Hacker News new | past | comments | ask | show | jobs | submit
This underscores the principle that IoT devices should not be allowed to communicate over the public Internet. Pretty much all cheap, Chinese-made hardware of this kind has intentional or unintentional security holes waiting to be exploited.
Better to buy devices that can work without internet and just blacklist them at the router level. Price or origin is not a good metric to ensure no leaks.
> Pretty much all cheap, Chinese-made hardware of this kind has intentional or unintentional security holes waiting to be exploited.

Why single out bad Chinese coding? Bad US IoT coding has a longer history.

loading story #48954894
loading story #48954711
Which is very hard, because most of these devices don't work locally. They communicate via the cloud to your app.

In most cases companies don't want to give you Matter or HomeKit, because it means they cannot sell you more through their app.

Wyze has ads everytime you open it. So does Honeywell. Hell, even the internet-loved Ecobee has a banner that shifts everything down most of the time that you open the app. And for that last one, you _have_ to use their app to control the fan, as they don't expose separate fan controls over HomeKit...

loading story #48960431
loading story #48962675
> Chinese-made hardware

Honestly, I'd rather it leak my GPS to the Chinese government than the US government. They don't have jurisdiction over me anyway.

> should not be allowed to communicate over the public Internet

It would be a no-go for non-techies. One of the biggest draws to IoT devices for "average Joes" is being able to view and control them from remotely, and they aren't going to have the skills or know-how to set up a VPN correctly with dynamic DNS so that their phone can VPN into their home and then sideload/jailbreak their phone to load a custom app to control it. "It just works from anywhere" is a big sell for them.

loading story #48955106
loading story #48956823
loading story #48962736
Consumers just don't care about security. It is what it is.
loading story #48956308
> This underscores the principle that IoT devices should not be allowed to communicate over the public Internet.

TP-Link is a prominent maker of network hardware, including home and mesh routers.

loading story #48957773
loading story #48956968
loading story #48956951
routers could solve this for consumers with a checkbox for "intranet only"

99% of consumers won't know how to setup a firewall but could handle a checkbox

only problem I have is I can't seem to punch a hole for time sync and it won't use my local intranet time server

Time server can be specified with DHCP, if you want. Options 4 [deprecated, but that doesn't matter] and 42.

No idea if that helps with your particular devices; they are, of course, free to ignore those fields.