Any IoT security concerns

[Ipheuria]

I know from podcasts you have some smart home stuff going on. Are you at all concerned about IoT security issues? Most in the industry know about the IoT botnet that was used to DDoS and take down a large part of the internet. What do you think could be a solution to IoT security?

 

[Just_Me_D]

Since you stated "I know from podcasts you have some smart home stuff going on", are you directing this message to one of the editors? If so, which one?

 

[Tartarus]

I guess he is asking René, but I'm not concerned about privacy and security yet. It's quite new and not widespread, so the threat is equally new and not widespread.
Plus I'd love to think the IoT world has had their wake up call and implemented some extra security in their devices/appliances.

 

[Just_Me_D]

I guess he is asking René, but I'm not concerned about privacy and security yet. It's quite new and not widespread, so the threat is equally new and not widespread.
Plus I'd love to think the IoT world has had their wake up call and implemented some extra security in their devices/appliances.

Being on Tapatalk, I rarely see which Forum I'm replying in. Thanks. I now see that I'm in the Ask Rene section. Sorry about that...

 

[pkcable]

Since you stated "I know from podcasts you have some smart home stuff going on", are you directing this message to one of the editors? If so, which one?

Although this is the "Ask Rene" forum I'm sure others can chime in with their opinions and join the debate, this IS an Internet forum after all, that's kind of the point! I'm sure Rene will chime in on this one when he gets a hot minute.

 

[Just_Me_D]

Although this is the "Ask Rene" forum I'm sure others can chime in with their opinions and join the debate, this IS an Internet forum after all, that's kind of the point! I'm sure Rene will chime in on this one when he gets a hot minute.

Did you see my subsequent reply?

 

[pkcable]

Did you see my subsequent reply?

Not when I posted that! I wasn't really directing that comment at you either, probably shouldn't have even quoted. Was just trying to make the point that we should all feel free to comment in these threads either way. Sorry if I came off as an ***.

 

[Rene Ritchie]

I know from podcasts you have some smart home stuff going on. Are you at all concerned about IoT security issues? Most in the industry know about the IoT botnet that was used to DDoS and take down a large part of the internet. What do you think could be a solution to IoT security?

In the early days, absolutely. I was really concerned about putting insecure, rushed-to-market devices on my home network. I didn't even consider them getting bot'ed and used in DDoS attacks, but I didn't like the idea of opening holes on my otherwise secure network.

It was one of the reasons that, when I saw all those articles saying HomeKit was delaying vendors and Apple was being jerks by forcing them to use end-to-end encryption and secured Wi-Fi chipsets, I had to laugh. That was exactly what I wanted.

So, when HomeKit came out, that's when I started amping up my home automation.

I don't currently have any security concerns over HomeKit.

 

[Ipheuria]

Since you stated "I know from podcasts you have some smart home stuff going on", are you directing this message to one of the editors? If so, which one?

I guess he is asking René, but I'm not concerned about privacy and security yet. It's quite new and not widespread, so the threat is equally new and not widespread.
Plus I'd love to think the IoT world has had their wake up call and implemented some extra security in their devices/appliances.

The name of the forum is called "Ask Rene" which is why I formatted the question in that manner. I wasn't asking Renee specifically it was just opening up the question. I intended for it to start a conversation and I was hoping lots of others would chime in with thier thoughts and observations. Tartarus I think you have way more confidence in these manufacturers than I do. I look at the fact that it's been almost a decade and venders of wireless routers are still shipping them with username/password combos of admin/admin and admin/blank. Most don't allow users to go in and change the username to something other than admin. As well as requiring users right out of the box changing the password. I know users will use simple passwords but a blank password or admin is damn near just as simple as any user generated simple password. Add to that the fact that there are lists all over the web of default router passwords. I also don't think it's as new and small a problem https://krebsonsecurity.com/2016/10/hacked-cameras-dvrs-powered-todays-massive-internet-outage/ , https://krebsonsecurity.com/tag/mirai-botnet/ . I honestly wish someone would get the point and develop stadards for security practices that MUST be in use otherwise these devices aren't sold in North America, Europe, etc. It would really put pressure on the manufacturers.

In the early days, absolutely. I was really concerned about putting insecure, rushed-to-market devices on my home network. I didn't even consider them getting bot'ed and used in DDoS attacks, but I didn't like the idea of opening holes on my otherwise secure network.

It was one of the reasons that, when I saw all those articles saying HomeKit was delaying vendors and Apple was being jerks by forcing them to use end-to-end encryption and secured Wi-Fi chipsets, I had to laugh. That was exactly what I wanted.

So, when HomeKit came out, that's when I started amping up my home automation.

I don't currently have any security concerns over HomeKit.

Yeah I'm also feeling a lot more secure with my HomeKit connected devices. It's the ones that are out there that aren't HomeKit compatible I worry about. Whether the manufacturer can't afford to get certified for HomeKit or they just don't want to jump through the hoops. The regular consumer doesn't know the difference. Let's be honest the majority of consumers are goign to look for the cheaper alternative. The asian made knock off and that is what worries me. I have to admit that I have one connected device that is not HomeKit compatible and it worries me what kind of security is being used on it. Luckily it is from Netgear so they are a well known manufacturer and not a no name brand. Although they have a pretty spotty track record so far on this particular device they have been pretty quick to plug up exploits that were found. This is also why I'm praying that Apple doesn't leave the router space.

 

[pkcable]

In the early days, absolutely. I was really concerned about putting insecure, rushed-to-market devices on my home network. I didn't even consider them getting bot'ed and used in DDoS attacks, but I didn't like the idea of opening holes on my otherwise secure network.

It was one of the reasons that, when I saw all those articles saying HomeKit was delaying vendors and Apple was being jerks by forcing them to use end-to-end encryption and secured Wi-Fi chipsets, I had to laugh. That was exactly what I wanted.

So, when HomeKit came out, that's when I started amping up my home automation.

I don't currently have any security concerns over HomeKit.

People may criticize Apple and I've done it myself, BUT they are pretty good at waiting to bring features, products, etc to market, until they get it right! Apple is rarely if ever first, they come along and "invent" the tech a year or 2 later, BUT they get it right! As you say many of us appreciate this!

 

[Ipheuria]

So true, it's one of the reasons I think people in tech are such whiny brats lol. Wah Wah Wah there is no headphone jack. :0P