Black Lives Matter - Action and Equality. ... Adafruit is open and shipping.

IoT Security
Moderators: adafruit_support_bill, adafruit

Forum rules
If you're posting code, please make sure your code does not include your Adafruit IO Active Key or WiFi network credentials.
Please be positive and constructive with your questions and comments.

IoT Security

by thedocgeek on Fri Mar 25, 2016 3:06 pm

Steve of has spoken a lot about IoT being a gateway into a home's network. He talked a lot about it on the TWIT podcast Security Now #551. Has Anyone listened to his views and reported what it means to users of Adafruit products?

Posts: 7
Joined: Fri Jun 19, 2015 7:19 pm

Re: IoT Security

by mikeadamz on Sat Mar 26, 2016 12:28 am

I think the problem with IOT security is not the people here, the makers, but the consumers. The audience here is much more likely to tinker with their devices, configure secure defaults, and keep things up to date. There may be some old Raspberry Pi's floating around, but I'd wager that the Arduino devices are pretty secure.

What is a risk, though, are all of the plug in and forget it type devices. Things like your internet router, smart security camera, etc.. These devices are usually set up once and never looked at again. Meanwhile, they're running web servers and other software that need to be maintained.

Some connected device manufacturers have caught on to this, though. For example, Nest products are auto updated without user consent or intervention. This keep things patched and secure, but at the cost of giving up a lot of control to the vendor.

That's one of the things that makes MQTT so attractive - it's all outbound connections from your device. It can consume data on one feed and maybe publishes data to another feed; all without the need to have a service listening. Devices with no running services are much more difficult to exploit.

Posts: 17
Joined: Thu Jan 21, 2016 1:20 am

Please be positive and constructive with your questions and comments.