This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/iot-wg@ripe.net/
[iot-wg] "The Internet of Threats: Fighting FUD with MUD"
- Previous message (by thread): [iot-wg] "The Internet of Threats: Fighting FUD with MUD"
- Next message (by thread): [iot-wg] "The Internet of Threats: Fighting FUD with MUD"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Jacques Latour
Jacques.Latour at cira.ca
Mon Oct 22 09:54:48 CEST 2018
Hi, I just joined this group. Today's and tomorrow's smart television are more a full blown computer with screen and keyboard, and it difficult to pin down exactly what the device should be doing in a MUD profile. It's not a real IoT device. A MUD profile for a thermostat or video camera or a real IoT device will be useful. The prototype has shown for far it's functionally possible to make MUD work. Jack >-----Original Message----- >From: iot-wg <iot-wg-bounces at ripe.net> On Behalf Of Jelte Jansen >Sent: October 22, 2018 12:29 AM >To: Jim Reid <jim at rfc1035.com>; Peter Steinhäuser <ps at embedd.com> >Cc: RIPE IoT WG List <iot-wg at ripe.net> >Subject: Re: [iot-wg] "The Internet of Threats: Fighting FUD with MUD" > > > >On 10/21/18 2:33 PM, Jim Reid wrote: >>> MUD files can help to identify what’s a devices purpose and >>> monitoring if the device is doing what it’s supposed to do. I agree >>> that we should not have much hope that the device makers will do their job. >> >> Indeed. However at least MUD files should (in principle anyway) give people an >idea of what their latest IoT toy will do once it’s plugged in. Though just saying it >phones home to google/Amazon/Facebook every so often isn’t much help if you >don’t know what it's sending and receiving. Or why it’s doing that. >> > >Or, as it was in the case of Samsung Television voice control data, whether the >data that is ostensibly sent for a reasonable purpose is passed on to third parties >by the service anyway. No amount of technical measures will protect against >that. But at least then it will be the services' responsibility. > >> MUD files are a small step in the right direction. Hopefully we’ll one day see >this information printed on the IoT device itself and the box it comes in. >> > >I have started to wonder whether this won't be the other way around. As in, >whether device manufacturers might be forced to disclose what their devices >will be doing on the internet (similar to how they should disclose what power >they safely operate at), and that MUD (or MUD-like) profiles will be derived from >that. > >> BTW, Jelte spoke about the SPIN project at the WG meeting in Marseille. It was >a revelation to see how much data was being sent outside his home network >from its IoT devices. [And on a related note, why does my DVD player call the >mothership and what data are being exchanged?] Michael’s idea of an IoT >firewall would mean we can see what’s going on. This sort of thing will be >essential if the concept of informed consent means anything. >> > >Peter and I have been in contact after that presentation :) > >Anyway, the move to everything being encrypted, while protecting against >eavesdroppers, will certainly not help protect against what our devices are >sending out. At most to whom initially (but now I am repeating myself). But that >is already very revealing; I have done a few presentations about SPIN where we >connected an audience member's phone to the system, and every single time >something interesting has popped up so far. > >The biggest 'whoa what the' moment you can get, by the way, if you can show >an Amazon Echo owner that Amazon stores -and you can play back- all the audio >commands they have ever given those things. > >Jelte > >_______________________________________________ >iot-wg mailing list >iot-wg at ripe.net >https://mailman.ripe.net/
- Previous message (by thread): [iot-wg] "The Internet of Threats: Fighting FUD with MUD"
- Next message (by thread): [iot-wg] "The Internet of Threats: Fighting FUD with MUD"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[ iot-wg Archives ]