I dont use stupid "cloud" crap for my IOT devices they talk to the server in my home, and the ones in the vacation home talk over an encrypted VPN to my home.
it's the consumer crap designed to spy on you that are the problem, not IOT.
You can make IoT secure. Devices can be put on separate network segments that can't see each other, are firewalled, with an IDS/IPS in place to minimize damage if compromised. Logs can be exported one way via syslog to a secure server, which can be searched by Splunk or an elk stack machine. Warnings can be handled by an application running locally that can do email or SMS. Hub/spoke architectures can be used with low bandwidth devices using Bluetooth. Heck, most IoT devices could be hardwired. The deadbolt? Many, many buildings have used electric strikes and locks, and that technology is reliable enough for home use. Alarm systems are better hard wired anyway.
However, there is no money to be made by making IoT secure. As mentioned in other/. posts, the mantra, "security has no ROI" thrums loudly among most businesses. The IoT problems are solvable. It is a matter of won't, not can't.
This seems like it could be done fairly easily in software right inside even consumer-grade routers, and would at least help in mitigating some of the security threats of these devices. These routers already offer "guest networks" on most newer models, so this seems like the next logical step. Just create a simple way at router setup/configuration time to create an "IoT network" as well which is isolated from anything else on the router for safety.
Machines take me by surprise with great frequency.
- Alan Turing
Too late (Score:5, Insightful)
The convenience is worth the risk. The dumb-ass majority has spoken.
Re: (Score:5, Insightful)
Fair point. But did they have any other options?
Are there secure IoTs?
Maybe, just maybe, the developers/manufacturers are at some fault.
Re: (Score:5, Insightful)
"Are there secure IoTs?"
yep all of mine are. because I made them.
I dont use stupid "cloud" crap for my IOT devices they talk to the server in my home, and the ones in the vacation home talk over an encrypted VPN to my home.
it's the consumer crap designed to spy on you that are the problem, not IOT.
Re:Too late (Score:2)
You can make IoT secure. Devices can be put on separate network segments that can't see each other, are firewalled, with an IDS/IPS in place to minimize damage if compromised. Logs can be exported one way via syslog to a secure server, which can be searched by Splunk or an elk stack machine. Warnings can be handled by an application running locally that can do email or SMS. Hub/spoke architectures can be used with low bandwidth devices using Bluetooth. Heck, most IoT devices could be hardwired. The deadbolt? Many, many buildings have used electric strikes and locks, and that technology is reliable enough for home use. Alarm systems are better hard wired anyway.
However, there is no money to be made by making IoT secure. As mentioned in other /. posts, the mantra, "security has no ROI" thrums loudly among most businesses. The IoT problems are solvable. It is a matter of won't, not can't.
Re: (Score:2)
This seems like it could be done fairly easily in software right inside even consumer-grade routers, and would at least help in mitigating some of the security threats of these devices. These routers already offer "guest networks" on most newer models, so this seems like the next logical step. Just create a simple way at router setup/configuration time to create an "IoT network" as well which is isolated from anything else on the router for safety.