This really annoys me. I am too well aware of security implications of smart devices.

I do not want to have to manage regular software updates for whatever number of appliances I have at home, or risk somebody using them in a botnet (or worse).

And no, I don't trust their "disable WiFi" menu options either. Seen this setting get enabled without my consent too many times.

I *could* put them on a special VLAN, but 99% of people can't. That's a problem, and not just for them.

#IoT

2/🧵

In 2016 a router-based Mirai botnet took down Dyn, one of the biggest online infrastructure companies, and many well known websites with it:
https://coar.risc.anl.gov/mirai-attack-dyn-internet-infrastructure/

Mirai mainly targeted home routers.

As early as 2018 there were already botnets that… used CCTV cameras. But of course the predominant media narrative was "hackers attack" instead of "vendors put us at risk":
https://www.vice.com/en/article/9a355p/hackers-are-using-cctv-cameras-to-create-botnet-swarms

But I digress.

With all this in mind, I started thinking of how could this be solved?

#IoT

3/🧵

So here's my (silly?) idea: a regulatory requirement for #IoT / smart-appliance vendors to provide either:

a). similarly-priced models physically without the smart functionality but with other performance metrics on-par with their smart models;

or

b). a reliable, verifiable, physical way of disabling smart functionality in their smart-devices.

I want to be able to buy a damn refrigerator without worrying about it joining a botnet! Just ain't cool.

I wonder if this makes any sense!

4/🧵/end

A lot of responses to this ☝️ thread focus on how "one can simply not connect the smart appliance to the WiFi" or "you can just disable its WiFi."

It's my experience that such software settings tend to not be respected. A firmware update might "accidentally" enable WiFi. The appliance might automagically connect to open networks.

But is it just me? A poll! 📊

Have you experienced a "smart" appliance changing its network-related settings (WiFi on/off, etc) without your knowledge?

Hey #IoT #InfoSec fediverse, there seems to be a general understanding there are "smart" devices (Smart Tvs etc) that will not allow you to use them unless you connect them to the Internet so that they can call home. As in, they won't even function as a dumb HDMI screen.

However, I cannot find any source on this online. Anyone has a specific link, brand name, model, example of this? I am pretty sure this is true, just want to have a specific example.

Thanks! 

Okay, I got my shit together and blogged about this thing.

I want a fridge that won't join a botnet
https://rys.io/en/164.html

> I could put such devices on a special VLAN, or behind a Pi Hole, but 99% of people can’t. Plus, it’s work. Plus, most importantly, you can bet that “smart” devices will start coming with SIM cards and 4g/5g modems very soon — cars already do. Why does my fridge need Internet connectivity in the first place?

#IoT