[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
On Wed, 19 Feb 2014, Shaun Orchard wrote:
Ah, so it does. But given some of the vulnerabilities listed I'm not sure I would want to trust the product even if this set of vulnerabilities is fixed, it doesn't seem as if security is top priority for Belkin. I feel uneasy about it having constant communication with Belkin's servers too, I'd rather have something that didn't require constant internet access and could happily work without needing to go via their service (I don't know if the WeMo can do this, I haven't used it). Especially if you plan to control anything more critical than lights or a washing machine or something.
This is the bit... If you want easy access to your "stuff" remotely then you need to have a static IP address (or use one of the many dyn-dns type services) AND create port forwards in your router.
This is beyond the ability of 99.99999% of all Internet consumers.So the vendors make it easy by having their kit talk to their fixed-ip central servers, so that the remote controllers then talk to those servers too and thus control can be established.
This is not new. There are lots and lots of other services that do this - e.g. Most Telephone services, Whats App, Skype, Dropbox, LogMeIn, TeamViewer, and 1000s of other service type applications.
The issue then becomes two-fold: (1) Do you trust the service provider and (2) do you trust your own NAT gateway to not allow piggy-backing on an open NAT connection.... A lot of consumer-grade routers do allow this - is it exploited - probably.
(Then there's u-pnp - a whole new ball game!)you also have to trust that the device you put on your LAN won't ssh out and then allow someone to ssh in, with the ssh-ability to do port-forwards, that person then has full access to your LAN... You can't easily stop that with a firewall either unless you deny outgoing connections - which defeats the object...
So it's convenience vs. expertise and the "app" that "just works" will win. Even if it does steal all their bank details, sends spam, pron, their TV viewing habits, etc.
Gordon -- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/listfaq