fosstodon.org is one of the many independent Mastodon servers you can use to participate in the fediverse.
Fosstodon is an invite only Mastodon instance that is open to those who are interested in technology; particularly free & open source software. If you wish to join, contact us for an invite.

Administered by:

Server stats:

11K
active users

I remember trying to buy a TV that does not have "smart" functionality a few years ago. It was a chore. Today it seems impossible.

And not just TVs: ovens; refrigerators; dishwashers — all have "smart" options. In fact, it seems that more and more the available non-smart models are only the simpler ones, less performant in ways that are not related to any smart functionality missing.

My non-smart TV was available only with lower resolutions than "smart" models of the same brand.

#IoT

1/🧵

This really annoys me. I am too well aware of security implications of smart devices.

I do not want to have to manage regular software updates for whatever number of appliances I have at home, or risk somebody using them in a botnet (or worse).

And no, I don't trust their "disable WiFi" menu options either. Seen this setting get enabled without my consent too many times.

I *could* put them on a special VLAN, but 99% of people can't. That's a problem, and not just for them.

#IoT

2/🧵

In 2016 a router-based Mirai botnet took down Dyn, one of the biggest online infrastructure companies, and many well known websites with it:
coar.risc.anl.gov/mirai-attack

Mirai mainly targeted home routers.

As early as 2018 there were already botnets that… used CCTV cameras. But of course the predominant media narrative was "hackers attack" instead of "vendors put us at risk":
vice.com/en/article/9a355p/hac

But I digress.

With all this in mind, I started thinking of how could this be solved?

#IoT

3/🧵

So here's my (silly?) idea: a regulatory requirement for #IoT / smart-appliance vendors to provide either:

a). similarly-priced models physically without the smart functionality but with other performance metrics on-par with their smart models;

or

b). a reliable, verifiable, physical way of disabling smart functionality in their smart-devices.

I want to be able to buy a damn refrigerator without worrying about it joining a botnet! Just ain't cool.

I wonder if this makes any sense!

4/🧵/end

Just to clarify, my silly idea of a regulation would leave the choice between a). or b). to the manufacturer. I think it's fine to provide them with that choice.

A lot of responses to this ☝️ thread focus on how "one can simply not connect the smart appliance to the WiFi" or "you can just disable its WiFi."

It's my experience that such software settings tend to not be respected. A firmware update might "accidentally" enable WiFi. The appliance might automagically connect to open networks.

But is it just me? A poll! 📊

Have you experienced a "smart" appliance changing its network-related settings (WiFi on/off, etc) without your knowledge?

:boost_ok:

@rysiek disbling wifi consists replacing the wifi antenna with a 50Ω resistor to ground
💙💛:~/eu/pl/priv$:idle:

@sxpert @rysiek And what, did you check it ? Because I am just checking and an external wifi-dongle with dummy load 50Ω works quite well some 3m from the router...

@miklo
Which is good to 500 MHz and who knows what the impedence is at 2.4 or 5 GHz (depending on your wifi flavor). Although odd that you'd be receiving anything but then again RF is sometimes not going to do what you expect.
@sxpert @rysiek

@Affekt @sxpert @rysiek Well that's why (among other things) this dummy load radiates something because it is neither impedance matched at 2.4Ghz nor shielded. Exactly like this proposed 50Ω resistor will act.

@miklo @sxpert @rysiek Ha, gotcha. I just completely missed the point you were trying to make. I'm not very good at subtlety most of the time :)