[Cryptography] FBI: Don't trust IoT devices
Ray Dillinger
bear at sonic.net
Fri Dec 13 17:33:21 EST 2019
On Wed, 2019-12-11 at 15:57 -0800, Henry Baker wrote:
>
> I don't know if I would trust Cisco "port isolation" to devices that
> can run tcpdump/wireshark/snort/etc. 24x7, even if I had Cisco
> routers.
>
Like almost everything in this business it misses a fundamental point:
You can protect against bad software with hardware, but you can't
protect against bad hardware with software.
Depending on what the little IoTargets devices are, they have the
option of damn well ignoring your commands and configuration, and
depending on who manufactured your routers they may either fail to
stop them or actively cooperate with them against your wishes.
And if it can't get your routers to cooperate, it can, as you
point out, airsnort the neighbor's wireless across the street.
There are a whole lot of people who profit by making it damn near
impossible for you to keep your personal information inside your home
or your proprietary information inside your business. IoTargets
devices are a frequent channel for that data to be extracted, in part
because most of them are easy to subvert and install malware on, and in
part because a bunch of them come from the factory already subverted
with malware burned into the ROM.
Bear
More information about the cryptography
mailing list