Email or username:

Password:

Forgot your password?
Jess👾's posts Post Back to profile
Top-level
Al Abut

@JessTheUnstill honest question: how do you do that without creating a security nightmare? I’m not a security expert but it seems like it would be just handing out blueprints for more exploits on newer devices built on the same stack.

7 April at 22:02 | Wall-to-wall | Open on techhub.social
5 comments
Jess👾

@alabut
Not really. Most of these devices are just under the covers just running a pretty standard Linux or BSD operating system + whatever drivers are needed for the hardware, so security vulns are all pretty well known. The proprietary application code wouldn't necessarily even need to be included, so long as the bootloader was unlocked so you could do something else with the hardware.

7 April at 22:26 | Open on infosec.exchange
Al Abut
Jess👾

@alabut
In fact, these devices are commonly hacked and exploited by cyber criminals when someone continues to use them after they've stopped being supported because the vendor doesn't bother to patch them anymore despite vulnerabilities being discovered. This has been a huge problem for people's old IOT devices getting added to botnet clusters to be used in DDOS attacks or as a proxy to mask their source IP address. So at least unlocking the boot loader means that it would be more possible for an end user to upgrade their old IOT devices to a community supported release that still gets vulnerability updates.

@alabut
In fact, these devices are commonly hacked and exploited by cyber criminals when someone continues to use them after they've stopped being supported because the vendor doesn't bother to patch them anymore despite vulnerabilities being discovered. This has been a huge problem for people's old IOT devices getting added to botnet clusters to be used in DDOS attacks or as a proxy to mask their source IP address. So at least unlocking the boot loader means that it would be more possible for an...

7 April at 23:27 | Open on infosec.exchange
Al Abut

@JessTheUnstill ...oh the penny dropped for me now. So this is where going open source might also help close up loopholes?

8 April at 0:06 | Open on techhub.social
Jess👾

@alabut
At least it would provide a pathway for someone to update their device without having to replace the hardware (normal caveats - the user would have to have enough tech know how and time to switch it to a different firmware, and there would have to be some community that maintains said firmware, but at least it would be possible)

8 April at 0:18 | Open on infosec.exchange
Go Up