this post was submitted on 18 Jul 2023
3 points (100.0% liked)

Technology

23 readers
2 users here now

This magazine is dedicated to discussions on the latest developments, trends, and innovations in the world of technology. Whether you are a tech enthusiast, a developer, or simply curious about the latest gadgets and software, this is the place for you. Here you can share your knowledge, ask questions, and engage in discussions on topics such as artificial intelligence, robotics, cloud computing, cybersecurity, and more. From the impact of technology on society to the ethical considerations of new technologies, this category covers a wide range of topics related to technology. Join the conversation and let's explore the ever-evolving world of technology together!

founded 1 year ago
3
The US government wants to label secure IoT devices with a 'Cyber Trust Mark' | Engadget (www.engadget.com)
submitted 1 year ago by readbeanicecream@kbin.social to c/tech@kbin.social
5 comments fedilink hide all child comments
 

It could label qualifying items like smart fridges..

top 5 comments
sorted by: hot top controversial new old
[–] conciselyverbose@kbin.social 3 points 1 year ago (1 children)

So I'm not entirely sure I can trust that there will be useful regulation, but it's definitely an area where useful regulation is desperately needed. Smart everything in the privacy of your home sounds great until you look at how absurdly huge of an attack vector they create. The data exfiltration is bad on its own, but the possibility of deliberate back doors with minimal consequences for lesser known brands is out there, and even "credible" brands mostly don't put near the effort into security they should.

Ideally I would make it a requirement that devices could be configured to never phone home (and published APIs or used standardized ones for self hosting). It won't happen, but without it the companies willing to subsidize devices to be spyware have a massive competitive advantage.

[–] readbeanicecream@kbin.social 1 points 1 year ago (1 children)

@conciselyverbose It is these reasons I try to avoid smart everything (or as much as I can). It just seems so invasive.

[–] conciselyverbose@kbin.social 2 points 1 year ago

I'd love to roll my own, eg if/when open source or standalone hardware that doesn't rely on external services is an option. The major players agreeing on Thread means it might be a plausible option at some point.

But right now it's a minefield.

[–] enfa@kbin.social 1 points 1 year ago

we've already got an "S" for Security in the IoT name, why do you need a separate Mark to call out how trustable 'smart' devices are?

[–] Chris_ni@kbin.social 1 points 1 year ago

This is not a good idea. Labelling certifications for things like electrical safety or radio emissions standards make sense, as they’re meeting regulatory requirements.

The problem with Cyber Security is there is no such thing as perfectly secure. A secure device today, could have a vulnerability discovered tomorrow. Additionally, a big part of Cyber Security for devices is maintaining software/firmware patching is up to date. A stamped mark to say something is secure would provide a false sense of security, and could reduce the awareness of the user to the potential risks of not maintaining their devices.