back to article GSMA outlines thoroughly sensible IoT security rules

About time: the GSM Association has released a bunch of guidelines to try and address the chronic insecurity of the Internet of Things. The significance of the initiative is that it's been agreed to by a collective of major carriers – the organisation's announcement lists AT&T, China Telecom, Etisalat, KDDI, NTT DOCOMO, Orange …

  1. Anonymous Coward
    Anonymous Coward

    "[...] it reckons businesses running the services devices connect to need to include a sunsetting model."

    More built-in short-life obsolescence?

  2. Pascal Monett Silver badge
    Thumb Up

    "do it right, or we won't connect your stuff"

    Now THAT is the right kind of approach. No molly-cuddling, no pretty please, no endless collection of second chances.

    Where security is concerned, I totally subscribe to that. Enough with the kindergarden view of connecting things to the Internet.

    I hope the words will be followed by actions.

    1. VinceH

      Re: "do it right, or we won't connect your stuff"

      Only problem is, this is GSM. So a device with dodgy security won't be connected through any of the networks... but will still be able to connect to the average Joe Punter's Wi-Fi, because that's down to him to control, and he doesn't understand the security implications of connecting insecure tat to his network.

      1. DropBear

        Re: "do it right, or we won't connect your stuff"

        Exactly, and I expect that home-wifi-connected IoT stuff outnumbers GSM-connected things by multiple orders of magnitude - this might help with your electricity / gas meter, but hardly with anything you'd install yourself, inside your home...

  3. Dan 55 Silver badge
    Meh

    What about stuff that doesn't have a SIM and only works on WiFi?

    Which is most of the cheap tat or cheap tat sold as expensive tat.

    1. allthecoolshortnamesweretaken

      Re: What about stuff that doesn't have a SIM and only works on WiFi?

      What VinceH said, see above.

  4. Speltier
    Boffin

    Reference Design

    So when is someone going to produce a reference design complete with TPG accepted TPM that costs only pennies as a hard core?

    Having hundreds of startups all beating down the same security bush over and over again (ok, presuming they even care, as a startup they probably don't have time to care) is lunacy. If TSMC or SMIC popped out a bit of reasonably cheap silicon it may make penetration easier, or at least, one would have less of an excuse for failing security.

    The root of the problem is that security isn't value add-- any more than door locks on a house are. You need the security because of the environment, but the product being sold isn't security (usually) but something else. A startup focuses on what is needed for their target market... thus having a strap on security reference design avoids hemorrhaging labor into something that isn't specific to whatever the startup is trying to do.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2020