Hacker News new | past | comments | ask | show | jobs | submit login
NoT: Taking the ‘Internet’ Out of IoT (pentestpartners.com)
17 points by IntronExon on Jan 25, 2018 | hide | past | web | favorite | 13 comments

I think this is approaching the problem from the wrong direction.

My issue with IoT stuff isn't that it's on my WiFi network. That's great, that means I can interact with it easily.

My issue is that it's communicating with (and often, ultimately, controlled by) a mothership that is somewhere out there on the internet, that I'm not in control of and can't interact with easily.

Having the devices communicating with the mothership using mobile data just takes even more control away from the device owner, which is a step backwards IMO.

The way to make these things secure is to have them on the WiFi network but not speaking to the outside internet, except where explicitly enabled by the owner.

It also still increases the attack surface of the home by exposing your devices to a third party's network. You're now relying on the security of the network at the vendor to protect your device. What happens when they get hacked? The question doesn't really change just because there's an APN instead of being being a firewall on WiFi. What happens when there's a vulnerability in the network adapter? Ultimately Why do I, the device owner, want my TV on Samsung's network? Why do I, the device owner, want my microwave on GE's network?

And, no, "software updates" isn't going to sell anybody on anything because current appliances already work without getting software updates. The only new reason many of these devices would need updates is because they're insecure devices on an Internet-connected network that need to communicate with the Internet. So they're connected to the Internet only to get updates to fix bugs and vulnerabilities with their ability communicate on the Internet. Are they paying Joseph Heller's estate for this idea?

And what happens to bandwidth? Let's say it takes off and everybody has 20 to 50 NoT devices. So everybody within 30 miles of a cell tower has 20 to 50 devices that want to connect? Some those devices are almost certainly going to be excessively chatty or poorly implemented, given the quality of most software. What happens when Samsung and LG release the new firmware update for their newest line of microwaves, washing machines, and refrigerators? Suddenly 20% of all house holds are trying to download 2 GB of data over the air?

What do you think the answer is? Building truly serverless protocols that are content to just live on the WiFi network? That seems like it would require lots of broadcasts on the network which could get congested quickly.

Maybe some kind of standard local server you could run with an easy module API for adding new kinds of devices? Is that what things like Samsung's smart things hub already does?

Why would my phone sending commands directly to my lightbulb on the WLAN take up more bandwidth than sending a HTTP request up to the mothership and the lightbulb subscribing to a MQTT channel?

It's not too hard to build distributed server appliances these days. My household is an Apple house, and I have an AppleTV that is a hub for my homekit devices.

It's ridiculous that every webcam, doorbell, etc requires persistent internet connectivity and cloud hosting of whatever. It's a legal risk (I don't want persistent surveillance of my door in the custody of a third party), financial risk (Eero just laid off 40 people, will my wifi work next year?), and general lousy idea imo.

I imagine a device, it could likely run android let's say. That runs "apps" which are really servers - such as philips hues. You interface via your phone/pc?

Consumes would be presented with a QR code on the packaging, and it would take them to the "appstore" for the device

Serverless protocols are ideal, but short of that, just running a local server inside the network is fine.

In principle things like Amazon Alexa or Google Home could serve as that kind of local server, and already have fairly good deployment. But I'd guess their manufacturers aren't likely to be very interested in supporting a non-cloud, local-operation approach.

The title is horribly wrong; this is not "Taking the Internet out", it's further entrenching it in the devices.

Like the other posters here, I'd like to see local-only devices that _don't_ connect to the Internet.

It's pretty hard to do this securely and easily, though: - We can't reliably get proper HTTPS certs for local devices (think e.g. a router admin page) - We can't reliably discover local services (I know about bonjour / mDNS, but it's flaky at best)

I think we as a community need to step up and provide a compelling open-source solution; the industry will follow. Look at what happened with 3D printers: Open-source moved first and established interoperable, open standards (g-code, STL files, filaments) and the industry had no choice but to follow, otherwise they'd be considered inferior. We need to do something similar with IoT.

I like the concept and it would solve the stated problems, however it’s not those problems that are holding me back from IoT. I do not want any IoT/home control device in my house communicating with anything in the cloud, period. Device makers have proven over and over again they cannot make secure devices, and I don’t want anyone collecting data on my usage. What is needed is something that can talk to a local server and doesn’t need the Internet.

Disclaimer: I work for an IoT company and our big solution to this and many others is LoRaWAN. Essentially super cheap low power data transmission network that is in the process of being rolled out as an infrastructure component. Companies like Comcast have made large pledges to provide huge, cheap nationwide coverage in the coming years. The cost of doing that is the LoRaWAN protocol is very low bandwidth but thats pretty good for IoT when most of the time you just need to transfer state.

Also I think LoRaWan networks wouldn't have to necessarily rely on the internet which is the original intent of the article. I think it could be possible to be much more localized like in your house, but right now its early stages and all of the tech i've seen is meant to provide much larger networks.


Good idea, but it'd need way lower prices for mobile data to be economically viable.

Tesla & smart energy meters. Don't they both do this?

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact