There has to be another option other than either having a hardcoded master password or being unable to help customers back in once they mess up. If you've messed up the device a physical hard reset button would do the trick. But it would be a pain for anyone who just forgot a password and doesn't want to lose settings. So how about a physical "reset my password" button? Press it and the next time you connect over the LAN it forces you to choose a new password, but doesn't erase your settings. Wouldn't that work and eliminate the need for a hardcoded master password? Disclaimer: I may fall into your "nerd" category. But I still like devices that just work without 8 hours of setup.
I've got a couple Netgear Nighthawks. One of them is running Advanced Tomato. If I want to get in to the Netgear firmware using an admin password, I have to hit a button. If I want to get into Advanced Tomato, I don't. I don't need to hit a button to install Advanced Tomato over the Netgear. And I'm not an expert. I'm a dude who can follow directions. I, too, like devices that just work without 8 hours of setup - but generally, those are the ones that IT guys slag on you for running.
This, by the way, is why IT professionals are hated by everyone else - someone who goes to Costco and buys a router or a doorbell or a lock or a webcam or a thermostat or a fucking Juicero is not "incompetent" because they don't immediately go "I wonder if the kernel of this device has telnet enabled. I better sandbox it and do a port scan just to be sure." IoT devices I have worked with in the past six months that require an active internet connection in order to configure even a tiny bit: - Nest (cameras, thermostats, smoke detectors) - Axis (top manufacturer of security cameras and camera gateways) - Synology (top manufacturer of network attached storage devices and security servers) - Qsee (garbage-on-a-plate DVRs and cameras) - T&D (logging thermometers) - Daikin (large manufacturer of commercial and industrial HVAC units) - Carrier (larger manufacturer of commercial and industrial HVAC units) And hey - you IT guys out there going "well you don't have to worry about the Synology" FUCK YOU TWICE. I'm at a level of competence where I got a guest network running on a TomatoUSB router in ten minutes and while I consider myself a semi-advanced user? I've got two professional IT guys who ask me for advice and if it requires this level of expertise to even understand the threats being talked about? The word "incompetence" is off the fucking table. Because you know what? Every single one of those devices can get through my firewall, which means it doesn't take rocket science, but whenever I try and get a fucking VPN working via Tunnelblick the Internet says "learn Linux." Go read the comments of this article. There isn't that much concentrated smugness at a Tesla convention. If you're curious as to why you're never invited to parties? It's because you think less of us as human beings for having a thermostat we bought at Home Depot.The problem (aside from this being illegal and destructive) is that the type of person that's likely to go out and purchase a poorly-secured "gee whiz" IOT device or router without considering security -- is the same type of person that's not going to understand why that device just stopped working for no coherent reason. As a result, they're likely to rush out and buy another, poorly-secured device, bringing the incompetence full circle with a zero net gain.
Yeah, I truly feel empathy for the users affected by poorly designed IoT devices. But those poor designs need to die. And the mfgs have consistently failed to design their products to actually work in the Internet's ecosystem. So now the mfgs are on notice that the moment their shitty device hits the internet, a bot is going to poke and prod at it, and make sure it is secure. And destroy it, if it isn't. With even the most meagre warranty being 30 days, that's a 100% return rate. And THAT will make these fuckers design better products so that you, the consumer, do not have to deal with bad guys hacking into your baby monitor and playing porn to your child in bed.
