> If someone is operating or changing settings on your baby monitor, doorbell camera, garage door opener, smart switch, light bulb, etc -- the developer should check to make sure that the actor doing so is authorized to do it.
There is a well-established pattern for this that's as old as humanity itself: if you can physically reach the device, you can operate the device. Security is established by the fact that you have to be authenticated and authorized to be in the same room as the device, and if extra security is needed, then various social, physical and digital forms of keys and interlocks exist.
This naturally extends itself to operating networked[0] devices too - if you can get on LAN, you can access them. Yes, I know this doesn't exactly fly in an office, but see the keys&interlocks stuff above. And despite what security people would say, you don't need anything more than that for home (or even SMB) use. Your IoT lightbulb does not need bank-level[1] security[2].
Nor does your non-Internet connected lightbulb or fridge. Which is kind of the other point I wanted to make: non-networked devices neither need nor should go beyond the centuries-old "can reach it = can use it, +/- social norms" pattern; this means we also need to actively discourage the problem-pattern that's common today, and goes like this:
1) Connecting a device to Internet for dubious, often user-hostile reasons, then
2) Bringing up NIST security requirements and implementing them, then
3) Turning around and using all that security work to justify the Internet connection.
No, your device does not need automatic OTA updates. That's just sleight of hand - what it actually needs is to not be connected to your servers in the first place - then all the security requirements are no longer requirements.
--
[0] - Not Internet. I in IoT is bullshit 99% of the time, remaining 1% of the time it should be handled by a VPN - or even a Home Assistant instance, since 100% of IoT apps are bullshit and are better replaced with Home Assistant app + whatever vendor integration for HA the community hacked up in their free time.
[1] - Ironically, banks actually suck at this, but the analogy makes sense in theory.
[2] - Almost nothing does; we're currently dealing with runaway over-securing of everything digital, because everyone and their dog thinks their app is Special and their service is Important. News flash: it isn't. All this is doing is making software and hardware more annoying to use and footgun-rich - and of course entrenching the adtech surveillance business model.
There is a well-established pattern for this that's as old as humanity itself: if you can physically reach the device, you can operate the device. Security is established by the fact that you have to be authenticated and authorized to be in the same room as the device, and if extra security is needed, then various social, physical and digital forms of keys and interlocks exist.
This naturally extends itself to operating networked[0] devices too - if you can get on LAN, you can access them. Yes, I know this doesn't exactly fly in an office, but see the keys&interlocks stuff above. And despite what security people would say, you don't need anything more than that for home (or even SMB) use. Your IoT lightbulb does not need bank-level[1] security[2].
Nor does your non-Internet connected lightbulb or fridge. Which is kind of the other point I wanted to make: non-networked devices neither need nor should go beyond the centuries-old "can reach it = can use it, +/- social norms" pattern; this means we also need to actively discourage the problem-pattern that's common today, and goes like this:
1) Connecting a device to Internet for dubious, often user-hostile reasons, then
2) Bringing up NIST security requirements and implementing them, then
3) Turning around and using all that security work to justify the Internet connection.
No, your device does not need automatic OTA updates. That's just sleight of hand - what it actually needs is to not be connected to your servers in the first place - then all the security requirements are no longer requirements.
--
[0] - Not Internet. I in IoT is bullshit 99% of the time, remaining 1% of the time it should be handled by a VPN - or even a Home Assistant instance, since 100% of IoT apps are bullshit and are better replaced with Home Assistant app + whatever vendor integration for HA the community hacked up in their free time.
[1] - Ironically, banks actually suck at this, but the analogy makes sense in theory.
[2] - Almost nothing does; we're currently dealing with runaway over-securing of everything digital, because everyone and their dog thinks their app is Special and their service is Important. News flash: it isn't. All this is doing is making software and hardware more annoying to use and footgun-rich - and of course entrenching the adtech surveillance business model.