren reunalla.

Kanteleinen kajahteli
Sulhasensa ilossa;
Neiton silmät tipahteli
Wettä kuumaa huolissa.

Mikä se niin neiton jätti

Ikävässä huolemaan?
Ystävänsä hänen petti,
Saattoi suruss' kuolemaan.

Itku-silmin neito näki,

Kuinka leivo kielevä,
Kumppaninsa iloo teki,
Onnestansa laulava.

Sillon suru surmallansa

Neiton rintaa runtelee,
Kuin hän kuulee korvillansa
Ystävänsä kanteleen.

"Sulje, virta, kyyneleeni,

Sulje, virta, silmäni,
Sinä olet ystäväni,
Koska hyljäs kultani".

Sinne vaipui virran ala

Neitonen se kaunihin;
Leivo laulull’ surkialla
Neiton saatti aaltoihin.
WILHELMI JA EMMA

Nuotti: "Liset en envis flicka var" etc.

Sen ihanaisen Emman saan

Nyt nähdä, suloisimman,
Jo nääntyvänä murheissaan,
Sen kaikkein kaunihimman.

Hän uskotulleen uhrasi

Suloisen sydämensä;
Sen pettäjälle tuhlaisi,
Nyt itkee, itseksensä:

"Ja vaikkas olet tunnoton,

O Wilhelmini mulle,
Niin sydämeni sentään on
Kuin liekki lämmin sulle.

"Nyt kyllä kärsii murheissaan

Sun Emmas elämäänsä;
Ja turvatonna tuskissaan
Hän itkee ikäväänsä.
 "Kyll' lupasitkin lujasti
Mull' uskollinen olla,
Ja vannoit, varsin vahvasti;
Se kuullaan tuomiolla.

"Nyt raskas kulkea on tie,

Kun tylyytes on vaivan',
Se, murheella, mun hautaan vie
Juur' ankarasti aivan.

"Jo kaikki mustaks' muuttuvat

Silmissän sumeheksi,
Kuin kuultelen, niin huutavat
Mua mullan morsiameksi.

"Jo Engeleitä, joukottain

Nyt yltä ympärillän',
Jo tuhansin ja sadottain,
Nyt saavat nähdä silmän."

Jo kellot kauniis kuuluupi,

Nyt soivat, surusesti,
Et Emman maja muuttuupi
Juur' hautaan, hiljaisesti.

Kun kukkanen hän lankesi,

Myrskyltä murrettunna,
Ja rakkahana raukesi,
Kaikilta kaivattuna.

Taas Wilhelmi se kirkolle

Kulkeepi toisen kanssa,
Hän viepi sinne vihille
Sen väärän morsiamensa.

Waan paari-puitten päällä nyt

On arkku auastuna,
Siin' kaunis Emma, kylmennyt,
On muodost' muuttununna.

Täss' Wilhelmi nyt seisahtui,

Ei mennyt edemmäksi;
Kun koko mailma jo mustettui,
Silmissään pimiäksi.

Hän tunsi tuskan tunkevan,

Ja putos polvillensa;
Niin Wille nähtiin lankeevan,
Kumarten, kasvoillensa.

Ei suulla saata sanoa

Sen Willen vaikeutta;
Ei taida kieli puhua
Sen suurta surkeutta.

Nyt huuto kuului haikia –

Hän vaivoissansa vaipui;
Näin loppui vaiva vaikia,
Hän paarten päälle taipui.

Niin Wille hengen hinnalla

Sai petingosta laata,
Ja Emma Willen rinnalla
Ijäistä unta maata.
PETETTY NEITO

Kukka kasvoi kaunokainen

Kesä-nurmen pinnalla,
Toivon taimi ihanainen
Siskojensa rinnalla.

Keviästi kevä-tuuli
Sai sen latvan häilymään,
Waikka aina kukka luuli
Ruusujensa säilyvän.

Soimas aina siskojansa,

Ylpeili hän itsestään,
Kääntänyt ei niskojansa
Koskaan heitä näkemään.

Niin hän kasvoi kaunihisti,

Kasvoi kesän kaunihin;
Mutta mato myrkyn pisti
Kukka-ruusun juurihin.

Walkeni sen kaunis varsi,

Lakastui se kukkanen.
Ylpeys näin kaikki karsi,
Kuule, neito rukkanen!

J. G. D–n
IDA JA FRANS ALFRED

Nuotti: "Mossbelupen hydda" etc.

Sammaltunut kota,
Heklan juuressa,
Waston tuulten sotaa
Puiten suojassa;
Murhe vielä
Kaipaa siellä
Kukkaa, myrskyn kaatamaa,
Idaa, jonk' on vielä
Risti haudalla.

Muille maille meni

Fransi sotimaan.
Ah mun sydämeni,
Huokas Ida vaan:
Koska kuulen
Tuiman tuulen
Meren kuohuun nostavan,
Silloin Fransin luulen
Jällen tulevan.
 Ida kolme vuotta
Itkein odottaa
Fransiansa suotta,
Tunsi aivan
Suuren vaivan,
Isältään sen salasi;
Ikävöityn laivan
Nähdä halasi.

Kuiva niin kuin kukka

Syksyn tullessa,
Kaunis Ida rukka
Syväss' murheessa.
Tuska, vaiva
Sydänt' kaivaa,
Kuin ei tullut takasi
Fransi ja se laiva,
Jota kaipasi.

Tytärtänsä suree
Wanha vaikiast’,
Tauti häntä puree
Yltä haikiast’.
Ida kuule!
Älä luule
Fransis menneen tuonelaan;
Häntä kohta sulle
Lähden noutamaan.

