Meet Thistle, the startup that wants to secure billions of IoT devices

Introduce yourself to us and other members here, or share your own product reviews, suggestions, and tips and tricks of using QNAP products.
Post Reply
Mousetick
Been there, done that
Posts: 947
Joined: Thu Aug 24, 2017 10:28 pm

Meet Thistle, the startup that wants to secure billions of IoT devices

Post by Mousetick » Fri Apr 23, 2021 4:03 pm

News article from Ars Technica:
Meet Thistle, the startup that wants to secure billions of IoT devices
Startup gets $2.5 million funding to jump-start security for connected devices.
https://arstechnica.com/information-tec ... t-devices/
--

Good idea! Sounds promising. We'll have to wait and see how this pans out of course. At least they acknowledge the issue and are trying to fix it, so that's a start.

Although their initial plan sounds a little bit underwhelming. Providing a firmware update framework is nice, but how about tackling the weak or non-existent security principles and mechanisms on which these devices are built?

User avatar
Moogle Stiltzkin
Ask me anything
Posts: 9873
Joined: Thu Dec 04, 2008 12:21 am
Location: Around the world....
Contact:

Re: Meet Thistle, the startup that wants to secure billions of IoT devices

Post by Moogle Stiltzkin » Fri Apr 23, 2021 4:55 pm

i read that article but wasn't sure to share it. the idea is nice but there is nothing out and proven yet :{

atm all i'm doing for iot is

- don't use alexa :'
- vlan iot for smart tv
- don't port forward
- update iots often


not sure what else i can do : :S
NAS
[Main Server] QNAP TS-877 w. 4tb [ 3x HGST Deskstar NAS & 1x WD RED NAS ] EXT4 Raid5 & 2 x m.2 SATA Samsung 850 Evo raid1 +16gb ddr4 Crucial+ QWA-AC2600 wireless+QXP PCIE
[Backup] QNAP TS-653A w. 5x 2TB Samsung F3 (HD203WI) EXT4 Raid5
[Backup] QNAP TL-D400S 2x 4TB WD Red Nas (WD40EFRX) 2x 4TB Seagate Ironwolf, Raid5
[^] QNAP TS-659 Pro II
[^] QNAP TS-509 Pro w. 4x 1TB WD RE3 (WD1002FBYS) EXT4 Raid5
[^] QNAP TS-253D
[^] QNAP TS-228
[Mobile NAS] TBS-453DX w. 2x Crucial MX500 500gb EXT4 raid1

Network
Qotom Pfsense|100dl/50ul MBPS FTTH Internet | Win10, WC PC-Intel i7 920 Ivy bridge desktop (1x 512gb Samsung 850 Pro SSD + 1x 4tb HGST Ultrastar 7K4000)


Guides & articles
[Review] Moogle's QNAP experience
[Review] Moogle's TS-877 review
https://www.patreon.com/mooglestiltzkin

Mousetick
Been there, done that
Posts: 947
Joined: Thu Aug 24, 2017 10:28 pm

Re: Meet Thistle, the startup that wants to secure billions of IoT devices

Post by Mousetick » Fri Apr 23, 2021 5:35 pm

Moogle Stiltzkin wrote:
Fri Apr 23, 2021 4:55 pm
atm all i'm doing for iot is

- don't use alexa :'
- vlan iot for smart tv
- don't port forward
- update iots often

not sure what else i can do : :S
Sounds like you're on top of things, and you're not really part of the target demographics of people who would really benefit the most from enhanced IoT security. Although fewer compromised devices, fewer botnets, less data stolen/leaked and fewer ransoms being paid across the board would benefit everyone equally in the long term.

Most people have no idea what you're talking about with the items you listed above. To wit, reading the QLocker thread, you realize quite a few users were entirely unaware that UPnP was enabled on their routers and forwarding to their NAS, while some don't even know what UPnP is. We can't blame them for that.

The goal is to make these devices secure by default, without requiring a lot of effort from the users and without requiring a degree in computer engineering.

User avatar
Moogle Stiltzkin
Ask me anything
Posts: 9873
Joined: Thu Dec 04, 2008 12:21 am
Location: Around the world....
Contact:

Re: Meet Thistle, the startup that wants to secure billions of IoT devices

Post by Moogle Stiltzkin » Fri Apr 23, 2021 5:55 pm

if nothing else, i'm sure smart tv is one iot most people will have.

my samsung tv has a malware scanner and updates, but how effective is it, no idea :{ xd...
NAS
[Main Server] QNAP TS-877 w. 4tb [ 3x HGST Deskstar NAS & 1x WD RED NAS ] EXT4 Raid5 & 2 x m.2 SATA Samsung 850 Evo raid1 +16gb ddr4 Crucial+ QWA-AC2600 wireless+QXP PCIE
[Backup] QNAP TS-653A w. 5x 2TB Samsung F3 (HD203WI) EXT4 Raid5
[Backup] QNAP TL-D400S 2x 4TB WD Red Nas (WD40EFRX) 2x 4TB Seagate Ironwolf, Raid5
[^] QNAP TS-659 Pro II
[^] QNAP TS-509 Pro w. 4x 1TB WD RE3 (WD1002FBYS) EXT4 Raid5
[^] QNAP TS-253D
[^] QNAP TS-228
[Mobile NAS] TBS-453DX w. 2x Crucial MX500 500gb EXT4 raid1

