I remember trying to buy a TV that does not have "smart" functionality a few years ago. It was a chore. Today it seems nigh-impossible.
And not just TVs: ovens; refrigerators; dishwashers — all have "smart" options. In fact, it seems that more and more the available non-smart models are only the simpler ones, less performant in ways that are not related to any smart functionality missing.
My non-smart TV was available only with lower resolutions than "smart" models of the same brand.
This really annoys me. I am too well aware of security implications of smart devices.
I do not want to have to manage regular software updates for whatever number of appliances I have at home, or risk somebody using them in a botnet (or worse).
And no, I don't trust their "disable WiFi" menu options either. Seen this setting get enabled without my consent too many times.
I *could* put them on a special VLAN, but 99% of people can't. That's a problem, and not just for them.
2/🧵
In 2016 a router-based Mirai botnet took down Dyn, one of the biggest online infrastructure companies, and many well known websites with it:
https://coar.risc.anl.gov/mirai-attack-dyn-internet-infrastructure/
Mirai mainly targeted home routers.
As early as 2018 there were already botnets that… used CCTV cameras. But of course the predominant media narrative was "hackers attack" instead of "vendors put us at risk":
https://www.vice.com/en/article/9a355p/hackers-are-using-cctv-cameras-to-create-botnet-swarms
But I digress.
With all this in mind, I started thinking of how could this be solved?
3/🧵
So here's my (silly?) idea: a regulatory requirement for #IoT / smart-appliance vendors to provide either:
a). models physically without the smart functionality but with other performance metrics on-par with their smart models;
or
b). a reliable, verifiable, physical way of disabling smart functionality in their smart-devices.
I want to be able to buy a damn refrigerator without worrying about it joining a botnet! Just ain't cool.
I do wonder if this makes any sense!
4/🧵/end
Just to clarify, my silly idea of a regulation would leave the choice between a). or b). to the manufacturer. I think it's fine to provide them with that choice.
A lot of responses to this ☝️ thread focus on how "one can simply not connect the smart appliance to the WiFi" or "you can just disable its WiFi."
It's my experience that such software settings tend to not be respected. A firmware update might "accidentally" enable WiFi. The appliance might automagically connect to open networks.
But is it just me? A poll! 📊
Have you ever experienced a "smart" appliance changing its network-related settings (WiFi on/off, for example) without your knowledge?
