Reply to post: Re: Updates

Don't be too shocked, but it looks as though these politicians have actually got their act together on IoT security

bombastic bob Silver badge
Pirate

Re: Updates

"That's how a zero-day at the manufacturer becomes a worldwide shit-storm."

Or, an "update" triggered by an MitM attack, including one that uses a VERY loud WiFi drive-by radio (using a very high gain antenna to accomplish this, not difficult) to THEN cause your home network devices to "roam" to the rogue AP (or WiFi bridge), which then becomes an MitM and THEN does things _LIKE_ inject malware in the form of firmware onto IoT devices...

Yes, it's VERY plausible. I could probably design something to do this without a whole lot of effort, by configuring a Linux laptop as a WiFi bridge, and then go from there...

That being the case, updates should NOT be mandatory, nor even SCANNED for. Maybe you get an e-mail from the company saying "We have an update to your firmware" or it appears on your phone application (if you're using one), or the web page that displays the info, and you THEN manually install the update with the ability to REVERT in case of a problem. Like that.

Yeah - mandatory updates - has worked SO well with Win-10-nic, why stop there?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019