* Posts by SwitchedOnScotland

2 posts • joined 7 Oct 2016

Source code unleashed for junk-blasting Internet of Things botnet


IoT getting bad press due to ignorant people.

Routers, IP cameras, digital video recorders is not IoT.

This is your normal IP systems in use today that use TCP/UDP over IP.

IoT are small things that are not considered as normal devices.

They are mostly headless and very small and mostly not seen by humans at all.

Most talk to hubs that then talk to the world via IP.

This is poor host security here, they left the hardware in default mode with default passwords, fools they be.

Please stop selling IoT security fears.

We in IoT have solved the security requirement by using hardware public key cryptography..

Thats what i am using in IoT & LoRaWAN,

Please wake up people stop pointing fingers in the wrong direction.

Does now one know how to do research!

Devs! Here's how to secure your IoT network, in, uh, 75 easy pages


Our IoT uses hardware AES for LoRaWAN

We use cheap Atmel 508a for cryptography in IoT projects here in Forres, SCOTLAND.

It includes the AES engine in hardware. So replacing the AES in software with hardware we remove cloning of nodes & servers in LoRaWAN systems.

Security is cheap, politics stops it from propagating society. Simple. Then they purchased Atmel, go figure oh 508a, hide the tech! Sell it preconfigured with backdoor root access. LOL Who for?

The 508a can also do full public key cryptography, this then removes the need to store AES keys in LoRaWAN specification. which is very poor regarding security. It uses static session keys with AES ECB keys. Very poor standard security if using software security.

With correct setup LoRaWAN can now be used for secure side channels. Even if ECB. Legacy in security arena. Another ball dropped by LoRaWAN specification, .

Even Semtech say end node providers of tech would be wise to use hardware cryptography units for public projects.

They built the LoRa modems they did not build the LoRaWAN security, i think they are the same company that purchased Atmel. Might be wrong.

This is a very important point how you implement security.

You don't do it with KEYS people can get to.

You don't ignore PUBLIC KEY CRYPTOGRAPHY in hardware.




Biting the hand that feeds IT © 1998–2020