> > The problem is in allowing inbound connections and going as far as doing
> > UPnP to tell the CPE router to open a inbound door to let hackers loging
> > to that IoT  pet feeder to turn it into an agressive DNS destroyer.

> Well yes.  uPnP is a problem precisely because it is some random device
> asserting on its own that it can be trusted to do what it wants.  Had
> that assertion come from the manufacturer, at least you would know that
> the device was designed to require that sort of access.**

And why would anyone in their right mind trust the manufacturer to make this 
decision?  <Shudder>

Neither the device nor the manufacturer have the authority to make that 
decision ... ONLY the owner of the device has that authority, and once made the 
owner of the device is responsible for *all* consequences resulting from that 
decision.  If the device itself makes the decision (because it is programmed to 
do so by the manufacturer), then the manufacturer is responsible for all the 
consequences resulting therefrom.

End Of Line.




Reply via email to