Where did you get the idea that the "rudimentary processors" are not
capable of "high level security"? Or, for that matter, that that was a
significant barrier to security in the Internet of Things? While it is
true that processors like the Atmel AVR processors (to pick a
widely-used family) are pretty wimpy, but they are sufficiently wimpy
that you're not going to connect them directly to the Internet because
you really can't. Once you have a processor that can natively handle a
TCP/IP stack, then it is by definition capable of handling all of the
higher-level security protocols. Systems on chip that are powerful
enough to boot Linux (or NetBSD or, I suppose, Windows) are available
for under $1 in Q1000, so cost really isn't a factor.
My perspective is that there are two main problems that cause insecurity
in the Internet of Things. First, the firmware in these devices is
generally not updated once they are purchased. Well, reason 1B is that
the firmware is often (well, okay, always) released with defects in it
that have security consequences. The second reason is that much of the
programming on these devices is done in a "sea of bits" language like C,
or C++. Using a language like that means that nearly any defect has
security consequences. I suppose that you could add a third reason
(although I think that it's implied) which is that we really don't know
what we're doing when it comes to writing defect-free software, and few
people really understand secure programming all that well.
The thing is, updating is itself a tricky proposition, and the updates
are just as likely to contain defects with security consequences as what
they're replacing and there's no guarantee that your updated device will
work the same (or even at all) after the update as it did before, so
merely providing a mechanism for doing an update is no guarantee that
your device might eventually be made secure.
On 02/11/2017 04:09 PM, Nizar Mullani via BVARC wrote:
You are absolutely correct about security being a problem with IoT
devices. Most of the IoT devices have rudimentary processors not
capable of high level security.
Just imaging some hackers from China or Russia hacking into your
device at home and turning the temperature way up in the summer. Or,
shutting down your car while driving in Houston traffic. Total
DISASTER. Total CHAOS.
*From:* BVARC [mailto:[email protected]] *On Behalf Of *Bruce
via BVARC
*Sent:* Saturday, February 11, 2017 4:04 PM
*To:* BRAZOS VALLEY AMATEUR RADIO CLUB <[email protected]>
*Cc:* Bruce <[email protected]>
*Subject:* Re: [BVARC] Presentation of Internet of Things (IoT) at the
Houston Hamfest
security is a big concern. that is why there are only about 100
approved devices for apple homekit vs. google's 250 devices. apple
devices must be secure. i like my wemo switches but they are not
secure. in my new house i have all homekit approved devices for the
security. from the ecobee 3 thermostat, to all my phillip hue bulbs
and ecobee motion/heat sensors.
73...bruce
Sent from my iPhone
On Feb 11, 2017, at 3:32 PM, Nizar Mullani via BVARC <[email protected]
<mailto:[email protected]>> wrote:
We are very fortunate to have Professor Edgar Sanchez-Sinencio from
Texas A&M present a lecture on Internet of Things (IoT) at the Houston
Hamfest.
The best definition of IoT is “connecting everything to everything.”
It is an exciting area that is growing very fast. It will soon be part
of our everyday life – whether we like it or not. So, join us for this
lecture and get acquainted with IoT. Learn about what is coming in the
future and discuss how this will impact Ham Radio.
Please plan to attend this important presentation. You can read the
attached pdf file for more information or go to www.Houstonhamfes.org
<http://www.Houstonhamfes.org> . Learn more about IoT by Googling it.
Nizar K0NM
<IoT.PDF>
_______________________________________________
BVARC mailing list
[email protected] <mailto:[email protected]>
http://mail.bvarc.org/mailman/listinfo/bvarc_bvarc.org
_______________________________________________
BVARC mailing list
[email protected]
http://mail.bvarc.org/mailman/listinfo/bvarc_bvarc.org
--
Jonathan Guthrie
ARS KA8KPN
_______________________________________________
BVARC mailing list
[email protected]
http://mail.bvarc.org/mailman/listinfo/bvarc_bvarc.org
