8 comments

[ 3.4 ms ] story [ 24.5 ms ] thread
This is from before the recent Mirai DDoS attack.
There should be some testing for IOT devices like the FDA clearance for medical industry.
Or just add it do the fcc testing that electronic devices already go through
Just some basic rules like:

- no default passwords

- no access from Internet until explicitly enabled by user

would make a world of difference. We'll still have to deal with bugs, but this would go a long way.

> - no access from/to Internet until explicitly enabled by user

This would be better. It would get rid of this IoT cloud madness.

No access to the Internet? How then can we [make money by spying on you] provide you a better service?
That's the whole point of regulation. Companies are forced to do something in the interest of customer, even if it's not in their own interest (similar thing to providing warranty, which costs and many companies would happily ditch it if they weren't required to provide it).
I think we should require automatic updates (configurable to manual); said updates should obviously be signed and probably encrypted.