I'm completely in favor of charging an incompetence tax on IoT systems, in the absence of regulation. And yet, there are a thousand customers who will be replacing their now-scrap HVAC and...
I'm completely in favor of charging an incompetence tax on IoT systems, in the absence of regulation.
And yet, there are a thousand customers who will be replacing their now-scrap HVAC and lighting controllers...
IMHO, it's stupid to design IoT devices that communicate directly over the internet. That's the huge gaping security hole in the smart home concept. Ideally IoT devices don't even have WiFi,...
IMHO, it's stupid to design IoT devices that communicate directly over the internet. That's the huge gaping security hole in the smart home concept. Ideally IoT devices don't even have WiFi, opting for other short-range wireless communication systems like 802.15.4-based systems or even Bluetooth PAN.
My personal dream scenario is that there is a universally adopted open standard for IoT gateways so that the individual devices don't ever have direct access to the internet, instead relying on the gateway for any internet services the user may require. That means only one vector of attack, and only one device that needs to be maintained for security.
Your "gateway" device has the potential to be problematic in itself - you're still going to have exposed vulnerable firmware and authentication methods. The problems with unguarded Internet access...
Your "gateway" device has the potential to be problematic in itself - you're still going to have exposed vulnerable firmware and authentication methods. The problems with unguarded Internet access are mainly addressable with appropriate firewall rules (specified communication endpoints and zones) if we're talking about commercial environments.
Home devices are a bigger problem. Even if they only connect to a managed vendor network, that usually means paying a subscription, as well as the risk that your vendor will misuse your data or go out of business (potentially turning over the keys to your device to a less trusted party). But really, my dryer and thermostat work just fine with WiFi turned off; if they ever need updates, I can enable the connection exactly long enough to update and disable again. I'm not utilizing their ability to collect data or operate remotely. My household threat model isn't such that I expect someone to have automated an attack on my dryer, just lurking in wait for that brief vulnerability.
It's authentication which remains a problem; most industrial control and household systems still don't have modern threat models in mind. Stuxnet proved that any unauthenticated system access, even in theoretically air-gapped environments, can be used to do harm. As far as I'm concerned, it should take 2FA to do anything persistent to these devices.
Oh yes, it's absolutely still problematic. I wasn't offering a complete solution in the first place. The reason why I wanted everything to go through a gateway was not to eliminate the problem,...
Oh yes, it's absolutely still problematic. I wasn't offering a complete solution in the first place. The reason why I wanted everything to go through a gateway was not to eliminate the problem, but to minimize it. While it is possible to set up your average home router with some security measures, few people will actually will implement them. Another problem is that the average consumer does not know if their router is still supported by it's manufacturer, let alone if it is completely secure. Advertising a gateway as a security device would at the very least make the consumer aware that it's an issue. And since my idea is in a perfect world, it would have mechanisms in place to stop working (or at least alert the user) if support for the device ends.
I think @eva posted some content that touches on both of our positions here: https://tildes.net/~tech/9ct/yes_your_refrigerator_is_trying_to_kill_you_2014_oscon_talk In my ideal world, IoT devices...
In my ideal world, IoT devices would never die until they become physically inoperable beyond repair. A 5-year (optimistic) software EOL on a refrigerator with a 20-year functional life is unconscionable. The compute component should be completely modular if it's not otherwise indefinitely upgradeable.
I could see a system built around line-of-sight IR, like the Harmony A-V/smart home remotes, that provides the control/upgrade interface without an always-on radio-frequency (WiFi, Bluetooth) connection. Nonetheless, I still want secure authentication for anything that lasts beyond a reboot.
I'm completely in favor of charging an incompetence tax on IoT systems, in the absence of regulation.
And yet, there are a thousand customers who will be replacing their now-scrap HVAC and lighting controllers...
IMHO, it's stupid to design IoT devices that communicate directly over the internet. That's the huge gaping security hole in the smart home concept. Ideally IoT devices don't even have WiFi, opting for other short-range wireless communication systems like 802.15.4-based systems or even Bluetooth PAN.
My personal dream scenario is that there is a universally adopted open standard for IoT gateways so that the individual devices don't ever have direct access to the internet, instead relying on the gateway for any internet services the user may require. That means only one vector of attack, and only one device that needs to be maintained for security.
Your "gateway" device has the potential to be problematic in itself - you're still going to have exposed vulnerable firmware and authentication methods. The problems with unguarded Internet access are mainly addressable with appropriate firewall rules (specified communication endpoints and zones) if we're talking about commercial environments.
Home devices are a bigger problem. Even if they only connect to a managed vendor network, that usually means paying a subscription, as well as the risk that your vendor will misuse your data or go out of business (potentially turning over the keys to your device to a less trusted party). But really, my dryer and thermostat work just fine with WiFi turned off; if they ever need updates, I can enable the connection exactly long enough to update and disable again. I'm not utilizing their ability to collect data or operate remotely. My household threat model isn't such that I expect someone to have automated an attack on my dryer, just lurking in wait for that brief vulnerability.
It's authentication which remains a problem; most industrial control and household systems still don't have modern threat models in mind. Stuxnet proved that any unauthenticated system access, even in theoretically air-gapped environments, can be used to do harm. As far as I'm concerned, it should take 2FA to do anything persistent to these devices.
Oh yes, it's absolutely still problematic. I wasn't offering a complete solution in the first place. The reason why I wanted everything to go through a gateway was not to eliminate the problem, but to minimize it. While it is possible to set up your average home router with some security measures, few people will actually will implement them. Another problem is that the average consumer does not know if their router is still supported by it's manufacturer, let alone if it is completely secure. Advertising a gateway as a security device would at the very least make the consumer aware that it's an issue. And since my idea is in a perfect world, it would have mechanisms in place to stop working (or at least alert the user) if support for the device ends.
I think @eva posted some content that touches on both of our positions here: https://tildes.net/~tech/9ct/yes_your_refrigerator_is_trying_to_kill_you_2014_oscon_talk
In my ideal world, IoT devices would never die until they become physically inoperable beyond repair. A 5-year (optimistic) software EOL on a refrigerator with a 20-year functional life is unconscionable. The compute component should be completely modular if it's not otherwise indefinitely upgradeable.
I could see a system built around line-of-sight IR, like the Harmony A-V/smart home remotes, that provides the control/upgrade interface without an always-on radio-frequency (WiFi, Bluetooth) connection. Nonetheless, I still want secure authentication for anything that lasts beyond a reboot.