In my mind it's a pretty gross violation of the principal of least privilege[1]. All it takes is one bad IoT device on your local LAN to exfiltrate/pivot over to the Hub. Some of the data that's dumped is things like "noise levels" which borders on sensitive PII information. Not to mention any vulnerabilities in these services that aren't understood yet.
For all those reasons and more the IoT stuff on my local network goes into a VLAN that only gets to see the gateway and nothing else. No local UDP, TCP or the like, the Ubiquiti gear I picked up a while back makes it pretty trivial to setup.
it doesn't just take an iot device. every of app on your phone or pc or appletv or tablet could be hacking stuff on your local network and many of those apps have vulnerabilities which can be exploited to gain access. See Call of Duty network bug as just one example. A PS4 game recently had a similar issue
We need an internet of firewalls. I dislike tech legislation, but sometimes I think all networked devices should be required to have an internal firewall.
Many of these devices have to listen for something. Mdns, http, printer, etc. Having a firewall does nothing when you have to open up the ports that are being exploited anyway.
Well, they don't need to listen to everyone that knocks. I'm sure we would be delighted when devices would only talk to clients with valid certificates from the vendor, right?
Edit: disclaimer: I work for Google, but my only contact with the home ecosystem is having a Chromecast.
Would we? The next thing that would happen is those certificates would end up inside secure chips, and suddenly the only way to talk to an IoT device would be through an official vendor's app, over an official vendor's bridge. No thank you. Turning physical products into services is not what I want.
This reminds me of a product idea I had a while back - a sandboxed wifi router that plugs in to your existing router. When you setup your IoT devices, you point them to the sandbox. I figure this already exists, and nobody cares.
Guest WiFi usually uses a captive portal, I think. I don't think that would work with something like Google Home, which expects to have internet access right away AFAIK
A much better LAN firewall will be needed, can also mean you can easily get rid of 1 to many NAT with IPv6. It would have to be self learning for any hope of adoption by the mass market
This is all because of the current madness to have all devices connected each other. Completely connected "smart" things and network isolation/security: choose one.
If the devices I care about are secure (laptop, phone etc) then I shouldn't have to care about other devices, whether they're on my home network or not.
I'm in no way a security/network export and I'm sure the people who came up with the current specs were smart people doing their best but it always seems a bit shit to me. I can send death packets to any device even if I'm not attached to the network and they're just honoured? Really? Was all this stuff created in a time when nobody actually considered bad people?
> Was all this stuff created in a time when nobody actually considered bad people?
Yes. The Internet was designed in times where the primary worries were a) nuclear attacks causing major disruptions in the infrastructure, and b) pranksters. You can see that in the design of protocols, which assume all actors are participating in good faith. A lot of pieces of the Internet we still use were created for research community, where the default assumption was that everyone is acting benevolent (and if someone wasn't, they could be found and punished quickly through out-of-band means). I don't think anyone back then could ever imagine the amount of clueless, careless and evil people the commercialization of the Internet would bring to the network.
Tangentially, this is also why we're stuck with programming in environments subpar compared to what we had in the 70s. The level of control people had over their OS and software also implied total lack of security.
Yes, the network itself primarily and the way devices connect over it. Perhaps we'd need to start over?
When I'm at work people get shouty if you just bring a laptop in and plug it into the network. "If they find out you'll get in trouble". Why wouldn't they find out? And why aren't devices whitelisted so you simply connect without prior approval?
Maybe. But if we do, I'd love if there were allowances in the new design for creating isles where everything flies, and security is very low. I have two reasons for that:
One, security is - to some extent - mutually exclusive with capabilities. When everything is sandboxed and end-to-end encrypted, I can't inspect what a piece of software is doing, and I can't write code to make that piece of software do what I want. This flexibility is needed to make one's workflow efficient, and one's problems solvable (at least without waiting for someone else to solve them).
Two, hardening security has the distinct tendency for enabling vendor overreach and lock-in. The same techniques that secure your data from evil third parties can be used to secure "your" programs from you.
May I ask what your setup is like? I have an Ubiquiti ER-POE and a Unifi AP. Is it straightforward to assign different SSIDs on the AP to different networks, or do you also need one of the unifi security gateways?
For all those reasons and more the IoT stuff on my local network goes into a VLAN that only gets to see the gateway and nothing else. No local UDP, TCP or the like, the Ubiquiti gear I picked up a while back makes it pretty trivial to setup.
[1] https://en.wikipedia.org/wiki/Principle_of_least_privilege