←back to thread

Wanted to spy on my dog, ended up spying on TP-Link

(kennedn.com)
436 points kennedn | 1 comments | 15 Sep 25 16:28 UTC | HN request time: 0.212s | source
Show context
selinkocalar ◴[15 Sep 25 22:43 UTC] No.45255874[source]
IoT security is generally terrible, but the fact that consumer routers are essentially unaudited black boxes processing all your network traffic is genuinely concerning. Most people have no idea their router firmware hasn't been updated in years and is probably running known CVEs. The supply chain trust model for networking hardware is broken.
replies(9): >>45255922 #>>45256174 #>>45256498 #>>45256518 #>>45256767 #>>45257622 #>>45258241 #>>45258326 #>>45258348 #
1. protocolture ◴[16 Sep 25 03:05 UTC] No.45257622[source]
>IoT security is generally terrible

I think IoT demands a rethink of security.

Like sometimes I want IoT devices to just bloody connect, and if I have to use a published exploit that circumvents online only requirements I will do it.

But some people do genuinely have use cases for cloud speaking IoT stuff.

Really I think the device should ask at first run, and then burn in your response and act only in the selected mode. If you want it to require Cloud MFA, thats an option, if you want to piss python at your lightbulb to make it blink, then thats where it lives permanently.