The "solution" for that will be embedded 5G connections.

I put all my gym equipment in a faraday cage

The remedy for that will be wrapping the internal antenna in foil or cell tower emulation.

The remedy to that is that the thing will stop working after a while - like how Intel x86 CPUs turn off after 30 mins without their precious spy co-processor[0], or how Diablo 2 Resurrected discontinues working after 30 days of being offline[1]. Of course another remedy is that you're free to buy a similar thing from another manufacturer, that's not completely dropped the ball on the issue. That is, until all of the manufacturers drop the ball, like how the situation is with x86 CPUs and Intel ME / AMD ST. The true remedy would be well thought out, well enforced legislation. But yeah, I'm not holding my breath either.

[0] https://en.wikipedia.org/wiki/Intel_Management_Engine#Undocu...

[1] https://news.ycombinator.com/item?id=29977673

I don't know what scares me more, the fact that all manufacturers might go down this path, or that our society might reward them for doing so.

If we organize as a society, which in part means educating along with fixing the voting systems in most places to be fair and balanced (like by drowning out industrial complex lobby money by giving every eligible voter a $100/year voucher to contribute to the politician of their choice they feel best matches their interests), then we make laws to prevent such abusive-exploitive behaviour by companies.

The remedy for that will be requiring a network handshake to occur on boot.

The remedy for that is to emulate the server

The remedy for that is to encrypt the communication

The remedy for that is to MITM the server connection

The remedy for that is HSTS...

It's a cat a mouse game, the better solution for society (imo) is to have specific rights enshrined by law to allow for a qualified 3rd parties to access a system's internals.

The one advantage of playing the cat-and-mouse game is that the longer it goes on, the more complexity ends up being in the firmware (TLS, HPKP, etc as you already listed), which increases the likelihood of a bug that can be exploited to take over it.

In that vein, it might be worth noting that this thing is just a treadmill. There's this whole fancy computer attached probably via just a handful of very simple wires to the actual treadmill part that anyone cares about. If they get too obnoxious about the computer, you can just open the treadmill, yank the computer out, and replace it with something from China that costs $20

Of course, that'll then get attacked via the legal system for violating DRM.. ugh

And when wintertime rolls around, the gorillas simply freeze to death.

The remedy for that is a crack

At which point, you tell them you have no coverage and get a refund.

At that point it should be easy to return, at least.

Amazon sidewalk, actually. Should prove cheaper and work near any sense housing.

That would work equally well with LTE. It's not happening because it would increase cost.

Oh no, in fact, it’s just around the corner.

https://aws.amazon.com/fr/private5g/

Private 5G is like an alternative to wifi for a large industrial complex or something. No one is going to cover your house in it. You should be more worried about Sidewalk. https://www.amazon.com/Amazon-Sidewalk/b?ie=UTF8&node=213281...

Can you explain further?

"Luckily" in the US, the carrier oligopoly here won't sell you a cheap IoT plan for cell connectivity, and the "lifetime" plans sold to manufacturers are probably at least $50-100 in volume.

Maybe not on optional treadmills, but that's already here for CPAP machines that insurance pays for - they log data to an SD card in case you don't have reception, but it also has an LTE modem to upload it so the insurance company can check up on you and make sure you're using that machine, or else charge you more money for it.

The "solution" is to allow the device use only "official" resolver servers, accessed via encrypted channel, secured by a PKI with a private root.

First covid then gym equipment, 5G is the worst