As a technically competent GNU/Linux user, I'd be happy to buy the insecure smart switch and firewall out their server, as long as I can figure out a way of sending the packets myself from the command line. That way, if I ever do need to operate it from outside, I can SSH in and type the command on my own server (which would be on the same network). No need for any of our Chinese friends to get fired: just re-label the product to reflect the fact that the buyer needs to be competent enough to manage firewalls and set up their own servers. (I assume this would be easier for them than actually fixing it, because the factory probably bought in the software from a third-party developer and it's now a done deal. Shutting down their remote server might help a bit, but the devices will probably still listen to any packet purporting to come from that IP address, so it's still a good idea to firewall it out.)
Power management, mobile and firmware developer on Linux. Security developer at Aurora. Ex-biologist. mjg59 on Twitter. Content here should not be interpreted as the opinion of my employer. Also on Mastodon.
I'd be happy to buy that insecure switch
Date: 2016-07-10 11:26 am (UTC)