Eliot Lear <[email protected]> wrote: > It’s the following part that I’m thinking about:
....
>> to retrieve a JSON object telling it that it is captive. At which point,
it
>> can flash a LED, or attempt a firmware upgrade, or maybe just reboot if a
>> timer goes off. (%)
> You are suggesting that a device self-remediate. Some devices may be
> able to eventually do that, but I have my doubts. Were I a hacker, I
> would have the device pretend to do just that. And so this ties
> somewhat to RATS. I think a MUD extension might be able to help in as
> much as one could imagine a “remediation” recommendation.
Yes, so a full attack on the IoT device would do what you describe.
A partial attack might miss messing this. A reboot might clear out the
malware, or might mitigate it enough (such as going to boot firmware) that
would permit new firmware to be loaded.
Yes, getting completely out of the quarantine would require either
attestation or human intervention. But, if the device now has good firmware,
it would be able to send the "please unquarantine me" signal.
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works | IoT architect [
] [email protected] http://www.sandelman.ca/ | ruby on rails [
--
Michael Richardson <[email protected]>, Sandelman Software Works
-= IPv6 IoT consulting =-
signature.asc
Description: PGP signature
_______________________________________________ OPSAWG mailing list [email protected] https://www.ietf.org/mailman/listinfo/opsawg
