[Cryptography] FBI: Don't trust IoT devices

Natanael natanael.l at gmail.com
Sat Dec 14 06:33:46 EST 2019

Den fre 13 dec. 2019 21:55Mo Balaa <buddybalaa at gmail.com> skrev:

> I’ve been developing open source solutions around location aware
> connectivity enablement.
> The general idea is that when my phone is not associated to my home AP,
> specific groups of
> devices will automatically have their connectivity disabled.
> Further, in addition to VLAN segmentation, specific classes of devices
> such as smart TVs and voice
> enabled devices assistants, should require explicit user permission for
> each network interaction. Imagine something akin to smart phone enabled
> push-to-talk for your Amazon Alexa.
> I’m very interested in developing these solutions in an open source
> capacity and would be interested in collaborating with others who are
> interested in these types of projects.
> Is anyone familiar with an existing open source or commercial offering
> along those lines?

I know of Mozilla's IoT gateway project.


My own belief is that the solution requires firewalling off ALL not
perfectly trusted devices behind a secured gateway, ideally with
controllable API proxies.

As in, when you connect something like a smart bulb it talks to absolutely
nothing else than the gateway, and it exposes its API to it.

All other devices that wants to control these IoT devices does so via the
gateway, *IF* they have been given the correct permissions to do so, *IF*
they even have permission to know it exists.

One of the hardest technical parts here is making rule based access
controls simple. Much of the other work is just "just" engineering.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.metzdowd.com/pipermail/cryptography/attachments/20191214/6a8d3293/attachment.htm>

More information about the cryptography mailing list