IoT (in)security

Interesting read:

Not surprising though.


@ Architect - IMO, at present “IOT Security” is a contradiction in terms.

IIRC, that’s not all that different from things like cars, which have (at least prior to electronic keys) a limited number of potential unique key combinations. And it’s troubling that the article is conflating code and cryptographic keys.

I’d be willing to bet that in fact both code and keys are routinely copied, but the article doesn’t really address code at all, despite the headline.

It is possible (and maybe likely) that people porting the various code scraps didn’t understand the real implications of copying certificates. Knowledge of crypto and proper crypto practices is not well distributed through the programmer community. In fact, I would say that people qualified to properly apply crypto algos and assets are really in the minority.

Cargo-cult programming is alive and well…


@ devhammer - I think those are the cases where keys are hardcoded in the code and that code is copied.

Changed the post title :wink:

Fair enough, but I think the article would have done well to make that distinction clearer.

And has been forever. There might have been one person on the planet who used to write truly original IBM3090 JCL, but everyone one else copied that code.

Coders today are encouraged to copy as much code as they can, use frameworks etc that they don’t really understand so this problem is unexpected???

This ad really pisses me off, I know its just a BS ad, but its really telling as to the mentality anymore.