IoT in Isolation

Last week I was listening to the Security Now podcast episode #551 where the hosts, Steve Gibson and Leo Laporte, discussed the Trane ComfortLink II internet-connected thermostat vulnerabilities.   You can read the grisly details in the original Krebs on Security article that the podcast hosts, I believe, refer to.  Basically, Krebs points out the gnarly issues that IoT faces when it comes to effectively updating vulnerable firmware and software.  Steve Gibson, in the podcast discussion, takes things a step further and points out that isolating IoT devices by putting them on their own network is a good practice to prevent lateral movement of an attacker on your network.  I believe that over the next couple of years we will see home networking products that will attempt to offer out-of-the-box solutions for IoT network isolation.  The question remains, however, if the average user is up to the task.  As Krebs pointed out, “patching vulnerable devices can be complicated, if not impossible, for the average user or for those who are not technically savvy.”  Network isolation may not prove any less complicated.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s