IoT devices should not be connected directly to the Internet. I don't want my "smart" lightbulbs to be turned on or off through the Internet. I also don't want them to become yet another way for the NSA to spy on us.
All things that are connected to the Internet can be hacked, let alone things that come with poor security and from manufacturers that never intend to update them either. In fact, the plaftform makers for IoT (or governments if you will) should require manufacturers to update the security vulnerabilities for 80 percent of users until the end of life. For example, if 80 percent of customers keep the smart lightbulb for 5 years, then that's how long they should be updated.
So far Google and ARM's Thread protocol for mesh networking between IoT devices looks interesting and seems focused on security. The devices connect only through a "gateway" through the Internet (which can be your smartphone). That feels like the right approach to me.
"IoT devices should not be connected directly to the Internet. I don't want my "smart" lightbulbs to be turned on or off through the Internet. I also don't want them to become yet another way for the NSA to spy on us."
Seriously?
By the same argument, phones should "not" be connected. It will just make it easier for the NSA to hack your phone through your data/internet connection, read all your call logs and maybe even take over your phone and start making random calls on your behalf.
Phones should just be phones. Why in the world would we want to make phones "smart"? Phones should not be connected to the Internet. What a dumb idea it is to make a phone that's connected to the Internet--that is going to be a HUGE security disaster. The world is going to explode because everyone's phones will be hacked
Even if something is not directly connected to, or reachable from, the net they can still be a issue.
Consider something like a network printer.
Convenient as heck, but if your PC gets compromised only for a shot while the attacker may have left a little surprise in the printer firmware. End result is that even after you fully scrubbed the PC the attacker returns because the printer is acting as a proxy.
More and more it feels like a no win situation, unless you physically unplug the router between each time you need to do something online.
It feels like this because most people are just not willing enough to spend the time, effort and money to be secure. The only thing you (as an average consumer) can't be secure against even if you tried really really hard (why bother) is a well funded government organization (from any country). Security threats for everywhere else are more or less manageable if you really want.
One problem with a mesh, is it might be hard to avoid or shutdown.
I will never, ever, connect a TV to the internet. At least at current very low quality levels. There's no reason an Apple iTV would have to suck as much as present smart-ish TVs.
I'd be pretty angry if a junky TV got owned and started spamming all viewers because it connected to the internet by talking to my kids video game console which is connected, or my roku or even worse my cabletv settop box.
All things that are connected to the Internet can be hacked, let alone things that come with poor security and from manufacturers that never intend to update them either. In fact, the plaftform makers for IoT (or governments if you will) should require manufacturers to update the security vulnerabilities for 80 percent of users until the end of life. For example, if 80 percent of customers keep the smart lightbulb for 5 years, then that's how long they should be updated.
So far Google and ARM's Thread protocol for mesh networking between IoT devices looks interesting and seems focused on security. The devices connect only through a "gateway" through the Internet (which can be your smartphone). That feels like the right approach to me.
http://threadgroup.org/Technology.aspx