Spitballing IoT Security

Brandon Butterworth brandon at rd.bbc.co.uk
Thu Oct 27 00:28:26 UTC 2016


On Wed Oct 26, 2016 at 05:10:44PM -0400, Jean-Francois Mezei wrote:
> My smart TV not only hasn't gotten updates in years, but Sharp has
> stopped selling TVs in Canada. (not sure if they still sell TVs elsewhere).
> 
> When manufacturers provide a 2 year support on a device that will last
> 10 years, it is a problem which is why they really need to get it right
> when product is released and not rely on patches.

No chance of being right first time or ever but that's not a problem
until it gets compromised

> With regards to liability. Good luck suing a chinese outfit that no
> longer exists.
> 
> And pray tell, who gets to pay the millions of dollars of lawyer fees it
> will cost to sue that bankrupt company with no money ?
 
Nobody will. This is why a kill switch is needed. If you're going to
IoT Safe mark things there needs to be a way to revoke it like with SSL certs

So say devices, which phone home anyway, are required as part of getting
the mark to check in with $version.$device.$manufacturer.iotsafe.com
it's not much more than they do to check for new firmware already

You don't want all those calling something central so delegate to manufacturers
and if they go bust drop the deleagtion and serve it centrally. An ISP
with problem devices can always fake it locally to drop them and spot the
polling traffic when looking for them

When the device checks in they can with a simple api check their version
and if they're allowed to be on the general internet on not. If banned they
go offline and maybe tell the user somehow if they can.

The deal to get IoT safe rated is that everyone agree to this, the user will
be told clearly that their thing will be removed from the net if the manufacturer
doesn't keep it safe so it's clear they sue them if there is a problem (or accept it's
so cheap they can throw it away if they go bust)

Now there's tons of holes in that like an attacher turning that bit off, there
may be better schemes I've not noticed for doing this already. All details, the
idea is a back stop is needed for when all the other stuff fails.

brandon


More information about the NANOG mailing list