Ida meni rantaan

Aina tuskissaan
Fransin nimet santaan
Kirjottelemaan
Päivä-kaudet,
Ehtoo-kaudet,
Kuutamoilla yksistään,
Sinne vuosi-kaudet
Meni itkemään.

Kova raju ilma

Nousee merellä,
Mustenee mailma
Maalla, vedellä;
Laivat hajoo,
Moni vajoo
Tuulen tuiman käsissä,
Harvat, jotka kajoo
Maata hengissä.

Idan vanha Isä

Kuolin-vuoteellaan,
Idan tuskaa lisää
Hälle sanoissaan:
"Kaikki muuttuu,
Ilo puuttuu,
Aikani on loppunut,
Fransi sulle suuttuu
Sinust’ luopunut".

Sitte Idan kättä

Siunain pusertaa,
Hyvästi sen jättää.
Kuollo musertaa
Isän itte,
Idan sitte,
Yhtähaavaa kummankin;
Rauhan, levon sitte
Saivat kumpikin.
KULTAANSA IKÄWÖITSEWÄ

(Kansan-laulu)

Tuoll' on mun kultani, ain' yhä tuolla,

Kuninkaan kultasen kartanon puolla;
Woi minun lintuni, voi minun kultani,
Kuin et tule jo!

On siellä tyttöjä, on komioita,

Kultani silmät ei katsele noita;
Woi minun lintuni, voi minun kultani,
Kuin et tule jo!

Kauniit on kukkaset, kaunis kevä-aamu,

Kauniimmat kultani silmät ja haamu;
Woi minun lintuni, voi minun kultani,
Kuin et tule jo!

Linnut ne laulavat sorjalla suulla,

Sorjampi kultani ääni on kuulla;
Woi minun lintuni, voi minun kultani,
Kuin et tule jo!
 On mesi-leipäkin kyllä makoista,
Kultani huulet ja suu ovat toista;
Woi minun lintuni, voi minun kultani,
Kuin et tule jo!

Woi koska koittaa se riemuinen päivä,

Jollon on kultani viereeni käyvä!
Woi minun lintuni, voi minun kultani,
Kuin et tule jo!

Riennä jo, kultani pois koto-puoleen,

Nyt ikävään menehynkin ja huoleen;
Woi minun lintuni, voi minun kultani,
Kuin et tule jo!
KREIWIN SYLISSÄ ISTUNUT

(Kansan-laulu)

Minä seisoin korkialla vuorella,

Wihriäisessä laksossa;
Sieltä näin minä laivan lainneilla purjeissa,
Kolme kreiviä laivalla.

Ja he laskivat laivansa rannalle,

Maalle riensivät astumaan;
Ja se nuorempi kreiveistä kaikista
Tuli minua kihlaamaan.

Sitte otti hän sormuksen sormestaan,

Nätin hohtavan kultasen.
"Katsos nyt, minun piikani ihana,
Sinä saat tämän sormuksen."

"Minä ouoilta en ota sormusta;

Sitä kielsi mun äitini". –
"Ota pois, pane sormus sormeesi,
Sitä ei näe äitisi!"
 "Mihin kätkenen nyt tämän sormuksen,
Ettei minun äitini näe!"
"Sano: laksossa, tuolla kuin kävelin,
Olen löytänyt sormuksen".

"Älä valhetta mua pyydä puhumaan,

Kyllä äitin' sen ymmärtää;
Mun on paljo parempi sanoa:
Kreivin sylissä istuin mä."

Lämmin ilta se oli ja ihana,

Linnut kilvassa lauloivat,
Keto allansa kaunis ja vihanta,
Kukat kedolla kasvoivat.

Tyttö istui nyt kreivinsä sylissä,

Moni muistuipi mielehen;
Päivä laski, ja yö oli joutunut,
Kreivin nukkui hän vierehen.

Mutta aamulla, koska hän heräsi,

Huomas' itsensä yksinään;
Laiva pois oli lähtenyt rannalta,
Pojes kreivikin vierestään.

"Woi nyt, voi mua vaivasta piikaa, voi!

Kuinka onneton ollenen;
Ota pois meri, vie tämä sormuskin,
Mitä sillä nyt enää teen."

"Minä nyt näen sen, ehkä myöhäänkin,

Että muita hän rakasti,
Minun jätti hän surussa itkemään;
Ja mun viekkaasti vietteli."
KULTANI KUKKUU KAUKANA

(Kansan-laulu)

Kultani kukkuu, kaukana kukkuu,

Saiman rannalla ruikuttaa;
Ei ole Ruuhta rannalla,
Joka minun kultani kannattaa.

Ikävä on aika, päivät on pitkät,

Surutont' en hetkee muistakkaan;
Woi mikä lienee tullutkaan,
Kuin ei jo mun kultaani kuulukkaan!

Toivon riemu ja autuuden aika

Suruani harvon lievittää;
Rintani on kuin järven jää –
Kukapa sen viimenkin lämmittää?

Kotka se lenteli taivaan alla,

Suorsa se souteli aalloilla;
Kulta on Saiman rannalla.
Lähteä se ei tohdi tuulelta.
Welcome to our website – the ideal destination for book lovers and
knowledge seekers. With a mission to inspire endlessly, we offer a
vast collection of books, ranging from classic literary works to
specialized publications, self-development books, and children's
literature. Each book is a new journey of discovery, expanding
knowledge and enriching the soul of the reade

Our website is not just a platform for buying books, but a bridge
connecting readers to the timeless values of culture and wisdom. With
an elegant, user-friendly interface and an intelligent search system,
we are committed to providing a quick and convenient shopping
experience. Additionally, our special promotions and home delivery
services ensure that you save time and fully enjoy the joy of reading.

Let us accompany you on the journey of exploring knowledge and

personal growth!

textbookfull.com