[Cryptography] 5 Questions to Ask your IoT Vendors; But Do Not Expect an Answer

Phillip Hallam-Baker phill at hallambaker.com
Wed Dec 14 08:26:18 EST 2016


On Tue, Dec 13, 2016 at 11:26 PM, Peter Gutmann <pgut001 at cs.auckland.ac.nz>
wrote:

> Forwarded by a friend:
>
> https://isc.sans.edu/diary/5+Questions+to+Ask+your+IoT+
> Vendors%3B+But+Do+Not+Expect+an+Answer./21807
>
> Very apropos given the IoS mess, and ones that virtually no IoS vendor
> would
> be able to answer.  In most cases the answers for 1-4 would be "whut?" and
> for 5 it'd be "military-strength AES" or something similar.
>


​The questions I would want answered in addition would be whether it
requires the use of a separate service, how long the service will be
supported, what information does it collect, etc.

I had this Revolv hub that claimed it would integrate all my devices in the
house. Google bought the company and shut it down. They repaid me the $300
I paid for the hub but I ended up with $3000 worth of installed devices
that became useless until another company made something similar.

Yes, I know the security is junk, that is why I installed it.​
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20161214/52fd113a/attachment.html>


More information about the cryptography mailing list