[Cryptography] FBI: Don't trust IoT devices

Ray Dillinger bear at sonic.net
Fri Dec 13 17:33:21 EST 2019

On Wed, 2019-12-11 at 15:57 -0800, Henry Baker wrote:
> I don't know if I would trust Cisco "port isolation" to devices that
> can run tcpdump/wireshark/snort/etc. 24x7, even if I had Cisco
> routers.

Like almost everything in this business it misses a fundamental point:

You can protect against bad software with hardware, but you can't
protect against bad hardware with software.  

Depending on what the little IoTargets devices are, they have the 
option of damn well ignoring your commands and configuration, and
depending on who manufactured your routers they may either fail to 
stop them or actively cooperate with them against your wishes.

And if it can't get your routers to cooperate, it can, as you 
point out, airsnort the neighbor's wireless across the street.

There are a whole lot of people who profit by making it damn near 
impossible for you to keep your personal information inside your home
or your proprietary information inside your business.  IoTargets
devices are a frequent channel for that data to be extracted, in part
because most of them are easy to subvert and install malware on, and in
part because a bunch of them come from the factory already subverted
with malware burned into the ROM.


More information about the cryptography mailing list