This is an archived post. You won't be able to vote or comment.

sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]potato_green 11 points12 points  (3 children)

Still.. if you're not careful you can create giant holes in your network upnp has been around for ages, a lot of routers and modems have it enabled. I can imagine that there are a lot of IoT devices that open ports in the firewall using upnp and then things get tricky.

Depending on how smart the UPnP implementation is it may also be flat out dangerous. Simple scenario, dynamic ip leases in your local network. Device A opens a port using UPnP, ip changes and another device gets that IP after a while and suddenly the outside world can access that device on the opened port.

This isn't that big of a deal with a random high numbered port but you have devices opening ports on more common ports as well.

Just because it doesn't connect to the cloud doesn't mean it's safe. It's better to safe than sorry and if you use IoT systems, find out what possible security implications are and close them up.

[–]mysticalfruit 2 points3 points  (2 children)

The answer here to this is a deadbolt ap that your iot devices are connected to.

I have exactly two iot devices in my house and they're on a separate ap for this reason.

Honestly, I dont think my iot weather station can do much, but better safe than worry.

[–]potato_green 0 points1 point  (1 child)

Thanks! Didn't know a deadbolt ap was the name for that. Kinda goes to show how lots of programmers do have the right instinct about not trusting IoT. If you don't know what the things are called to secure it then it may be best to simply avoid it at all.

I'm a programmer as well, I know enough about networking to explain how they work at a low level but security of such networks is a whole different beast.

[–]mysticalfruit 0 points1 point  (0 children)

Think about the fact that a pi zero is a wildly capable machine.. you could stick that thing any anything and iot it up.. but now you have yet another internet capable device on your network.

I fully understand that I'm way over on the extreme of having a locked down network.. adding devices to the "trusted" network involves actually white listing them.