Nevertheless, most IoT devices only talk (outgoing) to
some server in
some cloud, and are reasonably safe, at least until the server is
attacked.
Which is why I'll only buy systems for which the API is either open or
well-understood.
I have several sets of Philips hue bulb networks in the house. They sit
on the secured non-routable internal network and have never been able to
phone home. The central server drives them directly using a Perl tool I
wrote (huepl), and now the security and access controls are metered by me,
not by Philips.
Similarly, my home camera system connects to an Axis concentrator that
is only accessible on that same non-routable network. The central server
grabs snapshots and motion JPEG feeds from it. Again, the security is
now in my hands.
I admit I'm paranoid and having this requirement reduces the amount of
hardware I'll see fit to buy, but usually it reduces it to the higher
quality devices in any case.
--
------------------------------------ personal:
http://www.cameronkaiser.com/ --
Cameron Kaiser * Floodgap Systems *
www.floodgap.com * ckaiser at
floodgap.com
-- Reality is when it finally happens to you, too. ----------------------------