back to article Mobile app security standard for IoT, VPNs proposed by group backed by Big Tech

On Thursday the ioXt Alliance, an Internet of Things (IoT) security trade group backed by some of the biggest names in the business, introduced a set of baseline standards for mobile apps, in the hope that IoT security may someday be a bit less of a dumpster fire. The announcement of the new Mobile Application Profile [PDF], a …

  1. Anonymous Coward
    Anonymous Coward

    Guess all these approved apps must come with backdoors then

    Glad to see my preferred option is not on the list.

    You use a VPN precisely because you want to avoid Big Tech snoopers!

    1. Anonymous Coward
      Anonymous Coward

      Re: Guess all these approved apps must come with backdoors then

      I don't trust any VPN which is not my own. Otherwise the VPN provider just becomes your ISP. And if you not pay it enough to cover the VPN costs and its profits, you're still the product.

      1. Anonymous Coward
        Anonymous Coward

        Re: Guess all these approved apps must come with backdoors then

        I cringe every time I see a VPN advert which claims to protect data, making "impossible for crooks" to get hold of it etc.

        Some of the claims are outlandish and clearly misleading.

  2. JassMan

    Can't help but think they have missed the point

    The biggest risk with IoT, is not whether someone steals your addressbook though a security hole in an app but that the IoT devices themselves have massive secirity holes which allow your entire private network to be exposed. Most devices really shouldn't even be visible on the other side of your router but beause the OEM wants to know everything about you, the device won't even operate unless it can see the OEM's server.

    1. Anonymous Coward
      Anonymous Coward

      Re: Can't help but think they have missed the point

      Exactly they created the problem they're trying to solve in the first place. There's really no need IoT devices need to call a remote "cloud" service to get commands from an app that needs to connect to the same service.

      If I need to connect to my own network to administer it I can setup my own VPN with my own router and from there access and monitor any internal device.

  3. Kevin McMurtrie Silver badge
    Holmes

    "transparency and visibility"

    I thought that's the problem with IoT data.

  4. Doctor Syntax Silver badge

    I don't suppose there's any requirement that the mobile app be allowed to control the IoT device without the vendor's server mediating it.

    1. Anonymous Coward
      Anonymous Coward

      Language problem....but not for the marketing folk!!!!

      @Doctor_Syntax

      *

      The marketing people would just use the word "serverless".........over and over and over!!!!

      *

      Technology and lying all in one word!!!!!

  5. TimMaher Silver badge
    Thumb Down

    Think of the children.

    What was the name of that bunch of tossers that the Reg reported on a few weeks back?

    They had kiddie winkie cameras in play schools and such like that any perv could look at.

    Didn’t they also do some crap front door cameras?

    Anyway, what’s the betting that they’ll sign up?

  6. Anonymous Coward
    Anonymous Coward

    Missing the point (2)

    The real point of smartphone apps linked to IoT devices is this:

    - Help Large Corporations to get more revenue than the (one time) sale of of a device provides.

    - By providing a (continuing) stream of valuable marketing information till the device goes t*ts up

    Why would any of these Large Corporations have the slightest interest in privacy or security?

    It's a marketing (that word again) smoke screen!!!!

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like