[Nottingham] WPA2 is falling (no-security IoT)

Martin martin at ml1.co.uk
Tue Oct 17 14:38:13 UTC 2017


On 17/10/17 11:03, Jason Irwin via Nottingham wrote:
[...]
> I hope the major OEMs ... are on the ball.

I expect totally not.

After all, in the commercial proprietary world, security and
maintainability 'just get in the way' of getting whatever product to
'Market'.

Various manufacturers even use the shoddiness as an excuse to next use
Marketing/persuasion/coercion at their victims to very soon buy an
'updated' whole new device in the hope that the newer version might work
better!

What was it that Einstein (or whoever) said about doing the exact same
thing again and hoping to get something different?...


> And what about all the IoT devices? Will the no-name OEMs release fixes?
> (I think we all know the answers). Hmm...a wireless IoT lightbulb with
> it's own DHCP server and network bridging - what could possibly go
> wrong? https://mjg59.dreamwidth.org/40397.html

Hilarious!

Especially the minimum MQTT implementation to just get
something/anything working, no error checks, no security, all open to
the world on an external cloud service.

(Also junked when that cloud service is no longer supported... You are
turned off.)

The open unencrypted WiFi access and bridged unrestricted to your
internal network is a beacon of manufacturer pure ignorance...


Incredible :-(

This sort of thing should be taught in schools...

Raspberry Pi anyone? :-)


Phew!

Cheers,
Martin


-- 
- ╔═══════════════════╦══════════════════════════════════════════╗
- ║   Martin Lomas    ║ OpenPGP (GPG/PGP) Public Key: 0xCEE1D3B7 ║
- ║ martin@ ml1 co uk ║ Import from   hkp://subkeys.pgp.net   or ║
- ║ ----------------- ║ http:// ml1 .co .uk/martin_ml1_co_uk.gpg ║
- ╚═══════════════════╩══════════════════════════════════════════╝



More information about the Nottingham mailing list