Who didn't see that one coming
Really who DIDN'T see it coming ?
It's not just home broadband routers that have hopeless security: according to security outfit Veracode, cloudy home automation outfits also need to hang their collective heads in shame. With nothing but standard by-the-manual configurations and network traffic capture – but with no attacks against the devices or the cloud …
.. so am I.
Until IPv6 arrives, home devices will almost always hide behind Network Address Translation and DHCP-issued public IP addresses, which means the only consistent way to address them is by having a host on the Internet somewhere (you could use dynamic DNS too, but that becomes too complicated for the average end user).
Having an external host controlled by someone else talking to my home kit would NOT my preferred way to secure my home, yet that is exactly what is presently on offer. If there was an intelligent, provably safe way to ensure only I control my kit instead of some 3rd party I could be interested, but that is probably still a leap of faith too big for me.
Even electronic home lock companies do this - I wonder how on earth you'd get that insured (or, more accurately, how you'd get insurance to pay out with such a lock in place - they'd probably walk off the premises smiling).
Until IPv6 arrives, home devices will almost always hide behind Network Address Translation and DHCP-issued public IP addresses
You're absolutely right about NAT, yes, but I'm not sure what you mean by 'DHCP-issued public IP addresses'. None of these devices will have a public IP address if they are behind NAT. That would be whole point of it.
Now the router itself will in most cases have a DHCP assigned public address but there's still a lot of connections out there that have a static IP address assigned. And even if your connection has a dynamic IP address a lot of those are quite sticky these days, With connections staying up for days and often weeks at a time there's not as much churn as there used to be. The DHCP leases for some ISPs are several minutes as well so a short connection bounce might not be enough to generate a new address.
you forgot a key point
and Securing
It is naff all use setting up a network is it is open to every Tom, Ahamed, Wong and Ivan to hack into now is it?
Othewise a devent article for the masses (viz those who are not Linux masters) would be useful to give to relatives. Then you can say, "follow these easy steps and I might consider supporting you. If you don't then you are on your own sunshine!"
Home automation is STILL in its infancy, products are created that are then installed by others for people who have more money than sense.. security is a low consideration it seems.. I am waiting for wifi enabled devices that I can have full control over!
Until I can buy myself WiFi enabled devices that use encryption end to end with my own server that I have full control over, I will stick to walking to the wall to turn off lights...