Catch up on stories from the past week (and beyond) at the Slashdot story archive

 


Forgot your password?
Close
typodupeerror
×
Privacy Security The Internet Hardware

GlobalSign Supports Billions of Device Identities In an Effort To Secure the IoT (globalsign.com) 28

Posted by msmash from the fixing-things dept.
Reader broknstrngz writes: GlobalSign, a WebTrust certified CA and identity services provider, has released its high volume managed PKI platform, taking a stab at the current authentication and security weaknesses in the IoT. The new service aims to commodify large scale rapid enrollment and identity management for large federated swarms of devices such as IP cameras, smart home appliances and consumer electronics, core and customer premises network equipment in an attempt to reduce the attack surface exploitable by IoT DDoS botnets such as Mirai.

Strong device identity models are developed in partnership with TPM and hardware cryptographic providers such as Infineon and Intrinsic ID, as well as other Trusted Computing Group members.
This discussion has been archived. No new comments can be posted.

GlobalSign Supports Billions of Device Identities In an Effort To Secure the IoT More

GlobalSign Supports Billions of Device Identities In an Effort To Secure the IoT

Comments Filter:

  • PKI? (Score:1)

    by Anonymous Coward

    The problem with IOT devices by and large is unneeded internet-facing services with default passwords, known remote exploits, and no interest from manufacturers in security patches after the sale.

    You can put all the PKI you want into these products and the vendor will implement it with the same care as the rest of their software - ie. NONE.

    • Remember; the "S" in "IoT" stands for "Security!"

      =Smidge=

    • Worse than that; in all likelihood.

      While adoption has been patchy; the 'trusted computing'/TPM guys definitely have what it takes to deliver a cryptographically locked bootloader and a variety of other powerful-and-somewhat-creepy capabilities; so anyone who gets onboard with this will presumably move from shipping hardware with shitty firmware that doesn't get patches to shipping hardware with shitty firmware that doesn't get patches and cannot be fixed or replaced even if you have the requisite experti
    • Yup. The headline should read "GlobalSign Wants to Sell Billions of Certificates Blah Blah IoT". When it comes to the IoS, lack of certificates isn't even on the radar in terms of its problems.
  • The problem with IoT is almost 100% due to default passwords or no passwords. The solution is not to add another complicated layer on top. This is bullshit. We just need to start producing products with unique passwords. Simple.

    I just bought a new TP-Link Ethernet over Power adapter kit with built-in WiFi and to my surprise, it comes with a little card with the unique password for my particular unit, in case I ever have to reset it to factory. No more default password for every unit. It's that simple fo

    • The solution is not to add another complicated layer on top.

      The proposed solution also presents a single point of failure for the cryptographic resource. If one company manages to get hacked, or infiltrated by one agent, or gets betrayed by one employee, everything will be lost.

      Bruce Schneier had the analogy of putting $100 into each of 10 safes, versus putting $1000 into one expensive safe. The $1000 in a single place makes it cost-effective for a burglar to try to break in, while $100 in ten safes does not, even if the 10 safes are individually less secure than th

    • Exactly. The problem is not that IoT devices are lacking "unique identities", or not using signed SSL certificates, it's that any clown on the Internet can exploit them remotely.

    • The problem with IoT is almost 100% due to default passwords or no passwords. The solution is not to add another complicated layer on top. This is bullshit. We just need to start producing products with unique passwords. Simple. I just bought a new TP-Link Ethernet over Power adapter kit with built-in WiFi and to my surprise, it comes with a little card with the unique password for my particular unit, in case I ever have to reset it to factory. No more default password for every unit. It's that simple folks.

      You're absolutely right that that alone would make most of these mass-attacks completely impractical. Kudos to TP-Link for not being as lazy as the rest of the shitbox IoT vendors out there. Jeez, even a PW that was generated from the Serial No. would be better than "admin", or "1234", or whatever most default PWs are...

      • Re: (Score:2)

        by suss ( 158993 )

        admin:123456, with an open telnet port, and the first thing it does, is try to get the outside IP and contact 3 different Chinese dyndns servers to make sure their trojan horse inside your network is known to the world...

        This is done on purpose, i'm sure of it.

        • admin:123456, with an open telnet port, and the first thing it does, is try to get the outside IP and contact 3 different Chinese dyndns servers to make sure their trojan horse inside your network is known to the world...

          This is done on purpose, i'm sure of it.

          Oh, I agree; and likely with the tacit approval/urging of the FiveEyes guys.

          Sometimes it really IS a Conspiracy.

    • What makes you think that password is unique? Do you own a significant number of those devices to make this bold statement?

  • other than increasing the cost of a device, whats the plus side again?
  • HomeKit fixes the security holes quite nicely, thank you; even more so if you use Bluetooth rather than WiFi.

    Then, the issue becomes all the other shitbox back-of-the-napkin "Protocols" that are insecure. If your IoT device supports one of those in addition to HomeKit, you could still be unsafe [macobserver.com].

    But as far as HomeKit itself, it is quite secure.

Slashdot Top Deals

"The vast majority of successful major crimes against property are perpetrated by individuals abusing positions of trust." -- Lawrence Dalzell

Close