nav search
Data Center Software Security Transformation DevOps Business Personal Tech Science Emergent Tech Bootnotes BOFH

back to article
Insteon and Wink home hubs appear to have a problem with encryption

Silver badge

What do we care ?

Putting in proper security will just cost us to no benefit - ie we will not make more money.

It will cost us developer time & make our products more complicated so that we will have to deal with extra support calls from the Muppets who buy our stuff - someone has to pay for those support calls y'know!

If some of these do get cracked, they probably won't blame us, if they do we will just send out our press release blaming ''the bad guys'' - we have is already written, it just needs the date putting on it. After a fortnight the broohaha will have died down and our sales will just continue.

If the law were change to make us liable for customer losses we might take notice, we have our lobbyists ready just in case legislators think about this.

Love & kisses: Insteon PR department.

13
0
Silver badge

Re: What do we care ?

> If some of these do get cracked, they probably won't blame us, if they do we will just send out our press release blaming ''the bad guys''

Remember to include the phrase "we take security very seriously."

15
0
Silver badge

Re: What do we care ?

Remember to include the phrase "we take security very seriously."

Wot about "learning lessons?"

3
0

First don't connect anything to the net unless there is a real benefit. That goes double for IOT devices. But seriously if you do spoof my Insteon system, all you can do if flick my lights on and off. Annoying but hardly the stuff of nightmares. If you are close enough for radio spoofing just try a jammer instead, no encryption decryption required.

0
3
Silver badge

"But seriously if you do spoof my Insteon system, all you can do if flick my lights on and off"

And possibly run a botnet, pissing off millions of people.

7
0
Silver badge

flicking

Flicking lights on and off can reduce their lifespan quite a lot (susceptibility varies depending on "bulb" type) so an extra potential cost / irritation.

Plus lights on when not wanted on = extra cost of electricity.

I like my "dumb" lights & switches

0
0
Silver badge

No excuses either...

If you're running an IoT device with a PIC16 or something then yes, implementing TLS etc. may not be feasible. You just don't have the MIPS or the RAM for that.

The Wink hub on the other hand has an i.MX28! That's an ARM9 CPU capable of running Linux (albeit 7 years old). However a closer look at the HW is in order: the Wink supports multiple RF protocols and therefore (!) has a bunch of additional microcontrollers including an STM32, a PIC16F and some other Cortex M3 chippery. What was the designer thinking of? There is no valid reason to create such Frankenstein circuitry which must involve at least three different programming languages and at least five different toolchains. It smells very much like someone grabbing reference designs from chip vendor web sites and lashing them together with glorified veroboard. On that basis I classify the device as "works as expected".

13
0

This post has been deleted by its author

Silver badge
Trollface

"One hopes that Wink and Insteon will now carry out a thorough code review to see what else might be hiding in there."

Hahahahahahahaha... Man that guy should go into Comedy. Wait... What? You mean he was serious.... *blink* Hahahahaahahahahaha

6
0
Silver badge

Bah!

What????

An Internet of Tat device is configured for the convenience of pwners out-of-the-box?

I'm shocked I tell you, shocked.

4
0
Silver badge

WinkHub

Sounds like the kind of website that I have to remove from my history after use.

0
0

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

The Register - Independent news and views for the tech community. Part of Situation Publishing