
Rash of in-the-wild attacks permanently destroys poorly secured IoT devices - wincy
https://arstechnica.com/security/2017/04/rash-of-in-the-wild-attacks-permanently-destroys-poorly-secured-iot-devices/
======
wincy
I wonder, does doing something like this for the greater good make it the
right choice in the long term? Creating a bot that enforces good security by
bricking your devices would be a really bad experience for the users affected
now, but if it finally gets these IoT companies to be serious about security
it might be the right move in the long term.

That said, I'd imagine this is still very much illegal, and am not saying I'd
advocate anyone writing bots like this.

~~~
dandandan
In the short-term it might even drive sales of devices to replace previously-
bricked ones.

~~~
wincy
I'm not sure that's true. Class action lawsuits will probably crop up pretty
quickly, with people making warranty demands. I think it'll be a net negative
for anyone who is liable for these devices and their security.

------
Neliquat
I would rather this happen now, peicemeal, so vendors can respond, than 5
years later as part of a coordinated attack. State sponsored actors are on the
rise, and industrial IoT has always been a juicy unsecured target.

------
jlgaddis
This might not be a popular opinion -- or the "right" one -- but, personally,
I'm glad to see this happening (and I hope it happens more) if it has the
effect of getting folks to pay attention and address the underlying problem.

~~~
mcphage
Turns out, that _is_ the popular opinion 'round these parts.

------
breakingcups
I'm surprisingly okay with this. We all know the IoT hype has given rise to
many, many incredibly insecure, often non-GPL compliant slapped together Linux
SoC's hooked up to whatever IO a regular appliance could have. The
manufacturers and developers have not given any consideration for real
security because they haven't had a reason to yet. Sure, every other week a
security researcher pwns another device and leaves a random manufacturer I've
never heard of with egg on its face but unfortunately that doesn't seem to
stop the global trend. This might.

I wonder if anything similar has happened before.

------
raintrees
I agree with the Radware researcher. This seemed to be a preventative measure
against devices that would not get fixed, as Schneier's articles have been
suggesting.

And in my head I see the equivalent of XKCD's Devotion to Duty comic:
[https://xkcd.com/705/](https://xkcd.com/705/) \- Maybe someone is taking it
upon themselves to solve the perceived problem, for better or for worse
(potentially far worse).

------
xxdesmus
oh no. stop. ...said no one.