Network
Qotom Pfsense|100dl/50ul MBPS FTTH Internet | Win10, WC PC-Intel i7 920 Ivy bridge desktop (1x 512gb Samsung 850 Pro SSD + 1x 4tb HGST Ultrastar 7K4000)


Guides & articles
[Review] Moogle's QNAP experience
[Review] Moogle's TS-877 review
https://www.patreon.com/mooglestiltzkin

User avatar
jaysona
Been there, done that
Posts: 662
Joined: Tue Dec 02, 2008 11:26 am
Location: Somewhere in the Great White North

Re: Meet Thistle, the startup that wants to secure billions of IoT devices

Post by jaysona » Fri Apr 23, 2021 9:35 pm

This is all nice and virtuous, but I do not see much traction unless there is a legislative requirement.

Company's exist to make money - as much money as possible. When there are two companies vying for market share for a new product, the first to get product market generally will obtain the greatest market share, the second to market will get the leftover table scraps, so being first out the door is the primary business objective, security patching is just an afterthought.

Security has never been a selling point, and I don't see it ever becoming one anytime soon, and I say this as someone that started my security profession back in 1992 - writing malicious PoC Novel NetWare NLMs and securing NetWare servers and IPX/SPX networks - and have since moved on to working as a contract-for-hire digital security mercenary.
Last edited by jaysona on Sat Apr 24, 2021 2:19 am, edited 1 time in total.
H/W: TS-219 Pro / TS-269 Pro / TS-253 Pro (8Gig) / TS-509 Pro x2 / TS-569 Pro
H/W: TS-670 Pro (i7-3770S 16Gig) x2 / TS-853 Pro (8Gig) / TVS-871 Pro (i7-4790S 16Gig)
O/S: Slackware 14.2 / MS Windows 7-64 (x5)
Router1: Asus RT-AC86U - Asuswrt-Merlin - 384.19
Router2: Asus RT-AC68U - DD-WRT v3.0-r39960M kongac
Router3: Linksys WRT1900AC - DD-WRT v3.0-r43028 std
Router4: Asus RT-AC66U - FreshTomato v2020.7
Misc: Popcorn Hour A-110/WN-100, Pinnacle Show Center 250HD, Roku SoundBridge Radio (all retired)

Mousetick
Been there, done that
Posts: 947
Joined: Thu Aug 24, 2017 10:28 pm

Re: Meet Thistle, the startup that wants to secure billions of IoT devices

Post by Mousetick » Fri Apr 23, 2021 11:16 pm

Moogle Stiltzkin wrote:
Fri Apr 23, 2021 5:55 pm
if nothing else, i'm sure smart tv is one iot most people will have.
Yes, you're right and I'm not disagreeing.
Moogle Stiltzkin wrote:
Fri Apr 23, 2021 4:55 pm
- vlan iot for smart tv
- don't port forward
What I meant was:
- most people who have a smart/connected TV have no idea what 'vlan' is or why they would need it for IoT
- most people who have an internet router and devices connected to it, have no idea what 'port forward' is or why it's dangerous

Sorry if I wasn't clear.

User avatar
Moogle Stiltzkin
Ask me anything
Posts: 9873
Joined: Thu Dec 04, 2008 12:21 am
Location: Around the world....
Contact:

Re: Meet Thistle, the startup that wants to secure billions of IoT devices

Post by Moogle Stiltzkin » Sat Apr 24, 2021 12:14 am

NAS
[Main Server] QNAP TS-877 w. 4tb [ 3x HGST Deskstar NAS & 1x WD RED NAS ] EXT4 Raid5 & 2 x m.2 SATA Samsung 850 Evo raid1 +16gb ddr4 Crucial+ QWA-AC2600 wireless+QXP PCIE
[Backup] QNAP TS-653A w. 5x 2TB Samsung F3 (HD203WI) EXT4 Raid5
[Backup] QNAP TL-D400S 2x 4TB WD Red Nas (WD40EFRX) 2x 4TB Seagate Ironwolf, Raid5
[^] QNAP TS-659 Pro II
[^] QNAP TS-509 Pro w. 4x 1TB WD RE3 (WD1002FBYS) EXT4 Raid5
[^] QNAP TS-253D
[^] QNAP TS-228
[Mobile NAS] TBS-453DX w. 2x Crucial MX500 500gb EXT4 raid1

Network
Qotom Pfsense|100dl/50ul MBPS FTTH Internet | Win10, WC PC-Intel i7 920 Ivy bridge desktop (1x 512gb Samsung 850 Pro SSD + 1x 4tb HGST Ultrastar 7K4000)


Guides & articles
[Review] Moogle's QNAP experience
[Review] Moogle's TS-877 review
https://www.patreon.com/mooglestiltzkin

Post Reply

Return to “Users' Corner”