I've done threat modeling for a good number of IoT systems and I must admit I've never considered an abusive spouse as a possible threat actor. 1/N
-
-
The closest I had taken into consideration are previous owners. For this I've suggested prompting a password change if the original owner is not in proximity range for a period of time. That could help against an abusive ex who has moved out. 2/N
1 reply 0 retweets 3 likes -
I wouldn't consider an abusive spouse who still lives in the house as an external threat actor. Instead I would put this under product abuse by the product owner - like someone who uses a telescope to snoop. I don't consider this in my scope as a security architect. 3/3
3 replies 0 retweets 0 likes -
Not only are they a relevant threat actor; they're the #1 most common threat, and if you're making IoT junk they're a huge part of your target market. Failure to design to mitigate that is ACTIVELY SUPPORTING AND ENABLING THEM.
1 reply 0 retweets 1 like -
Replying to @RichFelker @dwfogel and
This isn't like making knives. It's more like making AR-15's.
1 reply 0 retweets 0 likes -
Replying to @Lucama221 @dwfogel and
I disagree and made the gun analogy on purpose. Most IoT is not a tool satisfying an actual need. It's there to stroke power fantasies.
1 reply 0 retweets 1 like
Some of the things IoT offers certainly could be beneficial, but most of it is overblown power for its own sake, and these benefits could be achieved with no internet connectivity much less cloud services.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.