
NoT: Taking the ‘Internet’ Out of IoT - IntronExon
https://www.pentestpartners.com/security-blog/not-taking-the-internet-out-of-iot/
======
jstanley
I think this is approaching the problem from the wrong direction.

My issue with IoT stuff isn't that it's on my WiFi network. That's great, that
means I can interact with it easily.

My issue is that it's communicating with (and often, ultimately, controlled
by) a mothership that is somewhere out there on the internet, that I'm not in
control of and can't interact with easily.

Having the devices communicating with the mothership using mobile data just
takes even more control away from the device owner, which is a step backwards
IMO.

The way to make these things secure is to have them on the WiFi network but
_not_ speaking to the outside internet, except where explicitly enabled by the
owner.

~~~
pythonaut_16
What do you think the answer is? Building truly serverless protocols that are
content to just live on the WiFi network? That seems like it would require
lots of broadcasts on the network which could get congested quickly.

Maybe some kind of standard local server you could run with an easy module API
for adding new kinds of devices? Is that what things like Samsung's smart
things hub already does?

~~~
fenwick67
Why would my phone sending commands directly to my lightbulb on the WLAN take
up more bandwidth than sending a HTTP request up to the mothership and the
lightbulb subscribing to a MQTT channel?

------
emilecantin
The title is horribly wrong; this is not "Taking the Internet out", it's
further entrenching it in the devices.

Like the other posters here, I'd like to see local-only devices that _don't_
connect to the Internet.

It's pretty hard to do this securely and easily, though: \- We can't reliably
get proper HTTPS certs for local devices (think e.g. a router admin page) \-
We can't reliably discover local services (I know about bonjour / mDNS, but
it's flaky at best)

I think we as a community need to step up and provide a compelling open-source
solution; the industry will follow. Look at what happened with 3D printers:
Open-source moved first and established interoperable, open standards (g-code,
STL files, filaments) and the industry had no choice but to follow, otherwise
they'd be considered inferior. We need to do something similar with IoT.

------
orev
I like the concept and it would solve the stated problems, however it’s not
those problems that are holding me back from IoT. I do not want any IoT/home
control device in my house communicating with anything in the cloud, period.
Device makers have proven over and over again they cannot make secure devices,
and I don’t want anyone collecting data on my usage. What is needed is
something that can talk to a local server and doesn’t need the Internet.

------
ashtonian
Disclaimer: I work for an IoT company and our big solution to this and many
others is LoRaWAN. Essentially super cheap low power data transmission network
that is in the process of being rolled out as an infrastructure component.
Companies like Comcast have made large pledges to provide huge, cheap
nationwide coverage in the coming years. The cost of doing that is the LoRaWAN
protocol is very low bandwidth but thats pretty good for IoT when most of the
time you just need to transfer state.

Also I think LoRaWan networks wouldn't have to necessarily rely on the
internet which is the original intent of the article. I think it could be
possible to be much more localized like in your house, but right now its early
stages and all of the tech i've seen is meant to provide much larger networks.

[https://www.thethingsnetwork.org/wiki/LoRaWAN/Home](https://www.thethingsnetwork.org/wiki/LoRaWAN/Home)

------
bflesch
Good idea, but it'd need way lower prices for mobile data to be economically
viable.

------
rbirkby
Tesla & smart energy meters. Don't they both do this?

