Questions about the Internet of Things: network-connected devices whose core functions do not include general-purpose interactive computing (e.g. cars, home appliances, consumer-grade routers) and whose potential software vulnerabilities are often overlooked by both users and manufacturers.
Questions tagged [iot]
131 questions
57
votes
10 answers
Does the local network need to be hacked first for IoT devices to be accessible?
I completely understand how IoT devices were used in the massive DDoS attacks because they are easily manipulated due to lack of firewalls, default passwords, etc.
What I don't understand is although easily hacked, most IoT devices are connected to…
Chad Caldwell
- 623
- 1
- 5
- 6
50
votes
6 answers
How safe are wifi enabled talking toys?
There have been ads on the radio recently for a wifi enabled toy called Talkies, which are advertised as being able to communicate with app enabled phones, with a "trusted circle" that other phones can be added to.
(Obligatory photo of a cute wifi…
JohnP
- 611
- 1
- 6
- 11
27
votes
8 answers
Should firmware images for IoT be encrypted for security reasons?
When working with Internet of Things devices, is it recommend to obfuscate or encrypt firmware images pushed to clients? This to make reverse engineering harder.
(They should be signed of course)
VC_work
- 481
- 4
- 7
22
votes
6 answers
When connecting an Arduino Uno to the internet (ethernet) what are some attacks it's susceptible to and how can I secure against them?
I am connecting an Arduino Uno to the internet via ethernet (using the ethernet shield v2) and querying NTP time. Making requests to a NTP server is the only internet related thing it does. You can use the ethernet shield as an SD card to host data,…
JohnnyAppleseed
- 331
- 2
- 5
20
votes
4 answers
Should I only let my TV connect to the guest WiFi?
According to this Kaspersky blog post, it is a security risk to connect IoT devices, such as Smart TVs, to my home WiFi. It claims I should use my guest WiFi network for this.
Is this true? Is it a security risk to use my regular network to get…
Evorlor
- 567
- 2
- 6
- 13
18
votes
1 answer
Is a PKI for the IoT really a good idea?
I am reading a bit about the security of IoT devices and found quite a lot of articles describing how a PKI would be an improvement for the current infrastructure. I am, however, not convinced if setting up a PKI would improve security for most of…
KojoUzochi
- 343
- 2
- 9
12
votes
4 answers
Is there a common standard for evaluating the Security of an IoT device?
When you write a paper about an implementing a classifying computer-vision/machine-learning algorithm, you can simply count the number of positive (correct) negatives/positives, and the number of negative (incorrect) negatives/positives. However is…
Iancovici
- 223
- 1
- 6
7
votes
3 answers
Key differences between X509 TLS Client certificate and server certificate
Is there any difference between a X509 TLS client cert and a server cert?
I had been implementing certificate-based mutual authentication and hence trying to get/use certificates for IoT devices. While we are pretty clear on server certificates, I…
Akhilesh Gupta
- 163
- 9
7
votes
1 answer
How can IoT and other network devices access the internet if my router works as a firewall?
My understanding is that routers act as natural firewalls. In that context, how can an IoT device receive commands from the WAN if they are not initiated from within the LAN? In a specific example, how does my smart thermostat know that temperature…
John
- 71
- 2
6
votes
2 answers
CCM for IoT - choosing L and M
Other developers have developed a custom in-house RF protocol for our upcoming IoT devices. I would like to replace our use of AES-CTR with AE - our encryption library supports CCM which should therefore have the lowest barriers to…
Iiridayn
- 293
- 2
- 11
6
votes
1 answer
How can I properly secure the WiFi setup process of an IoT device?
My company develops a WiFi-connected IoT product. I want to make sure that the process of getting the user's WiFi credentials into the device is as safe as possible. At the moment, the product is in a prototype stage, so we can (and will) make…
Oromis
- 85
- 4
6
votes
2 answers
IoT devices with public IP?
My understanding of worms like Mirai is the following:
Try to telnet/ssh into random IPs using default user/pass credentials from various router/IoT manufacturers
If you get in, do Bad Things™.
It seems the targets are generally home/consumer…
Elliot Gorokhovsky
- 496
- 3
- 12
6
votes
1 answer
secure IoT device/brand publication
I came across this article: 75 Percent of Bluetooth Smart Locks Can Be Hacked when I was looking for IoT stuff for my home.
tl;dr is they tested 16 bluetooth smart locks and eventually only two were hack proof (as of the last update). The two left…
ton.yeung
- 245
- 2
- 8
5
votes
3 answers
What are the advantages and disadvantages of using a HackRF One compared to specific protocol sniffers?
I am performing some research on IoT test tools and came across the HackRF One which can transmit and receive from 1 MHz to 6 GHz. I therefore think that it can analyze many protocols, but I cannot find a list of them anywhere. Can it for example…
Maikkeyy
- 187
- 7
5
votes
3 answers
How to do TLS on embedded devices in a home network?
If you have a router or webcam with a web interface on a home network, can the connection between the browser and the device be secured against a man in the middle attacker? What should device manufacturers do to offer transport level…
Sjoerd
- 28,707
- 12
- 74
- 102