undefined | Better HN

0 pointslazaroclapp9y ago0 comments

> How exactly would you insist on that?

How about "show me three different independent security audits by researchers or firms I trust who didn't find major issues in your product"? Sure, there needs to be a sizable group of people demanding that (and be willing to have it be the difference between a $500 and a $5K smart TV), but it is possible. For corporate IoT in certain settings, it might even be plausible.

0 comments

2 comments · 2 top-level

tajen9y ago

You should be on top. Just as we have FCC approvals before you connect a device to 3G, landlines or to the power grid, we'll have to have approvals for all devices connected to the internet. And the top test of the list is a penetration test by a preapproved firm.

Note that open-sourcing the firmwares would go great lengths in building a better world: Less spying, more upgradeability, more confidence in the tools, easier pentests and a legacy of new code for future generations.

rocqua9y ago

You're going to need either hard regulation, or liability for such breaches to change behaviour.

Mostly because, as Mirai shows, the costs are external to the consumer of the broken device.

j / k navigate · click thread line to collapse