Originally published at: https://boingboing.net/2017/10/20/active-attacks.html
…
What part of: If one engineer can code it, there is a planet of engineers who can fuck with it, don’t people understand?
There will always be somebody/company/country that thinks they have the perfect code that nobody can break.
Evidence in hand suggests they are delusional at best, or publishing the code because they know the holes and have sold the information to the highest bidder.
The people who wrote this stuff don’t even think they wrote perfect code that no one can break. They just don’t think about it at all, and/or don’t give a shit. It is super common for software written for IoT type devices to be complete afterthoughts and complete garbage.
Think of like how bad your TVs firmware is, or like the firmware on most routers, etc. Now consider that IoT stuff is usually cheaper throwaway garbage that doesn’t even have the budget for software that TV manufacturers have. It’s just thrown together nonsense.
I’m a bit curious why this thread is so very short…
Probably because everyone is already facepalming since mirai?
I do find this puzzling, though.
After all, the “S” in “IoT” stands for “security”.
Just one more reason I don’t have Internet enabled light bulbs and doorbells and garage door openers and dishwashers and mood rings and toilet paper dispensers that let me check how many sheets are on the roll before I hit the bathroom in case I need to pick some up or Dash buttons so I can order a new case of walrus ivory toothpicks when I run low.
Hell, I’d like an Alexa or such but until I see substantial proof they are properly hardened to a reasonable level, not happening.
Consider that not only are the name brand IOT devices being mostly made in China (and thus are subject to a potential for malicious interference), but that the bulk of IOT devices being peddled on Amazon and other online retailers are those in the “value” (now there’s a misnomer!) tier, made by one of thousands of Chinese factories and labeled with generic sounding import company names. It wouldn’t surprise me if many of these companies were fronts for, or tied to, Chinese military/intelligence groups.
I have a hard enough time trusting name brand IOT schlock, but I don’t trust the “generics” at all. They are the largest of gaping cyber holes (idea for a punk band name anyone?), and if the USA was actually giving a crap about cyber security, they’d take their import procedures far more seriously. We’re letting the Trojan horses roll on in because they’re cute little ponies that are “saving us money”.
We now return to our regularly scheduled programming…
This topic was automatically closed after 5 days. New replies are no longer allowed.