Email or username:

Password:

Forgot your password?
Top-level
Al Abut

@JessTheUnstill honest question: how do you do that without creating a security nightmare? I’m not a security expert but it seems like it would be just handing out blueprints for more exploits on newer devices built on the same stack.

5 comments
Jess👾

@alabut
Not really. Most of these devices are just under the covers just running a pretty standard Linux or BSD operating system + whatever drivers are needed for the hardware, so security vulns are all pretty well known. The proprietary application code wouldn't necessarily even need to be included, so long as the bootloader was unlocked so you could do something else with the hardware.

Jess👾

@alabut
In fact, these devices are commonly hacked and exploited by cyber criminals when someone continues to use them after they've stopped being supported because the vendor doesn't bother to patch them anymore despite vulnerabilities being discovered. This has been a huge problem for people's old IOT devices getting added to botnet clusters to be used in DDOS attacks or as a proxy to mask their source IP address. So at least unlocking the boot loader means that it would be more possible for an end user to upgrade their old IOT devices to a community supported release that still gets vulnerability updates.

@alabut
In fact, these devices are commonly hacked and exploited by cyber criminals when someone continues to use them after they've stopped being supported because the vendor doesn't bother to patch them anymore despite vulnerabilities being discovered. This has been a huge problem for people's old IOT devices getting added to botnet clusters to be used in DDOS attacks or as a proxy to mask their source IP address. So at least unlocking the boot loader means that it would be more possible for an...

Al Abut

@JessTheUnstill ...oh the penny dropped for me now. So this is where going open source might also help close up loopholes?

Jess👾

@alabut
At least it would provide a pathway for someone to update their device without having to replace the hardware (normal caveats - the user would have to have enough tech know how and time to switch it to a different firmware, and there would have to be some community that maintains said firmware, but at least it would be possible)

Go Up