ISO rejects the NSA's IoT crypto standard, believing it to be backdoored


Originally published at:


A colleague just had her car stolen off her front drive by criminals who remotely shut down her wireless security camera. I think that some decent crypto is in order.


And they are secure! They are secure from attacks by anyone but the NSA. For now. As far as we know.


Well, they are free to use these protocols themselves. Time (and tests) will tell if they were really as secure as they thought…


Make an algorithm in cursive writing, nobody will be able to read it.


There is no such thing as “wireless encryption protocol”. WEP stands for “wired equivalent privacy”, which possibly means that eavesdropping on WEP is as easy as tapping a wire.


Not if my security is at stake. I demand my government use the very best unbreakable crypto, especially for securing my vote.




Wow, this is an actual thing that happened?

It sounds like many many more steps than the average car thief would bother with (or would need to bother with if they just chose a different car halfway down the block). Maybe her car is insanely valueable and is too tempting for Danny Ocean and his team of computer hackers and gymnasts?

I’m not doubting that she believed that this happened and told you that criminals broke into her network to shut down her wireless camera. But I’m exceedingly skeptical that a car thief first broke into a wireless network, then found a vulnerability in a security camera to shut it down –all that in order to not be recorded breaking into a car. Surely wearing a balaclava or a Nixon mask, or just choosing a different car that isn’t in front of a camera, would be easier and cheaper.

On a different note – crypto doesn’t prevent wifi jamming, which is probably easier than all the steps outlined above.


It’s a shame about the evil, but this standard doesn’t sound like it’ll come to anything anyway. You can get sub-$1 ARM microcontrollers today, so by the time this standard is finalised and implemented in cheap, commercially available ICs, I would bet that even IoT lightbulbs will have more processing power than a late-90s desktop PC. If manufacturers wanted to make secure devices, they could already be using existing technologies like TLS in most cases.

I was thinking recently, a more useful thing would be if IoT devices used a modified form of DHCP where, to get onto the network, they have to submit a certificate which says “download my profile from”, and that signed profile tells the router exactly what hosts the device is allowed to communicate with. It’d be simple to implement because it’s just an extra static string the device has to include in its DHCP request, and it would allow the router to lock down the device far more than is currently practical. As an incentive to manufacturers, it could also provide an automatic way to open up specific routes, so devices could be contacted directly via the internet, but only from specific hosts nominated by the manufacturer. But the main point is that, because it requires close to zero effort, it would stand a chance of actually being adopted.


hee-hee. My very first internet connection when I was even poorer than now was by hacking somebody’s WEP.
Backdoors are found by really smart people and then made into “for dummies” apps that anyone can use. No thanks. Strong crypto, please.


You are probably correct. The system stop recording for the period covering the theft. They also managed to steal the car (a not very fancy family hatchback) without access to the keys and without breaking any glass. Modern life, eh?


I’d certainly be the last to argue with the statement that security needs to stop sucking, several years ago, in embedded devices; but it’s worth noting that something like an IP camera is really operating on a whole different scale than the standards being wrangled over here.

Their firmware is typically chunks of binary blob held together by a thin slurry of apathy badge-engineered into a semblance of palateability on the outside and occasionally spiced with little bits of malice; like the world’s grimmest crab cake forced into a somewhat strained figure of speech; but in terms of resources they are pretty much real computers(purely by way of example, and since I have one cracked open on my desk here, the D-Link DCS-930L is a piece of cheap rubbish released something like four years ago and capable of operating on under 5 watts. It still brings a 360MHz MIPS core, 32MB of RAM; and a hardware h.264 encoder to the table). Something of that size doesn’t really need ‘IoT’-security; it’s quite large enough to just borrow the TLS stuff we hammered out for real computers; if the vendor cared enough, which they don’t.

The niche that Simon and Speck apparently won’t be getting the nod for is rather smaller(apparently ‘ubiquitous computing’ is what we are calling ‘motes’/‘smart dust’/‘pervasive computing’ this decade). At this scale you can’t really go with “keep it standard stupid” and just reuse stuff from real computers, at least if you want room on your 8 bit microcontroller for whatever program you were supposed to be in encrypted communication with.

The larger scale embedded devices are a ghastly charnel trench of a security situation; but not for want of standards(or at least standard elements to wrap your pet proprietary protocol in). They are large enough to use the same ones we use on real computers; and they can draw on other standards where relevant(IP cameras, say, typically use MJPEG or MPEG-something unless they really, really hate you; and they have two standards bodies; competing and by no means necessarily mutually compatible and usually cheerfully ignored in favor of a nice shiny ‘app’ with a dose of cloud by the consumer-focused brands).

The smaller ones are more of an unsettled case. There are some fairly mature space and power constrained designs(SIMs and smartcards being the big use case); but also a lot of horrible failures(basically all the proprietary contactless/RFID designs). Given that people are going to start hooking them up to the internet and it will be a disaster it’s certainly sensible for standards bodies to try to get ahead of that, so that they can at least ruefully note that their recommendations were ignored; but these aren’t the ones already hooked up to the internet in dangerous numbers with near total disregard for good practice.


Given that the deauth attack is well known and works well; and can be trivially implemented on non-specialist-criminal hardware(even some rather fancy ‘enterprise’ gear explicitly offers it; only for dealing with ‘rogue’ access points; of course. Never mind that calling the other guy ‘rogue’ on the ISM band is basically just self-important puffery) it wouldn’t be a huge surprise if an apparatus suitable for knocking those increasingly popular(and oh so commonly ‘cloud’ dependent with minimal local storage, poor little lambs) wifi IP cams out is an increasingly popular accessory for the competent property criminal.

It might not be worth the risk if you had to import a super-illegal RF jammer from a seedy dealer in credit card skimmers and apparatus of ill repute; that would probably end up being considered evidence of probable guilt and/or good for a sentence enhancement; but when you can even do it in software on a phone with supported chipset? Much lower barrier to entry; and since it’s not a brute force jamming attack the low power transmitter doesn’t matter as much.


Of course, your government isn’t necessarily mine:wink:


The article is about mine, but go ahead and make demands of yours too. You’re more likely to accomplish something than I am.


This topic was automatically closed after 5 days. New replies are no longer allowed.