Stanford Starts the 'Secure Internet of Things Project'

An anonymous reader writes: The internet-of-things is here to stay. Lots of people now have smart lights, smart thermostats, smart appliances, smart fire detectors, and other internet-connect gadgets installed in their houses. The security of those devices has been an obvious and predictable problem since day one. Manufacturers can't be bothered to provide updates to $500 smartphones more than a couple years after they're released; how long do you think they'll be worried about security updates for a $50 thermostat? Security researchers have been vocal about this, and they've found lots of vulnerabilities and exploits before hackers have had a chance to. But the manufacturers have responded in the wrong way.

Instead of developing a more robust approach to device security, they've simply thrown encryption at everything. This makes it temporarily harder for malicious hackers to have their way with the devices, but also shuts out consumers and white-hat researchers from knowing what the devices are doing. Stanford, Berkeley, and the University of Michigan have now started the Secure Internet of Things Project, which aims to promote security and transparency for IoT devices. They hope to unite regulators, researchers, and manufacturers to ensure nascent internet-connected tech is developed in a way that respects customer privacy and choice.

Dumb as a Rock

[pubwvj]

I prefer a Dumb Home. Our home is built of stone. It has no brains. It is solid state. It stores incoming solar and wood fired heat and then releases it slowly. It never freezes despite our very cold northern mountain winters. It's too much thermal mass to freeze. Dumb wins. The doors are manual. The windows are manual. The security system is operated by a pack of local wolves - they eat predators. We have no thieves.

Re:Dumb as a Rock

[pubwvj]

Your post is just nonsense.

Our stone house only cost to build $7,000. That is not expensive. It's so low cost that I built it out of pocket money without needing to get a mortgage to build my home. This means I'm not paying interest on that too. Additionally the taxes are lower than a comparable sized stick built house so each year I save on taxes. And the maintenance is almost zero.

Our house cost less to build, less to maintain, less to heat and cool and is taxed less. It's extremely affordable. Not only that it is simple so most anyone could build their own making it accessible.

Our house will also last for hundreds to thousands of years instead of the typical 25 to 50 years of stick built houses.

Dumb rock house wins again.

You may not like losing but at least make sense with your responses.

Think business, not technology

[captaindomon]

Companies that make these devices are driven by business interests, not technology concerns. Which is what their shareholders expect and require. So the question isn't "Can someone hack this?" the question is "Given 0.001% of these get hacked, and our recourse is to return the $50 in a refund which is our highest liability exposure due to terms & conditions, that equates to five cents cost per unit. So if we are selling 10 million of these per year, we should not spend more than $500,000 on security engineering. That pays the full run rate for two full-time engineers. Hire them and see what they can do". We sometimes forget the economics side of things in technology arguments...