No. Not buyin' it. It's a ends-justify-means headfake that allows nerds to feel good about the schadenfreude they feel towards the people that pay their salaries for not wanting to know the intricacies of SSH or whatever and FUCK'EM. There's this vision of slovenly, lazy manufacturers attempting to make a quick buck off of the poor, benighted, uneducated consumer (do you see how even you are dripping with condescension on this one?) without any thought to principles, ethics or good design practices when what actually happens is: 1) Nerds come up with a software package that does all sorts of cool shit 2) Manufacturers integrate that software package 3) Other nerds poke giant fucking holes in that software package causing real economic harm 4) Nerds on both sides come together to blame the manufacturers for using their software and the consumers for not understanding the undeniable superiority of nerds. I've got 40-odd TB worth of Synology in the closet. It cost me multiple thousands of dollars and it does nothing sexy. It's a backup target for three different Time Machine instances, three Carbon Copy Cloner jobs and two instances of Macrium Reflect. It is literally a dumb linux RAID array, the second I've built, the first using Embedded bullshit and IDE back in 2000 when that shit was bleeding edge. I built that 40-odd TB using Synology because if you ask the nerds, the nerds will say "if you want to set it and forget it, run Synology." Great. the non-hobbyist route, the "I'm willing to pay to do it right" approach that won out over the "I've got a spare DL380 I can sell you" method, required me to configure an NTP server via SSH in order to get my backups to work. So when you deliberately say "I want to do this right, I want to dot all the I's and cross the T's, you're still writing fucking shell commands. And then Synolocker hits. And what's the advice of the nerds? "Unplug it." Yeah. Top professionals, competent everywhere, and whenever a threat comes out that they don't get to gloat about ahead of time, the response is hair-on-fire SHUT-IT-DOWN panic. Okay, so you bring it back after three days of zero functionality and how do we nail it down to protect it from a vulnerability that existed when the damn thing was sold to you but nobody knew about it because reasons? Well, first compile this GNU repository... And really, fuck 'em all. I can't think of a single client-side problem I have observed in the entire IT industry where the first instinct of everyone wasn't to slag on everybody who knew vaguely less than them. And you know what? Twice in my life I've had to load up a hard drive full of MP3s to replace the crashed music collections of friends who make their living supporting users but somehow don't have the common sense to back up terabytes of information. And you give them a stern look and they say "I know, I know, I should have backed up" but these are the same people that will berate someone for using one password across two websites. There's no "but." Nerds giveth, nerds taketh away, and nerds thrash on everyone else for giving them the means to do so and fuck 'em.
Ok. I see your point. Now we are 10 years down the road. 2027. None of these weak ass devices exist any more, because manufacturers have been forced to develop quality products that are secure and resilient. And that's just the way it is. As recently as 5 years ago, we had to regularly restart our smartphones because they would crash or just stop working. That was unacceptable, so manufacturers were forced to address the problem, and now I can't remember restarting my iPhone at all this year. I'm not saying you are wrong, but there is a hint of the guy busting down the highway with no hands on the wheel of his Tesla, and getting decapitated by a truck the cars' vision systems didn't see. The user bears some responsibility here, but so does the manufacturer. Maybe we need an "EnergyStar-compliant" rating system for "Internet Secure" standards? I know I look for EnergyStar-rated appliances, and won't consider other models. Maybe there is an opportunity for an IP Security standard...? (heck... that's how Elon made his first money.)
You're still proselytizing the Myth of the Black Hat, though. Greater good through mayhem. You're arguing that "inconvenience" is equivalent to "deliberate destruction of product" so long as things get better at some point but using that logic, I could make the argument that NSAIDs are safer now that Vioxx has killed somewhere this side of a half million people. Maybe we need this. Maybe we need that. Maybe we need to make it so that the people who buy and install app-controlled gewgaws don't need six months of Khan Academy before they can figure out if they're contributing to a botnet. But there's nothing moral or commendable or admirable about fucking with people's shit because maybe someday their shit will be harder to fuck with. You're basically arguing that hood ornaments are an attractive nuisance and if you don't want your hood ornament stolen, you shouldn't buy a Mercedes. And for fuck's sake, let's stop gloating over those poor benighted users with desktops full of icons as if it's their fault a coder three layers down left a backdoor in the build.
The real problem is that these devices aren't secure by default, so no, the user doesn't deserve the blame, but we still have a shambling hoard of zombie doorbells because people bought them at Home Depot and didn't know they needed to lock them down.
Lookit me. I just found an Internet doorbell. And, because I'm a smart and savvy and CLEARLY NOT INCOMPETENT consumer, I read Cnet. So how do I, CLEARLY NOT INCOMPETENT consumer, protect myself from hacks? Fucking firmware update. So for two years, my shambling zombie doorbell has been sitting there, completely hackable, until a professional pentest firm decided to make headlines. And now, in order to lock it down, I have to open it up to the Internet to download a firmware update. Of course, someone would have to physically go and touch the lock to do this but hey - apparently there's big gaping holes in ZWave too. And how do you fix that? Firmware update. The real problem is the IT community is perfectly happy to level the blame at users anyway. The difference between a Zwave vulnerability and a Heartbleed vulnerability is what, exactly? And what did TechCrunch have to say about Heartbleed? Oh my god the sky is fucking falling. So let's review - if it happens on a server IT is responsible for, it's a fucking calamity but if it happens on a device the user owns, it's their own fucking fault.The real problem is that these devices aren't secure by default, so no, the user doesn't deserve the blame,
Dang it. I came here to post this! The Internet is an ecosystem, and when something gets out of control, an organism will rise to eat it. Release shitty shit on the internet? Ok. The internet will kill your shitty devices. I love this so very, very much.
Those "shitty devices" include every router on this list. These? These you hack differently.