[Cryptography] "Home router warning: They're riddled with known flaws and run ancient, unpatched Linux"
Jeremy Stanley
fungi at yuggoth.org
Thu Jul 9 18:52:56 EDT 2020
On 2020-07-09 15:14:15 -0700 (-0700), Henry Baker wrote:
[...]
> * Raspberry Pi 4 acting as NAT/router/DoH DNS/... connected via Ethernet
[...]
> Yes, I know, Raspberry Pi's have some closed HW & blobs,
[...]
Or spend a little more and get an open hardware SBC which doesn't (I
use the PCEngines APU1D4 which has open source BIOS/firmware and
drivers for all its hardware are mainline in not only Linux kernels
but also *BSDs, I happily run latest OpenBSD on mine).
> I'm considering setting up separate internal VLAN's/VPN's
> *solely* for closed-source home devices that I don't trust,
> and that I don't want anyone of which to see anyone else:
> 'smart^H^H^H^H^Hsurveillance' streaming TV's/NEST's/RING's/etc.
[...]
At a minimum. And if you can set up hardware address filtering or
port/client isolation on your switches and WAPs so that each device
can only communicate through the gateway, all the better. If you
just stick your untrusted devices on a LAN together, then they can
still be leveraged to compromise each other after all. You don't
want whoever's pwn3d the company that provides your "smart
thermostat" to hack your television's voice activation feature and
start listening to all your conversations.
--
Jeremy Stanley
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 963 bytes
Desc: not available
URL: <https://www.metzdowd.com/pipermail/cryptography/attachments/20200709/afc6caef/attachment.sig>
More information about the cryptography
mailing list