Yes, well stated, but, apparently, not the take of some security analyists. NPR had a show about it back in December, where the security expert stated pretty much what Nizar said. Don't know if it was the Technology Weekly or ATC show.
W5RH Rick Hiller *The Radio Hotel* -- W5RH On Sun, Feb 12, 2017 at 8:28 AM, Gary Sitton via BVARC <bvarc@bvarc.org> wrote: > Very well put! > Gary, K5AMH > > Sent with AquaMail for Android > http://www.aqua-mail.com > > On February 11, 2017 8:59:40 PM Jonathan Guthrie via BVARC < > bvarc@bvarc.org> wrote: > >> Where did you get the idea that the "rudimentary processors" are not >> capable of "high level security"? Or, for that matter, that that was a >> significant barrier to security in the Internet of Things? While it is >> true that processors like the Atmel AVR processors (to pick a widely-used >> family) are pretty wimpy, but they are sufficiently wimpy that you're not >> going to connect them directly to the Internet because you really can't. >> Once you have a processor that can natively handle a TCP/IP stack, then it >> is by definition capable of handling all of the higher-level security >> protocols. Systems on chip that are powerful enough to boot Linux (or >> NetBSD or, I suppose, Windows) are available for under $1 in Q1000, so cost >> really isn't a factor. >> >> My perspective is that there are two main problems that cause insecurity >> in the Internet of Things. First, the firmware in these devices is >> generally not updated once they are purchased. Well, reason 1B is that the >> firmware is often (well, okay, always) released with defects in it that >> have security consequences. The second reason is that much of the >> programming on these devices is done in a "sea of bits" language like C, or >> C++. Using a language like that means that nearly any defect has security >> consequences. I suppose that you could add a third reason (although I >> think that it's implied) which is that we really don't know what we're >> doing when it comes to writing defect-free software, and few people really >> understand secure programming all that well. >> >> The thing is, updating is itself a tricky proposition, and the updates >> are just as likely to contain defects with security consequences as what >> they're replacing and there's no guarantee that your updated device will >> work the same (or even at all) after the update as it did before, so merely >> providing a mechanism for doing an update is no guarantee that your device >> might eventually be made secure. >> >> On 02/11/2017 04:09 PM, Nizar Mullani via BVARC wrote: >> >> You are absolutely correct about security being a problem with IoT >> devices. Most of the IoT devices have rudimentary processors not capable of >> high level security. >> >> Just imaging some hackers from China or Russia hacking into your device >> at home and turning the temperature way up in the summer. Or, shutting down >> your car while driving in Houston traffic. Total DISASTER. Total CHAOS. >> >> >> >> *From:* BVARC [mailto:bvarc-boun...@bvarc.org <bvarc-boun...@bvarc.org>] *On >> Behalf Of *Bruce via BVARC >> *Sent:* Saturday, February 11, 2017 4:04 PM >> *To:* BRAZOS VALLEY AMATEUR RADIO CLUB <bvarc@bvarc.org> >> <bvarc@bvarc.org> >> *Cc:* Bruce <kk...@arrl.net> <kk...@arrl.net> >> *Subject:* Re: [BVARC] Presentation of Internet of Things (IoT) at the >> Houston Hamfest >> >> >> >> security is a big concern. that is why there are only about 100 approved >> devices for apple homekit vs. google's 250 devices. apple devices must be >> secure. i like my wemo switches but they are not secure. in my new house i >> have all homekit approved devices for the security. from the ecobee 3 >> thermostat, to all my phillip hue bulbs and ecobee motion/heat sensors. >> >> 73...bruce >> >> >> >> Sent from my iPhone >> >> >> On Feb 11, 2017, at 3:32 PM, Nizar Mullani via BVARC <bvarc@bvarc.org> >> wrote: >> >> We are very fortunate to have Professor Edgar Sanchez-Sinencio from Texas >> A&M present a lecture on Internet of Things (IoT) at the Houston Hamfest. >> >> >> >> The best definition of IoT is “connecting everything to everything.” It >> is an exciting area that is growing very fast. It will soon be part of our >> everyday life – whether we like it or not. So, join us for this lecture and >> get acquainted with IoT. Learn about what is coming in the future and >> discuss how this will impact Ham Radio. >> >> >> >> Please plan to attend this important presentation. You can read the >> attached pdf file for more information or go to www.Houstonhamfes.org . >> Learn more about IoT by Googling it. >> >> >> >> Nizar K0NM >> >> >> >> >> >> <IoT.PDF> >> >> _______________________________________________ >> BVARC mailing list >> BVARC@bvarc.org >> http://mail.bvarc.org/mailman/listinfo/bvarc_bvarc.org >> >> >> _______________________________________________ >> BVARC mailing >> listBVARC@bvarc.orghttp://mail.bvarc.org/mailman/listinfo/bvarc_bvarc.org >> >> >> >> -- >> Jonathan Guthrie >> ARS KA8KPN >> >> _______________________________________________ >> BVARC mailing list >> BVARC@bvarc.org >> http://mail.bvarc.org/mailman/listinfo/bvarc_bvarc.org >> >> > _______________________________________________ > BVARC mailing list > BVARC@bvarc.org > http://mail.bvarc.org/mailman/listinfo/bvarc_bvarc.org > >
_______________________________________________ BVARC mailing list BVARC@bvarc.org http://mail.bvarc.org/mailman/listinfo/bvarc_bvarc.org