Comment by smjburton

5 days ago

> For better or worse, the engineers behind the service decided not to implement a standard protocol like DTLS.

> We're not certain if each device has its own unique private key, but whether it does or not, both have downsides ... If all devices share the same firmware private key, the attacker needs to reverse engineer just a single device to MITM attack any other devices.

If anything, this article further highlights that security on these type of devices isn't as rigorous as other consumer electronics like laptops or smartphones. Anyone using smart devices should look into DD-WRT, OpenWrt, Tomato, or Asuswrt-Merlin and isolate these devices in their own VLAN away from the rest of your private network.

2 comments

smjburton

Reply
vsviridov  5 days ago

If anything, devices of that nature should have local control via Bluetooth LE, and not require some crappy proprietary cloud

  • smjburton  5 days ago

    Agreed, the ideal solution would be to control these devices without being on your home network at all.