
Bugs in Samsung IoT Hub Leave Smart Home Open to Attack - LinuxBender
https://threatpost.com/bugs-in-samsung-iot-hub-leave-smart-home-open-to-attack/134454/
======
vvanders
_If_ you're going to run IoT devices in your house I highly recommend
isolating them to their own VLAN+Wifi SSD to limit their exposure to the rest
of your network.

Personally I'm a fan of Ubiquiti's Unifi gear for this. Relatively cheap(~$250
depend on what you get), easy to setup and much better Wifi quality as a
bonus. Ars did a pretty good write-up a while back that I liked[1].

[1] [https://arstechnica.com/information-
technology/2018/07/enter...](https://arstechnica.com/information-
technology/2018/07/enterprise-wi-fi-at-home-part-two-reflecting-on-almost-
three-years-with-pro-gear/)

~~~
394549
> If you're going to run IoT devices in your house I highly recommend
> isolating them to their own VLAN+Wifi SSD to limit their exposure to the
> rest of your network.

This goes both ways, too. You don't want someone to pivot from an IOT device
to your PC, but you also don't want someone to pivot from your PC into an IOT
device like a security camera or door lock.

~~~
vvanders
Yup, it's pretty trivial to setup the VLAN on Unifi gear to completely isolate
the IoT VLAN/SSID to internet only and never see local traffic/devices and
vice versa.

------
vannevar
I'm sorry, but if you have IoT devices controlling your home and they are
connected to the Internet, your "smart home" is open to attack _by design_.
And since IoT devices are optimized for convenience and sales rather than
security, those attacks are likely to succeed and your devices co-opted for
other purposes.

~~~
CedarMadness
I'm not a big fan of the Smart Things architecture. It's designed to allow you
to create custom device types for devices they don't support, and custom
extensions for new behavior, which is great. The problem is, anything you add
outside of the stock code will only run on their cloud, and not on the device
itself, meaning my motion sensor has to go to the cloud and back before
turning on my basement lights. I'm currently looking into alternatives because
this is a terrible way of implementing a home hub.

~~~
noja
If you find a good alternative, could you post here? I know homeassistant.io
for control, but I am looking for cloudless LoT (LAN of Things) devices which
can (and do) have their firmware updated. Open source firmware if possible. I
can't find any.

~~~
w-ll
If your familiar with arduino the esp32 and esp8266 and ridiculously cheap and
easy to program, have onboard wifi/bluetooth modules, and can easily hook to a
relay to make your own smart lamps, switches, etc.

Also MQTT is pretty easy to work with, which many IOT devices use. You could
spoof the dns of the mqtt server/broker its trying to reach and run your own.

------
walterbell
Microsoft (of all people) has a good IoT story with Azure Sphere, where they
handle security for 10 years, and the device vendor handles the application.
Let's hope the first commercial devices are a good proof point for this
security model, so that others step up with open silicon to compete with
Microsoft Linux and Microsoft silicon root of trust.

