U.S. Senator Calls On Federal Agencies To Improve IoT Device Security, Stop DDoS Attacks

[Lucian Armasu]

Senator Mark Warner from Virginia called on the FCC, FTC, and the DHS to find a solution to the growing DDoS attacks problem, with a potential solution being ISP-level blocking of "zombie" IoT devices.

U.S. Senator Calls On Federal Agencies To Improve IoT Device Security, Stop DDoS Attacks : Read more

 

[skit75]

Spouse A: Ohh look dear... this toilet paper dispenser only has a $300.00 annual firewall subscription!
Spouse B: That must be on sale, GRAB IT! As long as we let the manufacturer know how much we wipe and agree to the 3rd party marketing flea-poop print, the first year is actually only $150.00!

 

[InvalidError]

A "limit" implies that it wasn't meant or believed to be possible to beat. 1Tbps DDoS isn't a limit, it is a milestone or a new high-watermark that will inevitably get surpassed at some point in the future as more bandwidth becomes available at the network edge and more potential victim devices come online.

 

[falchard]

Honestly, when I saw it was a Democrat Senator proposing regulations on the Internet in the vain of added security, I expected something idiotic. He at least makes some sense that ISPs should not be forced to allow all traffic through their networks. Aside from that he didn't propose anything like requiring certain features, or having computer assemblers get a certification which is positive. He just asked for ideas from this business sector. So suffice to say I can't say how dumb it is until legislation is written.
The only thing I can say is that he misunderstands the "Tragedy of the Commons" in terms of economics. It only applies to a limited resource that is open to public consumption. The tragedy of the commons is mostly eliminated when the resource is owned privately. It would be difficult to apply the theory on internet security and DDoS attack.

 

[Jeff Fx]

>Honestly, when I saw it was a Democrat Senator proposing regulations on the Internet in the vain of added security, I expected something idiotic.

"Democratic." Wingnuts say "Democrat" rather than "Democratic." Do you want to be mistaken for a wingnut?

Why? Insanity usually comes from the delusional Republicans. Wingnuts, with inverted worldviews from Republican propaganda, imagine that the Democrats are the party that's out of touch. Again, you risk being mistaken for a wingnut.

Btw, it's spelled "vein."

 

[undersuit]

What if put government backdoors in all our devices? Then if our devices are misbehaving the government can turn them off.
/s

 

[javaskull]

This to me sounds like a good idea potentially. It reminds me of computer interference regulations like what the FCC has on power supplies etc. Your device has to be secure. Otherwise it's illegal and we'll block it or fine you for using it (or better yet, selling or making it).

 

[Blitz Hacker]

Mandate security standards on IoT Devices. Specifying a port range they can use (with default firmware) and develop security standards (updateable Over the Wire/Air) updates like cellphones. This will do two things. #1 it will make scanning for the devices easier (if the device doesn't pass security updates it will be apparent almost instantly as they will be exploited) secondly if such an attack occurs ISP's could simply drop the port range from traffic vs trying to filter packets which is not only resource intensive but not really practical.

There will always be 'cheap crap' out there but simply blocking off the use based on traffic type outside of the given port ranges I think would be acceptable. Aswell I think device manufacturers need to be liable for maintaining the firmware (to a reasonable security level) over the life of the product.

This isn't an 'annoying side effect' this is potentially internet destroying behavior and should be dealt with as such.

 

[falchard]

[quotemsg=18787814,0,1864829]>Honestly, when I saw it was a Democrat Senator proposing regulations on the Internet in the vain of added security, I expected something idiotic.

"Democratic." Wingnuts say "Democrat" rather than "Democratic." Do you want to be mistaken for a wingnut?

Why? Insanity usually comes from the delusional Republicans. Wingnuts, with inverted worldviews from Republican propaganda, imagine that the Democrats are the party that's out of touch. Again, you risk being mistaken for a wingnut.

Btw, it's spelled "vein."[/quotemsg]

Republicans are a different type of stupid. Democrats, and I do use that as an insult tend to be for over regulation and unnecessary restrictions. They tend to make legislation on things they typically know little about, bring in experts they don't listen to, and implement overbearing rules that make the problem worse. Take for instance licensing which is a roadblock for people intending to get into an industry while not providing any added protection for the consumer.
Like I said, I can't say how this will be stupid until they make legislation on it. From the only proposal in the article, they are moving in a positive direction. Makes sense considering its the Virgina Senator proposing it instead of an institutionalized one like Chuck Schumer.

 

[targetdrone]

Just because a device has the latest top of the line totally impenetrable security TODAY doesn't mean design flaw or bug won't appear 12 months from now totally compromising the security. (Heartbleed, Stagefright, and all of those Java and Adobe flaws)

It's hard enough getting security patches for Android smartphones that cost several hundreds of dollars. No IoT manufacture is going to write a new firmware for a year old, out of production $50 toaster(which was designed to break after 13 months of collecting dust on the counter anyways)

 

[targetdrone]

[quotemsg=18788737,0,235320]This to me sounds like a good idea potentially. It reminds me of computer interference regulations like what the FCC has on power supplies etc. Your device has to be secure. Otherwise it's illegal and we'll block it or fine you for using it (or better yet, selling or making it).[/quotemsg]

So it should be illegal to use any version of Android that's not the latest version(which is Nougat as of today)? Yeah good luck with that one. millions of phones being used right now will never ever see Nougat. Now expand that craziness to toasters and coffee makers.