On 24/06/2019 17.12, jdd@dodin.org wrote:
Le 24/06/2019 à 16:09, Dave Howorth a écrit :
On Mon, 24 Jun 2019 11:17:59 +0200 "jdd@dodin.org" <jdd@dodin.org> wrote:
>>>> storage, neither of which I need or want. Indeed stopping IoT >>>> devices from phoning home
what I understand in the sentence is preventing IOT phoning *to* home, not *from* home.
the expression is an English idiom, well-described in https://en.wikipedia.org/wiki/Phoning_home and illustrated more simply at https://en.wiktionary.org/wiki/phone_home
what is the real question?
exactly. I get the impression that the discussion speaks the contrary
No, these things always phone out, phone home, because normally all firewalls permit going out to Internet. For example, assume a power strip, that can power up or down appliances at home, using an Android phone/tabled (for example). Steps: 1) Register the device on a web page. 2) Install application on phone, with that registration. 1&2 could be the same steop. 3) The application searches and finds the device on the local network, and writes the registration data on the power strip. Possibly locks it down with a password from now on. The result now is that the phone can control the power strip, not only at home, but anywhere. It does this by contacting a server on internet with the registered login/password, and telling it the actions to do. The power strip also initiates a connection to internet to this same server. Say it keeps a web page open there, under the registration login/pass. When the application sends an action to do, the power strip (the IoT thing) sees the change and act. There is no direct communication from the smartphone to the gadget. This trick works with default configuration of the firewall, because all participants call out. In this scenario there is no evil. But of course, there can be: the gadget action can be logged. This of itself is not evil, it can be a feature so that the user knows the action done. But some other person could access that log for whatever. Then the gadget can be evil because it contains, say, a microphone, and periodically sends what it hears. Notice that such a gadget can log and send data from day one even without being registered, but the bad guys do not know exactly where it is installed, who it belongs to. -- Cheers / Saludos, Carlos E. R. (from 15.0 x86_64 at Telcontar)