undefined | Better HN

0 pointsriskable9y ago0 comments

No, the biggest challenge in IoT right now is security and in that same vein, updates.

IoT devices identifying themselves (authentication) is only a tiny sliver of the security picture. You also need to worry about authorization, encryption, and (security) monitoring.

One really annoying security problem with IoT devices right now is SSL/TLS's complete fundamental incompatibility with the concept of "roaming". Want to connect to your device via SSL/TLS? Better get used to ignoring warnings about the certificate name not matching the device's IP/hostname.

0 comments

cobookman9y ago

Identity and encryption are tied hand in hand. It's about knowing where all the iot data is coming from, and knowing it wasn't spoofed.

It's kind of like HTTPS. nobody can snoop on you, but it's more about stopping malicious actors from lifting your identity. And making sure you are connected to the true requested server.

j / k navigate · click thread line to collapse

0 pointsriskable9y ago0 comments

No, the biggest challenge in IoT right now is security and in that same vein, updates.

IoT devices identifying themselves (authentication) is only a tiny sliver of the security picture. You also need to worry about authorization, encryption, and (security) monitoring.

0 comments

cobookman9y ago

Identity and encryption are tied hand in hand. It's about knowing where all the iot data is coming from, and knowing it wasn't spoofed.

It's kind of like HTTPS. nobody can snoop on you, but it's more about stopping malicious actors from lifting your identity. And making sure you are connected to the true requested server.

j / k navigate · click thread line to collapse