IoT security

valdis.kletnieks at valdis.kletnieks at
Thu Feb 9 20:18:15 UTC 2017

On Thu, 09 Feb 2017 14:54:26 -0500, William Herrin said:

> Is there some way an industry association could overcome this? Perhaps
> have some trivial way to assign each model of IoT device some kind of
> integer and have the device report the integer instead of its plain
> text manufacturer and hardware model number? Where the assigned
> integer is intentionally not published by the industry association
> though of course trivially determinable by anyone who owns one of the
> devices.

Or anybody who knows how to use the internet to look for reports of owners who
have issues.  All it takes is one smarter than the average bear user posting
"I've got a MobyWombat 3000 light bulb, and it keeps sending 1193432542 to some
server someplace...."

> Wouldn't especially impair building a database of vulnerable
> devices but it would raise the bar for trying to turn the

If it doesn't *heavily* impair building a database of vulnerable devices,
it's not a solution to the problem under discussion.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 484 bytes
Desc: not available
URL: <>

More information about the NANOG mailing list