Meet Thistle, the startup that wants to secure billions of IoT devices

[Mousetick]

News article from Ars Technica:

Meet Thistle, the startup that wants to secure billions of IoT devices
Startup gets $2.5 million funding to jump-start security for connected devices.

https://arstechnica.com/information-tec ... t-devices/
--

Good idea! Sounds promising. We'll have to wait and see how this pans out of course. At least they acknowledge the issue and are trying to fix it, so that's a start.

Although their initial plan sounds a little bit underwhelming. Providing a firmware update framework is nice, but how about tackling the weak or non-existent security principles and mechanisms on which these devices are built?

[Moogle Stiltzkin]

i read that article but wasn't sure to share it. the idea is nice but there is nothing out and proven yet :{

atm all i'm doing for iot is

- don't use alexa
- vlan iot for smart tv
- don't port forward
- update iots often


not sure what else i can do :

[Mousetick]

atm all i'm doing for iot is

- don't use alexa
- vlan iot for smart tv
- don't port forward
- update iots often

not sure what else i can do :

Sounds like you're on top of things, and you're not really part of the target demographics of people who would really benefit the most from enhanced IoT security. Although fewer compromised devices, fewer botnets, less data stolen/leaked and fewer ransoms being paid across the board would benefit everyone equally in the long term.

Most people have no idea what you're talking about with the items you listed above. To wit, reading the QLocker thread, you realize quite a few users were entirely unaware that UPnP was enabled on their routers and forwarding to their NAS, while some don't even know what UPnP is. We can't blame them for that.

The goal is to make these devices secure by default, without requiring a lot of effort from the users and without requiring a degree in computer engineering.

[Moogle Stiltzkin]

if nothing else, i'm sure smart tv is one iot most people will have.

my samsung tv has a malware scanner and updates, but how effective is it, no idea :{ xd...

[jaysona]

This is all nice and virtuous, but I do not see much traction unless there is a legislative requirement.

Company's exist to make money - as much money as possible. When there are two companies vying for market share for a new product, the first to get product market generally will obtain the greatest market share, the second to market will get the leftover table scraps, so being first out the door is the primary business objective, security patching is just an afterthought.

Security has never been a selling point, and I don't see it ever becoming one anytime soon, and I say this as someone that started my security profession back in 1992 - writing malicious PoC Novel NetWare NLMs and securing NetWare servers and IPX/SPX networks - and have since moved on to working as a contract-for-hire digital security mercenary.

[Mousetick]

if nothing else, i'm sure smart tv is one iot most people will have.

Yes, you're right and I'm not disagreeing.

- vlan iot for smart tv
- don't port forward

What I meant was:
- most people who have a smart/connected TV have no idea what 'vlan' is or why they would need it for IoT
- most people who have an internet router and devices connected to it, have no idea what 'port forward' is or why it's dangerous

Sorry if I wasn't clear.

[Moogle Stiltzkin]

oic.

i guess you are right, otherwise stories like this would not happen
https://www.infosecurity-magazine.com/n ... etections/

https://cio.economictimes.indiatimes.co ... s/78440102

https://www.wired.com/story/namewreck-i ... s-devices/

https://www.shodan.io/search?query=qnap