Spitballing IoT Security

Mark Andrews marka at isc.org
Thu Oct 27 21:00:14 UTC 2016

In message <56B9ABD3-6911-42CB-9C9D-81FB33CA55C3 at lboro.ac.uk>, Alan Buxey write
> Hi,
> >At which point the 3GS was almost 5 years old (having originally been
> >released in June 2009) and had been already superseded by the iPhone 4,
> >4S, 5 and 5S/5C.
> But the release of and presence of those phones does not make the older
> phone suddenly stop working.  As noted,  the phone might be obsolete to
> those people hungering for the latest tech but as a phone and web client
> etc it still works fine. ....and will continue doing so whilst the
> battery is okay. ... and then, with no updates it can be the next attack
> vector
> Which is the point.  These things stay out there...like those winXP
> boxes.  There are 2 choices
> 1) manufacturers are responsible for the devices.  No longer caring for
>    them? Recall them.  Compensate the users.
> 2) stronger obsolescence.  eg kill switch/firmware tombstoning/network
>    connectivity function ending timebomb
> as a user of lots of legacy tech i find either option bad :/
> alan

Or Apple could release iOS 6.1.7.  There is nothing stopping Apple doing
so.  Apple are the ones preventing people running iOS 10.x on the 3GS.
This puts the responsibilty on them to supply security fixes.

All of the PC's running XP could run a newer version of the Windows
regardless of whether they could run the latest version.

Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org

More information about the NANOG mailing list